0

Does anybody know if Ubuntu's NTP servers are redundant? If I dig them, I get:

;; ANSWER SECTION:
ntp.ubuntu.com.     280 IN  A   91.189.94.4

vs. when I dig pool.ntp.org:

;; ANSWER SECTION:
pool.ntp.org.       350 IN  A   173.244.211.10
pool.ntp.org.       350 IN  A   173.255.193.172
pool.ntp.org.       350 IN  A   209.114.111.1

Would this indicate that ntp.org might be more reliable?

EEAA
  • 109,363
  • 18
  • 175
  • 245
Mike Crowe
  • 151
  • 1
  • 5

3 Answers3

6

The results you get from pool.ntp.org is a random selection from 3000 available servers in the network. The pool is constantly monitored, and badly performing systems are removed from the pool when they stop providing reliable time.

Ideally, you would want to use the pool servers from your region, which you can find by drilling down to find the closest selection from from the web site.

I am not sure how Ubuntu handles their NTP server internally, and short of asking them, there is no way to be certain. As a general rule though, you should be using NTP servers that you know to be reliable and are close to you.

In any case, you should always have a couple NTP servers defined, so you can just let the NTP protocol pick the best source of time.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • 1
    The NTP pool project does geo-DNS, so simply picking pool.ntp.org or 0.pool.ntp.org, 1.pool.ntp.org, etc. should give you servers in your own country, or failing that, in a nearby country. Use of the "0.", "1.", "2." prefixes produces a disjoint set of servers, so you can be guaranteed you will have multiple upstream sources. – rmalayter Jun 15 '12 at 14:16
1

The main reason this is done is because of vendoring and the need for people to be able to control the traffic their software generates. https://www.pool.ntp.org/vendors.html has a good discussion about this and some excerpts are below:

There was an infamous incident years back where a company hardcoded an NTP server and the traffic got out of control (see https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#Netgear_and_the_University_of_Wisconsin%E2%80%93Madison ). To fight this sort of situation vendors MUST NOT hardcode public resource IPs or names into their products. By using a DNS name under their control (or at least separate to the general pool) if the vendor's software gets out of control just that traffic can be redirected elsewhere.

A secondary (and more subtle) reason is that the Ubuntu project uses the DNS queries to approximately count the size of its active user base (mentioned in https://lwn.net/Articles/776327/ ).

Also when I just tried (mid 2019) I see multiple IP addresses being returned for ntp.ubuntu.com:

$ dig ntp.ubuntu.com
[...]
;; ANSWER SECTION:
ntp.ubuntu.com.     166 IN  A   91.189.89.198
ntp.ubuntu.com.     166 IN  A   91.189.91.157
ntp.ubuntu.com.     166 IN  A   91.189.89.199
ntp.ubuntu.com.     166 IN  A   91.189.94.4

So answering the question in the title: yes there is more than one IP address behind Ubuntu's default NTP address.

Anon
  • 1,245
  • 10
  • 23
0

If you want redundancy in ntpd, use multiple servers. When using a round-robin DNS record (such as the one for pool.ntp.org), only one IPv4 or IPv6 server is selected for a 'server pool.ntp.org' line. Repeating the line 3 times will select 3 different servers from the pool.

Koos van den Hout
  • 1,096
  • 6
  • 10