On 11/10/2015 01:31 AM, Mouse wrote: > The example you cite gives an address of 132.248.30.3. This address is > actually xalli.cie.unam.mx. > My best guess - given the very limited information I have - is that you > are dealing with a provider intercepting your DNS requests and > returning forged responses, probably on the assumption that you are a > mass-market end user trying to look at Web pages. If cie.unam.mx is > related to the provider you get your Mexican connectivity from, my > estimate of the chance that this is the explanation goes up > substantially.
The estimate of the chance goes down substantially again when you realize that the IP returned actually is a valid ntp pool server. Would such an asshole-ISP actually provide a pool service? i think not. http://www.pool.ntp.org/zone/mx seems to have the answer: "There are 0 active servers in this zone". There actually seems to be only one ntppool server in Mexico. And that one drops out in certain intervals, possibly because it gets way too much traffic. So what likely happens is that you get that one server while its score is high enough. It then drops out because it essentially gets DDoSed by the requests from all of Mexico. With 0 usable servers remaining in the .mx zone, the pool system then chooses random servers from all over the world. When traffic abates enough, that the one MX server answers again, so its score increases again, and this starts over again. -- Michael Meier, HPC Services Friedrich-Alexander-Universitaet Erlangen-Nuernberg Regionales Rechenzentrum Erlangen Martensstrasse 1, 91058 Erlangen, Germany Tel.: +49 9131 85-28973, Fax: +49 9131 302941 [email protected] www.hpc.rrze.fau.de _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
