research-article

Open access

Deep Dive into NTP Pool's Popularity and Mapping

Authors:

Giovane C. M. Moura,

Caspar Schutijser,

Cristian Hesselman,

John Heidemann,

Georgios SmaragdakisAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 8, Issue 1

Article No.: 15, Pages 1 - 30

https://doi.org/10.1145/3639041

Published: 21 February 2024 Publication History

Abstract

Time synchronization is of paramount importance on the Internet, with the Network Time Protocol (NTP) serving as the primary synchronization protocol. The NTP Pool, a volunteer-driven initiative launched two decades ago, facilitates connections between clients and NTP servers. Our analysis of root DNS queries reveals that the NTP Pool has consistently been the most popular time service. We further investigate the DNS component (GeoDNS) of the NTP Pool, which is responsible for mapping clients to servers. Our findings indicate that the current algorithm is heavily skewed, leading to the emergence of time monopolies for entire countries. For instance, clients in the US are served by 551 NTP servers, while clients in Cameroon and Nigeria are served by only one and two servers, respectively, out of the 4k+ servers available in the NTP Pool. We examine the underlying assumption behind GeoDNS for these mappings and discover that time servers located far away can still provide accurate clock time information to clients. We have shared our findings with the NTP Pool operators, who acknowledge them and plan to revise their algorithm to enhance security.

References

[1]

Apple. 2021. Apple NTPService. time.apple.com.

[2]

Roy Arends, Rob Austein, Matt Larson, Dan Massey, and Scott Rose. 2005. DNS Security Introduction and Requirements. RFC 4033. IETF. http://tools.ietf.org/rfc/rfc4033.txt

[3]

Jari Arkko. 2019. Centralised Architectures in Internet Infrastructure. Internet Draft. https://tools.ietf.org/html/draftarkko- arch-infrastructure-centralisation-00

[4]

Jari Arkko. 2020. The influence of Internet architecture on centralised versus distributed Internet services. Journal of Cyber Policy 5, 1 (2020), 30--45. https://doi.org/10.1080/23738871.2020.1740753

[5]

Arkko, Jari and Tramme, B. and Nottingham,Mand Huitema, C and Thomson, M. and Tantsura, J. and ten Oever, N. 2019. Considerations on Internet Consolidation and the Internet Architecture. Internet Draft. https://tools.ietf.org/html/draftarkko- iab-internet-consolidation-02

[6]

Ask Bjørn Hansen. 2021. GeoDNS servers. https://github.com/abh/geodns/.

[7]

Ask Bjørn Hansen. 2023. Minor New Features on the website. https://community.ntppool.org/t/minor-new-featureson- the-website/2947/8.

[8]

Rushvanth Bhaskar. 2022. A Day in the Life of NTP: Analysis of NTPPool Traffic. Master's thesis. University of Twente and SIDN Labs, Enschede and Arnhem, The Netherlands. Master's thesis.

[9]

Stephan Bortzmeyer, Ralph Dolmans, and Paul Hoffman. 2021. DNS Query Name Minimisation to Improve Privacy. RFC 9156. IETF. http://tools.ietf.org/rfc/rfc9156.txt

[10]

Physikalisch Technische Bundesanstalt. 2022. FDCF77 - PTB.de. (Nov. 5 2022). https://www.ptb.de/cms/en/ptb/ fachabteilungen/abt4/fb-44/ag-442/dissemination-of-legal-time/dcf77.html

[11]

Randy Bush and Rob Austein. 2013. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810. IETF. http://tools.ietf.org/rfc/rfc6810.txt

[12]

CAIDA. 2022. Index of /datasets/routing/routeviews-prefix2as. https://publicdata.caida.org/datasets/routing/ routeviews-prefix2as.

[13]

Sebastian Castro, Duane Wessels, Marina Fomenkov, and Kimberly Claffy. 2008. A Day at the Root of the Internet. ACM Computer Communication Review 38, 5 (April 2008), 41--46.

Digital Library

[14]

Cloudflare. 2021. Cloudflare Time Service. https://www.cloudflare.com/time/.

[15]

C. Contavalli, W. van der Gaast, D. Lawrence, and W. Kumari. 2016. Client Subnet in DNS Queries. RFC 7871. IETF. http://tools.ietf.org/rfc/rfc7871.txt

[16]

Jakub Czyz, Michael Kallitsis, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey, and Manish Karir. 2014. Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks. In Proceedings of the 2014 ACM Conference on Internet Measurement Conference (Vancouver, BC, Canada) (IMC). ACM, 435--448. https://doi.org/10.1145/2663716.2663717

Digital Library

[17]

Wouter B de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, and Roland van Rijswijk-Deij. 2019. A First Look at QNAME Minimization in the Domain Name System. In International Conference on Passive and Active

Digital Library

[18]

Omer Deutsch, Neta Rozen Schiff, Danny Dolev, and Michael Schapira. 2018. Preventing (Network) Time Travel with Chronos. In NDSS.

[19]

Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. IETF. http: //tools.ietf.org/rfc/rfc5246.txt

[20]

DNS OARC. 2022. DITL Traces and Analysis. https://www.dns-oarc.net/index.php/oarc/data/ditl/.

[21]

Ralph Droms. 1997. Dynamic Host Configuration Protocol. RFC 2131. IETF. http://tools.ietf.org/rfc/rfc2131.txt

[22]

Toby Ehrenkranz and Jun Li. 2009. On the state of IP spoofing defense. ACM Transactions on Internet Technology (TOIT) 9, 2 (2009), 1--29.

Digital Library

[23]

Daniel Franke, Dieter Sibold, Kristof Teichel, Marcus Dansarie, and Ragnar Sundblad. 2020. Network Time Security for the Network Time Protocol. RFC 8915. IETF. http://tools.ietf.org/rfc/rfc8915.txt

[24]

Richard Gayraud and Benoit Lourdelet. 2010. Network Time Protocol (NTP) Server Option for DHCPv6. RFC 5908. IETF. http://tools.ietf.org/rfc/rfc5908.txt

[25]

Google. 2021. Google Public NTP. https://developers.google.com/time.

[26]

Mohammad Javad Hajikhani, Thomas Kunz, and Howard Schwartz. 2016. A Recursive Method for Clock Synchronization in Asymmetric Packet-Based Networks. IEEE/ACM Transactions on Networking 24, 4 (2016), 2332--2342. https://doi.org/10.1109/TNET.2015.2462772

Digital Library

[27]

Stewart Hampton. 2018. Five Dangers of Poor Network Timekeeping + Easy and Cost Effective Solutions (Part 2 of 10). (Sept. 5 2018). https://www.microsemi.com/blog/2018/09/05/five-dangers-of-poor-network-timekeeping-easy-andcost- effective-solutions-to-avoid-networks-fall-out-of-sync-part-2-of-10/

[28]

Alden Hilton, Casey Deccio, and Jacob Davis. 2023. Fourteen Years in the Life: A Root Server's Perspective on DNS Resolver Security. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 3171--3186. https://www.usenix.org/conference/usenixsecurity23/presentation/hilton

[29]

Philip Homburg. 2015. NTP Measurements with RIPE Atlas. https://labs.ripe.net/author/philip_homburg/ntpmeasurements- with-ripe-atlas/.

[30]

Nate Hopper. 2022. The Thorny Problem of Keeping the Internet's Time. The New Yorker (Sept. 30 2022). https: //www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-time

[31]

IEEE. 2002. IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. IEEE Std. 1588--2002 (2002). https://standards.ieee.org/ieee/1588/3140/

[32]

IEEE. 2020. IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. IEEE Std 1588--2019 (Revision ofIEEE Std 1588--2008) (2020), 1--499. https://doi.org/10.1109/IEEESTD.2020.9120376

[33]

ITU. 2023. Statistics. https://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx

[34]

Philipp Jeitner, Haya Shulman, and Michael Waidner. 2020. The Impact of DNS Insecurity on Time. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 266--277. https://doi.org/10. 1109/DSN48063.2020.00043

[35]

Cecilia Kang and David McCabe. 2020. Lawmakers, United in Their Ire, Lash Out at Big Tech's Leaders. New York Times (July. 29 2020). https://www.nytimes.com/2020/07/29/technology/big-tech-hearing-apple-amazon-facebookgoogle. html

[36]

Aqsa Kashaf, Vyas Sekar, and Yuvraj Agarwal. 2020. Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?. In Proceedings of the ACM Internet Measurement Conference (Virtual Event, USA) (IMC '20). Association for Computing Machinery, New York, NY, USA, 634--647.

Digital Library

[37]

Robert Kisteleki. 2023. NTP empty results ('result': ['x': '*']). https://www.ripe.net/ripe/mail/archives/ripe-atlas/2023- October/005607.html.

[38]

Warren Kumari and Paul Hoffman. 2020. Running a Root Server Local to a Resolver. RFC 8806. IETF. http://tools.ietf. org/rfc/rfc8806.txt

[39]

Jonghoon Kwon, Jeonggyu Song, Junbeom Hur, and Adrian Perrig. 2023. Did the Shark Eat the Watchdog in the NTP Pool? Deceiving the NTP Pool's Monitoring System. In 30th USENIX Security Symposium. https://www.usenix.org/ conference/usenixsecurity23/presentation/kwon

[40]

Leslie Lamport. 2019. Time, Clocks, and the Ordering of Events in a Distributed System. Association for Computing Machinery, New York, NY, USA, 179--196. https://doi.org/10.1145/3335772.3335934

Digital Library

[41]

Ziqian Liu, Bradley Huffaker, Marina Fomenkov, Nevil Brownlee, and Kimberly Claffy. 2007. Two Days in the Life of the DNS Anycast Root Servers. In Proceedings of the International conference on Passive and Active Measurements (PAM). 125--134.

[42]

Jonathan Magnusson, Moritz Müller, Anna Brunstrom, and Tobias Pulls. 2023. A Second Look at DNS QNAME Minimization. In Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21--23, 2023, Proceedings. Springer, 496--521.

Digital Library

[43]

Aanchal Malhotra, Isaac E Cohen, Erik Brakke, and Sharon Goldberg. 2016. Attacking the Network Time Protocol. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS 2016) (San Diego, California).

[44]

Aanchal Malhotra and Sharon Goldberg. 2016. Attacking NTP's Authenticated Broadcast Mode. SIGCOMM Comput. Commun. Rev. 46, 2 (may 2016), 12--17.

Digital Library

[45]

Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. 2017. The Security of NTP's Datagram Protocol. In Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3--7, 2017, Revised Selected Papers 21. Springer, 405--423.

Digital Library

[46]

Mark Morowczynski. 2012. Did YourActive Directory Domain Time Just Jump To The Year 2000? https://techcommunity. microsoft.com/t5/core-infrastructure-and-security/did-your-active-directory-domain-time-just-jump-to-the-year- 2000/ba-p/255873.

[47]

Maxmind. 2021. Maxmind. http://www.maxmind.com/

[48]

Microsoft. 2021. Microsoft NTP Service. http://time.windows.com.

[49]

David Mills. 2006. Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI. RFC 4330. IETF. http: //tools.ietf.org/rfc/rfc4330.txt

[50]

David Mills, Jim Martin, Jack Burbank, and William Kasch. 2010. Network Time Protocol Version 4: Protocol and Algorithms Specification. RFC 5905. IETF. http://tools.ietf.org/rfc/rfc5905.txt

[51]

Paul Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034. IETF. http://tools.ietf.org/rfc/rfc1034.txt

[52]

Giovane C. M. Moura, Sebastian Castro, Wes Hardaker, Maarten Wullink, and Cristian Hesselman. 2020. Clouding up the Internet: How Centralized is DNS Traffic Becoming?. In Proceedings of the ACM Internet Measurement Conference (Virtual Event, USA) (IMC '20). Association for Computing Machinery, New York, NY, USA, 42--49.

Digital Library

[53]

Giovane C. M. Moura, Ricardo deO. Schmidt, John Heidemann,Wouter B. de Vries, Moritz Müller, LanWei, and Christian Hesselman. 2016. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event. In Proceedings of the ACM Internet Measurement Conference. ACM, Santa Monica, California, USA, 255--270. https://doi.org/10.1145/2987443.2987446

Digital Library

[54]

Giovane C. M. Moura, John Heidemann, Ricardo de O. Schmidt, and Wes Hardaker. 2019. Cache Me If You Can: Effects of DNS Time-to-Live. In Proceedings of the ACM Internet Measurement Conference. ACM, Amsterdam, the Netherlands, 101--115. https://doi.org/10.1145/3355369.3355568

Digital Library

[55]

Giovane C. M. Moura, John Heidemann, Moritz Müller, Ricardo de O. Schmidt, and Marco Davids. 2018. When the Dike Breaks: Dissecting DNS Defenses During DDoS. In Proceedings of the ACM Internet Measurement Conference. ACM, Boston, MA, USA, 8--21. https://doi.org/10.1145/3278532.3278534

Digital Library

[56]

Moritz Müller, Giovane C. M. Moura, Ricardo de O. Schmidt, and John Heidemann. 2017. Recursives in the Wild: Engineering Authoritative DNS Servers. In Proceedings of the ACM Internet Measurement Conference. ACM, London, UK, 489--495. https://doi.org/10.1145/3131365.3131366

Digital Library

[57]

Network Time Foundation. 2022. Download NTP . https://doc.ntp.org/downloads/.

[58]

Clifford Neuman, Tom Yu, Sam Hartman, and Kenneth Raeburn. 2005. The Kerberos Network Authentication Service (V5). RFC 4120. IETF. http://tools.ietf.org/rfc/rfc4120.txt

[59]

NIST. 2022. NIST Internet Time Service (ITS). (Nov. 5 2022). https://www.nist.gov/pml/time-and-frequencydivision/ time-distribution/internet-time-service-its

[60]

M. Nottingham. 2023. Centralization, Decentralization, and Internet Standards. RFC 9518. IETF. http://tools.ietf.org/rfc/ rfc9518.txt

[61]

NTP Pool. 2021. All Pool Servers. https://www.ntppool.org/zone.

[62]

NTP Pool. 2021. Argentina - ar.pool.ntp.org. https://www.ntppool.org/zone/ar.

[63]

NTP Pool. 2021. pool.ntp.org: statistics for 51.255.142.175 . https://www.ntppool.org/scores/51.255.142.175/.

[64]

NTP Pool. 2021. pool.ntp.org: Statistics for 95.217.188.206. https://www.ntppool.org/scores/95.217.188.206.

[65]

NTP Pool. 2021. pool.ntp.org: the internet cluster of ntp servers. https://www.ntppool.org/en/.

[66]

NTP Pool. 2021. The NTP Pool for vendors. https://www.ntppool.org/en/vendors.html.

[67]

NTP Pool. 2022. How do I join pool.ntp.org? https://www.ntppool.org/en/join.html.

[68]

NTP Pool. 2023. Monitoring System - Technical details. https://news.ntppool.org/docs/monitoring/.

[69]

NTP Pool. 2023. NTP Pool Monitoring v2. https://news.ntppool.org/2023/03/ntp-pool-monitoring-v2/.

[70]

Oleg Obleukhov. 2020. Building a more accurate time service at Facebook scale. https://engineering.fb.com/2020/03/ 18/production-engineering/ntp-service/.

[71]

United States Naval Observatory. 2022. Information about NTP, the time backbone of the Internet. (Nov. 5 2022). https://www.cnmoc.usff.navy.mil/Our-Commands/United-States-Naval-Observatory/Precise-Time-Department/ Network-Time-Protocol-NTP/

[72]

Yarin Perry, Neta Rozen-Schiff, and Michael Schapira. 2021. A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?. In Proceedings of the 28th Network and Distributed System Security Symposium (NDSS 2021) (Virtual Conference).

[73]

RIPE NCC. 2021. RIPE Atlas Measurement IDS. https://atlas.ripe.net/measurements/ID., where ID is the experiment ID: EnumV4: 32025718, EnumV6: 32058440, ArgV4: 31789516, ArgV4-Emul:31830680, ArgV4-Android: 31992051, DE-Android:31970486, ArgV6:32001506.

[74]

RIPE NCC. 2023. RIPE Atlas Measurement IDS. https://atlas.ripe.net/measurements/ID., where ID is the experiment ID: Cloudflare: 47865355, Africa: 47867480, Asia:47867358, Europe: 47867632, North America:47867336, South America:47867316:.

[75]

RIPE NCC Staff. 2015. RIPE Atlas: A Global Internet Measurement Network. Internet Protocol Journal (IPJ) 18, 3 (Sep 2015), 2--26.

[76]

RIPE Network Coordination Centre. 2020. RIPE Atlas. https://atlas.ripe.net.

[77]

Root Server Operators. 2021. Root DNS. http://root-servers.org/.

[78]

Teemu Rytilahti, Dennis Tatang, Janosch Köpper, and Thorsten Holz. 2018. Masters of Time: An Overview of the NTP Ecosystem. In 2018 IEEE European Symposium on Security and Privacy (EuroS P). 122--136. https://doi.org/10.1109/ EuroSP.2018.00017

[79]

Bruce Schneier. 2018. Censorship in the Age of Large Cloud Providers. https://www.schneier.com/essays/archives/ 2018/06/censorship_in_the_ag.html

[80]

Jeff A. Sherman and Judah Levine. 2016. Usage Analysis of the NIST Internet Time Service. Journal of Research of the National Institute of Standards and Technology 121 (March 2016), 33. https://doi.org/10.6028/jres.121.003

[81]

SIDN Labs. 2024. TimeNL. https://time.nl/index_en.html.

[82]

Internet Society. 2019. Consolidation in the Internet Economy. https://future.internetsociety.org/2019/

[83]

Stéphane Bortzmeyer. 2015. DNS Censorship (DNS Lies) As Seen By RIPE Atlas. https://labs.ripe.net/author/stephane_ bortzmeyer/dns-censorship-dns-lies-as-seen-by-ripe-atlas/.

[84]

Ubuntu. 2023. Ubuntu NTP Service. https://ubuntu.com/server/docs/network-ntp.

[85]

Kevin Vermeulen, Ege Gurmericliler, Italo Cunha, David Choffnes, and Ethan Katz-Bassett. 2022. Internet Scale Reverse Traceroute. In Proceedings of the 22nd ACM Internet Measurement Conference (Nice, France) (IMC '22). Association for Computing Machinery, New York, NY, USA, 694--715. https://doi.org/10.1145/3517745.3561422

Digital Library

[86]

Adrian von Bidder. 2003. ntp DNS round robin experiment. https://groups.google.com/g/comp.protocols.time.ntp/c/ cShrN7imCJ0.

Cited By

Moura GDavids MSchutijser CHesselman CHeidemann JSmaragdakis G(2024)Deep Dive into NTP Pool's Popularity and MappingACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365505152:1(9-10)Online publication date: 13-Jun-2024
https://doi.org/10.1145/3673660.3655051
Moura GDavids MSchutijser CHesselman CHeidemann JSmaragdakis GGaretto MMarin ACiucu FFanti GRighter R(2024)Deep Dive into NTP Pool's Popularity and MappingAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655051(9-10)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655051

Index Terms

Deep Dive into NTP Pool's Popularity and Mapping
1. Networks

Recommendations

Deep Dive into NTP Pool's Popularity and Mapping
SIGMETRICS/PERFORMANCE '24: Abstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems

Time synchronization is of paramount importance on the Internet, with the Network Time Protocol (NTP) serving as the primary synchronization protocol. The NTP Pool, a volunteer-driven initiative launched two decades ago, facilitates connections between ...
Deep Dive into NTP Pool's Popularity and Mapping
SIGMETRICS '24

Time synchronization is of paramount importance on the Internet, with the Network Time Protocol (NTP) serving as the primary synchronization protocol. The NTP Pool, a volunteer-driven initiative launched two decades ago, facilitates connections between ...
End-User Mapping: Next Generation Request Routing for Content Delivery
SIGCOMM'15

Content Delivery Networks (CDNs) deliver much of the world's web, video, and application content on the Internet today. A key component of a CDN is the mapping system that uses the DNS protocol to route each client's request to a ``proximal'' server ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 8, Issue 1

POMACS

March 2024

494 pages

EISSN:2476-1249

DOI:10.1145/3649331

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California, United States
,
Zhi-Li Zhang
University of Minnesota, United States

Issue’s Table of Contents

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 February 2024

Published in POMACS Volume 8, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
755
Total Downloads

Downloads (Last 12 months)755
Downloads (Last 6 weeks)200

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Moura GDavids MSchutijser CHesselman CHeidemann JSmaragdakis G(2024)Deep Dive into NTP Pool's Popularity and MappingACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365505152:1(9-10)Online publication date: 13-Jun-2024
https://doi.org/10.1145/3673660.3655051
Moura GDavids MSchutijser CHesselman CHeidemann JSmaragdakis GGaretto MMarin ACiucu FFanti GRighter R(2024)Deep Dive into NTP Pool's Popularity and MappingAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655051(9-10)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655051

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents