Abstract
Time synchronization is of paramount importance on the Internet, with the Network Time Protocol (NTP) serving as the primary synchronization protocol. The NTP Pool, a volunteer-driven initiative launched two decades ago, facilitates connections between clients and NTP servers. Our analysis of root DNS queries reveals that the NTP Pool has consistently been the most popular time service. We further investigate the DNS component (GeoDNS) of the NTP Pool, which is responsible for mapping clients to servers. Our findings indicate that the current algorithm is heavily skewed, leading to the emergence of time monopolies for entire countries. For instance, clients in the US are served by 551 NTP servers, while clients in Cameroon and Nigeria are served by only one and two servers, respectively, out of the 4k+ servers available in the NTP Pool. We examine the underlying assumption behind GeoDNS for these mappings and discover that time servers located far away can still provide accurate clock time information to clients. We have shared our findings with the NTP Pool operators, who acknowledge them and plan to revise their algorithm to enhance security.
- Apple. 2021. Apple NTPService. time.apple.com.Google Scholar
- Roy Arends, Rob Austein, Matt Larson, Dan Massey, and Scott Rose. 2005. DNS Security Introduction and Requirements. RFC 4033. IETF. http://tools.ietf.org/rfc/rfc4033.txtGoogle Scholar
- Jari Arkko. 2019. Centralised Architectures in Internet Infrastructure. Internet Draft. https://tools.ietf.org/html/draftarkko- arch-infrastructure-centralisation-00Google Scholar
- Jari Arkko. 2020. The influence of Internet architecture on centralised versus distributed Internet services. Journal of Cyber Policy 5, 1 (2020), 30--45. https://doi.org/10.1080/23738871.2020.1740753Google ScholarCross Ref
- Arkko, Jari and Tramme, B. and Nottingham,Mand Huitema, C and Thomson, M. and Tantsura, J. and ten Oever, N. 2019. Considerations on Internet Consolidation and the Internet Architecture. Internet Draft. https://tools.ietf.org/html/draftarkko- iab-internet-consolidation-02Google Scholar
- Ask Bjørn Hansen. 2021. GeoDNS servers. https://github.com/abh/geodns/.Google Scholar
- Ask Bjørn Hansen. 2023. Minor New Features on the website. https://community.ntppool.org/t/minor-new-featureson- the-website/2947/8.Google Scholar
- Rushvanth Bhaskar. 2022. A Day in the Life of NTP: Analysis of NTPPool Traffic. Master's thesis. University of Twente and SIDN Labs, Enschede and Arnhem, The Netherlands. Master's thesis.Google Scholar
- Stephan Bortzmeyer, Ralph Dolmans, and Paul Hoffman. 2021. DNS Query Name Minimisation to Improve Privacy. RFC 9156. IETF. http://tools.ietf.org/rfc/rfc9156.txtGoogle Scholar
- Physikalisch Technische Bundesanstalt. 2022. FDCF77 - PTB.de. (Nov. 5 2022). https://www.ptb.de/cms/en/ptb/ fachabteilungen/abt4/fb-44/ag-442/dissemination-of-legal-time/dcf77.htmlGoogle Scholar
- Randy Bush and Rob Austein. 2013. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810. IETF. http://tools.ietf.org/rfc/rfc6810.txtGoogle Scholar
- CAIDA. 2022. Index of /datasets/routing/routeviews-prefix2as. https://publicdata.caida.org/datasets/routing/ routeviews-prefix2as.Google Scholar
- Sebastian Castro, Duane Wessels, Marina Fomenkov, and Kimberly Claffy. 2008. A Day at the Root of the Internet. ACM Computer Communication Review 38, 5 (April 2008), 41--46.Google ScholarDigital Library
- Cloudflare. 2021. Cloudflare Time Service. https://www.cloudflare.com/time/.Google Scholar
- C. Contavalli, W. van der Gaast, D. Lawrence, and W. Kumari. 2016. Client Subnet in DNS Queries. RFC 7871. IETF. http://tools.ietf.org/rfc/rfc7871.txtGoogle Scholar
- Jakub Czyz, Michael Kallitsis, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey, and Manish Karir. 2014. Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks. In Proceedings of the 2014 ACM Conference on Internet Measurement Conference (Vancouver, BC, Canada) (IMC). ACM, 435--448. https://doi.org/10.1145/2663716.2663717Google ScholarDigital Library
- Wouter B de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, and Roland van Rijswijk-Deij. 2019. A First Look at QNAME Minimization in the Domain Name System. In International Conference on Passive and ActiveGoogle ScholarDigital Library
- Omer Deutsch, Neta Rozen Schiff, Danny Dolev, and Michael Schapira. 2018. Preventing (Network) Time Travel with Chronos.. In NDSS.Google Scholar
- Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. IETF. http: //tools.ietf.org/rfc/rfc5246.txtGoogle Scholar
- DNS OARC. 2022. DITL Traces and Analysis. https://www.dns-oarc.net/index.php/oarc/data/ditl/.Google Scholar
- Ralph Droms. 1997. Dynamic Host Configuration Protocol. RFC 2131. IETF. http://tools.ietf.org/rfc/rfc2131.txtGoogle Scholar
- Toby Ehrenkranz and Jun Li. 2009. On the state of IP spoofing defense. ACM Transactions on Internet Technology (TOIT) 9, 2 (2009), 1--29.Google ScholarDigital Library
- Daniel Franke, Dieter Sibold, Kristof Teichel, Marcus Dansarie, and Ragnar Sundblad. 2020. Network Time Security for the Network Time Protocol. RFC 8915. IETF. http://tools.ietf.org/rfc/rfc8915.txtGoogle Scholar
- Richard Gayraud and Benoit Lourdelet. 2010. Network Time Protocol (NTP) Server Option for DHCPv6. RFC 5908. IETF. http://tools.ietf.org/rfc/rfc5908.txtGoogle Scholar
- Google. 2021. Google Public NTP. https://developers.google.com/time.Google Scholar
- Mohammad Javad Hajikhani, Thomas Kunz, and Howard Schwartz. 2016. A Recursive Method for Clock Synchronization in Asymmetric Packet-Based Networks. IEEE/ACM Transactions on Networking 24, 4 (2016), 2332--2342. https://doi.org/10.1109/TNET.2015.2462772Google ScholarDigital Library
- Stewart Hampton. 2018. Five Dangers of Poor Network Timekeeping + Easy and Cost Effective Solutions (Part 2 of 10). (Sept. 5 2018). https://www.microsemi.com/blog/2018/09/05/five-dangers-of-poor-network-timekeeping-easy-andcost- effective-solutions-to-avoid-networks-fall-out-of-sync-part-2-of-10/Google Scholar
- Alden Hilton, Casey Deccio, and Jacob Davis. 2023. Fourteen Years in the Life: A Root Server's Perspective on DNS Resolver Security. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 3171--3186. https://www.usenix.org/conference/usenixsecurity23/presentation/hiltonGoogle Scholar
- Philip Homburg. 2015. NTP Measurements with RIPE Atlas. https://labs.ripe.net/author/philip_homburg/ntpmeasurements- with-ripe-atlas/.Google Scholar
- Nate Hopper. 2022. The Thorny Problem of Keeping the Internet's Time. The New Yorker (Sept. 30 2022). https: //www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-timeGoogle Scholar
- IEEE. 2002. IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. IEEE Std. 1588--2002 (2002). https://standards.ieee.org/ieee/1588/3140/Google Scholar
- IEEE. 2020. IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. IEEE Std 1588--2019 (Revision ofIEEE Std 1588--2008) (2020), 1--499. https://doi.org/10.1109/IEEESTD.2020.9120376Google ScholarCross Ref
- ITU. 2023. Statistics. https://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspxGoogle Scholar
- Philipp Jeitner, Haya Shulman, and Michael Waidner. 2020. The Impact of DNS Insecurity on Time. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 266--277. https://doi.org/10. 1109/DSN48063.2020.00043Google Scholar
- Cecilia Kang and David McCabe. 2020. Lawmakers, United in Their Ire, Lash Out at Big Tech's Leaders. New York Times (July. 29 2020). https://www.nytimes.com/2020/07/29/technology/big-tech-hearing-apple-amazon-facebookgoogle. htmlGoogle Scholar
- Aqsa Kashaf, Vyas Sekar, and Yuvraj Agarwal. 2020. Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?. In Proceedings of the ACM Internet Measurement Conference (Virtual Event, USA) (IMC '20). Association for Computing Machinery, New York, NY, USA, 634--647.Google ScholarDigital Library
- Robert Kisteleki. 2023. NTP empty results ('result': ['x': '*']). https://www.ripe.net/ripe/mail/archives/ripe-atlas/2023- October/005607.html.Google Scholar
- Warren Kumari and Paul Hoffman. 2020. Running a Root Server Local to a Resolver. RFC 8806. IETF. http://tools.ietf. org/rfc/rfc8806.txtGoogle Scholar
- Jonghoon Kwon, Jeonggyu Song, Junbeom Hur, and Adrian Perrig. 2023. Did the Shark Eat the Watchdog in the NTP Pool? Deceiving the NTP Pool's Monitoring System. In 30th USENIX Security Symposium. https://www.usenix.org/ conference/usenixsecurity23/presentation/kwonGoogle Scholar
- Leslie Lamport. 2019. Time, Clocks, and the Ordering of Events in a Distributed System. Association for Computing Machinery, New York, NY, USA, 179--196. https://doi.org/10.1145/3335772.3335934Google ScholarDigital Library
- Ziqian Liu, Bradley Huffaker, Marina Fomenkov, Nevil Brownlee, and Kimberly Claffy. 2007. Two Days in the Life of the DNS Anycast Root Servers. In Proceedings of the International conference on Passive and Active Measurements (PAM). 125--134.Google ScholarCross Ref
- Jonathan Magnusson, Moritz Müller, Anna Brunstrom, and Tobias Pulls. 2023. A Second Look at DNS QNAME Minimization. In Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21--23, 2023, Proceedings. Springer, 496--521.Google ScholarDigital Library
- Aanchal Malhotra, Isaac E Cohen, Erik Brakke, and Sharon Goldberg. 2016. Attacking the Network Time Protocol. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS 2016) (San Diego, California).Google ScholarCross Ref
- Aanchal Malhotra and Sharon Goldberg. 2016. Attacking NTP's Authenticated Broadcast Mode. SIGCOMM Comput. Commun. Rev. 46, 2 (may 2016), 12--17.Google ScholarDigital Library
- Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. 2017. The Security of NTP's Datagram Protocol. In Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3--7, 2017, Revised Selected Papers 21. Springer, 405--423.Google ScholarDigital Library
- Mark Morowczynski. 2012. Did YourActive Directory Domain Time Just Jump To The Year 2000? https://techcommunity. microsoft.com/t5/core-infrastructure-and-security/did-your-active-directory-domain-time-just-jump-to-the-year- 2000/ba-p/255873.Google Scholar
- Maxmind. 2021. Maxmind. http://www.maxmind.com/Google Scholar
- Microsoft. 2021. Microsoft NTP Service. http://time.windows.com.Google Scholar
- David Mills. 2006. Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI. RFC 4330. IETF. http: //tools.ietf.org/rfc/rfc4330.txtGoogle Scholar
- David Mills, Jim Martin, Jack Burbank, and William Kasch. 2010. Network Time Protocol Version 4: Protocol and Algorithms Specification. RFC 5905. IETF. http://tools.ietf.org/rfc/rfc5905.txtGoogle Scholar
- Paul Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034. IETF. http://tools.ietf.org/rfc/rfc1034.txtGoogle Scholar
- Giovane C. M. Moura, Sebastian Castro, Wes Hardaker, Maarten Wullink, and Cristian Hesselman. 2020. Clouding up the Internet: How Centralized is DNS Traffic Becoming?. In Proceedings of the ACM Internet Measurement Conference (Virtual Event, USA) (IMC '20). Association for Computing Machinery, New York, NY, USA, 42--49.Google ScholarDigital Library
- Giovane C. M. Moura, Ricardo deO. Schmidt, John Heidemann,Wouter B. de Vries, Moritz Müller, LanWei, and Christian Hesselman. 2016. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event. In Proceedings of the ACM Internet Measurement Conference. ACM, Santa Monica, California, USA, 255--270. https://doi.org/10.1145/2987443.2987446Google ScholarDigital Library
- Giovane C. M. Moura, John Heidemann, Ricardo de O. Schmidt, and Wes Hardaker. 2019. Cache Me If You Can: Effects of DNS Time-to-Live. In Proceedings of the ACM Internet Measurement Conference. ACM, Amsterdam, the Netherlands, 101--115. https://doi.org/10.1145/3355369.3355568Google ScholarDigital Library
- Giovane C. M. Moura, John Heidemann, Moritz Müller, Ricardo de O. Schmidt, and Marco Davids. 2018. When the Dike Breaks: Dissecting DNS Defenses During DDoS. In Proceedings of the ACM Internet Measurement Conference. ACM, Boston, MA, USA, 8--21. https://doi.org/10.1145/3278532.3278534Google ScholarDigital Library
- Moritz Müller, Giovane C. M. Moura, Ricardo de O. Schmidt, and John Heidemann. 2017. Recursives in the Wild: Engineering Authoritative DNS Servers. In Proceedings of the ACM Internet Measurement Conference. ACM, London, UK, 489--495. https://doi.org/10.1145/3131365.3131366Google ScholarDigital Library
- Network Time Foundation. 2022. Download NTP . https://doc.ntp.org/downloads/.Google Scholar
- Clifford Neuman, Tom Yu, Sam Hartman, and Kenneth Raeburn. 2005. The Kerberos Network Authentication Service (V5). RFC 4120. IETF. http://tools.ietf.org/rfc/rfc4120.txtGoogle Scholar
- NIST. 2022. NIST Internet Time Service (ITS). (Nov. 5 2022). https://www.nist.gov/pml/time-and-frequencydivision/ time-distribution/internet-time-service-itsGoogle Scholar
- M. Nottingham. 2023. Centralization, Decentralization, and Internet Standards. RFC 9518. IETF. http://tools.ietf.org/rfc/ rfc9518.txtGoogle Scholar
- NTP Pool. 2021. All Pool Servers. https://www.ntppool.org/zone.Google Scholar
- NTP Pool. 2021. Argentina - ar.pool.ntp.org. https://www.ntppool.org/zone/ar.Google Scholar
- NTP Pool. 2021. pool.ntp.org: statistics for 51.255.142.175 . https://www.ntppool.org/scores/51.255.142.175/.Google Scholar
- NTP Pool. 2021. pool.ntp.org: Statistics for 95.217.188.206. https://www.ntppool.org/scores/95.217.188.206.Google Scholar
- NTP Pool. 2021. pool.ntp.org: the internet cluster of ntp servers. https://www.ntppool.org/en/.Google Scholar
- NTP Pool. 2021. The NTP Pool for vendors. https://www.ntppool.org/en/vendors.html.Google Scholar
- NTP Pool. 2022. How do I join pool.ntp.org? https://www.ntppool.org/en/join.html.Google Scholar
- NTP Pool. 2023. Monitoring System - Technical details. https://news.ntppool.org/docs/monitoring/.Google Scholar
- NTP Pool. 2023. NTP Pool Monitoring v2. https://news.ntppool.org/2023/03/ntp-pool-monitoring-v2/.Google Scholar
- Oleg Obleukhov. 2020. Building a more accurate time service at Facebook scale. https://engineering.fb.com/2020/03/ 18/production-engineering/ntp-service/.Google Scholar
- United States Naval Observatory. 2022. Information about NTP, the time backbone of the Internet. (Nov. 5 2022). https://www.cnmoc.usff.navy.mil/Our-Commands/United-States-Naval-Observatory/Precise-Time-Department/ Network-Time-Protocol-NTP/Google Scholar
- Yarin Perry, Neta Rozen-Schiff, and Michael Schapira. 2021. A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?. In Proceedings of the 28th Network and Distributed System Security Symposium (NDSS 2021) (Virtual Conference).Google ScholarCross Ref
- RIPE NCC. 2021. RIPE Atlas Measurement IDS. https://atlas.ripe.net/measurements/ID. , where ID is the experiment ID: EnumV4: 32025718, EnumV6: 32058440, ArgV4: 31789516, ArgV4-Emul:31830680, ArgV4-Android: 31992051, DE-Android:31970486, ArgV6:32001506.Google Scholar
- RIPE NCC. 2023. RIPE Atlas Measurement IDS. https://atlas.ripe.net/measurements/ID. , where ID is the experiment ID: Cloudflare: 47865355, Africa: 47867480, Asia:47867358, Europe: 47867632, North America:47867336, South America:47867316:.Google Scholar
- RIPE NCC Staff. 2015. RIPE Atlas: A Global Internet Measurement Network. Internet Protocol Journal (IPJ) 18, 3 (Sep 2015), 2--26.Google Scholar
- RIPE Network Coordination Centre. 2020. RIPE Atlas. https://atlas.ripe.net.Google Scholar
- Root Server Operators. 2021. Root DNS. http://root-servers.org/.Google Scholar
- Teemu Rytilahti, Dennis Tatang, Janosch Köpper, and Thorsten Holz. 2018. Masters of Time: An Overview of the NTP Ecosystem. In 2018 IEEE European Symposium on Security and Privacy (EuroS P). 122--136. https://doi.org/10.1109/ EuroSP.2018.00017Google Scholar
- Bruce Schneier. 2018. Censorship in the Age of Large Cloud Providers. https://www.schneier.com/essays/archives/ 2018/06/censorship_in_the_ag.htmlGoogle Scholar
- Jeff A. Sherman and Judah Levine. 2016. Usage Analysis of the NIST Internet Time Service. Journal of Research of the National Institute of Standards and Technology 121 (March 2016), 33. https://doi.org/10.6028/jres.121.003Google ScholarCross Ref
- SIDN Labs. 2024. TimeNL. https://time.nl/index_en.html.Google Scholar
- Internet Society. 2019. Consolidation in the Internet Economy. https://future.internetsociety.org/2019/Google Scholar
- Stéphane Bortzmeyer. 2015. DNS Censorship (DNS Lies) As Seen By RIPE Atlas. https://labs.ripe.net/author/stephane_ bortzmeyer/dns-censorship-dns-lies-as-seen-by-ripe-atlas/.Google Scholar
- Ubuntu. 2023. Ubuntu NTP Service. https://ubuntu.com/server/docs/network-ntp.Google Scholar
- Kevin Vermeulen, Ege Gurmericliler, Italo Cunha, David Choffnes, and Ethan Katz-Bassett. 2022. Internet Scale Reverse Traceroute. In Proceedings of the 22nd ACM Internet Measurement Conference (Nice, France) (IMC '22). Association for Computing Machinery, New York, NY, USA, 694--715. https://doi.org/10.1145/3517745.3561422Google ScholarDigital Library
- Adrian von Bidder. 2003. ntp DNS round robin experiment. https://groups.google.com/g/comp.protocols.time.ntp/c/ cShrN7imCJ0.Google Scholar
Index Terms
- Deep Dive into NTP Pool's Popularity and Mapping
Recommendations
POSTER: X-Ray Your DNS
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe design and develop DNS X-Ray which performs analyses of DNS platforms on the networks where it is invoked. The analysis identifies the caches and the IP addresses used by the DNS platform, fingerprints the DNS software on the caches, and evaluates ...
End-User Mapping: Next Generation Request Routing for Content Delivery
SIGCOMM'15Content Delivery Networks (CDNs) deliver much of the world's web, video, and application content on the Internet today. A key component of a CDN is the mapping system that uses the DNS protocol to route each client's request to a ``proximal'' server ...
Preventing time synchronization in NTP broadcast mode
AbstractNetwork Time Protocol (NTP) is used by millions of hosts on the Internet today to synchronize their clocks. The clock synchronization is necessary for many network applications to function correctly. An unsynchronized clock may lead to ...
Comments