[ntp:questions] Three NTP servers, one strange IP-address in 'refid'

Sander Smeenk ssmeenk at freshdot.net
Wed Apr 2 07:48:26 UTC 2014


Quoting E-Mail Sent to this address will be added to the BlackLists (Null at BlackList.Anitech-Systems.invalid):

> > if i check 'ntpq -c lpeers' on one of the three stratum-2 servers i
> > see an IP-address listed as 'refid' for the 'peer'-entries in my
> No, its in ntp{1,2,3}.bit.nl's .conf, or via DHCP
>  or ntp{1,2,3}.bit.nl ntp servers got it via a pool command.
>  Why are you using ntp{1,2,3}.bit.nl / dns{1,2,3}.dns.dmz.bit.nl servers?
>  Why do you care what ntp{1,2,3}.bit.nl / dns{1,2,3}.dns.dmz.bit.nl
>   respond with for their refclock?

I am root at ntp{1,2,3}. I am the sysadmin of ntp{1,2,3} and tt52.ripe.net.
I have 15 years of experience with Linux, networks, routing, the works.
I care what these servers report as refid because i administer them and
my users notified me about this weird IP-address.


> > no traffic is flowing to- or from that IP either.
> You won't see packets between ntp{1,2,3}.bit.nl and it's upstream server(s).
> Unless you can monitor the switch mirror port inside bit.nl,
> or packet cap on the ntp{1,2,3}.bit.nl machine,

Again, and i thought i made this clear in my earlier posts too, i have
root on all these servers and i have enable on all routers in the BIT
network.


> e.g. you are a bit.nl NOC SysAdmin?  If you were, I suspect you would
> already know why their ntp server report 172.2.53.81 as their
> reference.

I am a BIT NOC SysAdmin, and i don't know why my NTP-servers report
172.2.53.81 as refid for the *PEER* entries in my ntp.conf.
Please read the entire thread of mails before making these assertions.


> "NTP servers: ntp1.bit.nl and ntp2.bit.nl This stratum 2 servers are
> synchronized with our stratum-1 server receives the right time via
> GPS."
> 
> I guess it could also be a IPv6 ref mangling issue?

That could well be. We use IPv6 where we can.
But that would constitute this refid issue a bug.
One that is rather confusing and time-consuming.


> > Also, as stated, the IP resolves to some DSL connection in
> > the US and doesn't appear to provide any NTP services.
> Maybe not for you?
> 172.2.53.81 -> adsl-172-2-53-81.dsl.aus2tx.sbcglobal.net > 172.2.53.81
> Maybe a router recently port 123 blocked by the ISP
> due to NTP DDOSability at the time?

What does this prove? That you can resolve IPs and hostnames?
The IP does *not* reply NTP to me. Since i have enable on all my
routers, i am fairly certain i am not blocking NTP anywhere.


> > Since dns1/ntp1 lpeers output shows its sys.peer(*) is tt52.ripe.net
> > (ntp4.bit.nl, as configured) that would be the suspect for reporting
> > the 172.2.53.81 IP.
> tt52.ripe.net is your machines sys peer,
>  not ntp{1,2,3}.bit.nl sys peer.

Please re-read the entire thread to get a firmer grasp of my situation.
Thanks for your time.


With regards,
-Sndr.
-- 
| Women like silent men, they think they're listening.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2


More information about the questions mailing list