[AusNOG] The state of DNS in Australia

[Mark Andrews]

It looks like DNS flag day has cleaned out a lot of broken DNS implementation 
and firewalls[1] but there are still holdouts running non-compliant code / 
firewalls[2] (AWS are in the process for fixing their servers).  The reports 
show the servers that are sitting behind out of date firewalls from Juniper and 
Checkpoint as the old code has a distinctive drop patterns.  Both vendors no 
longer drop well formed EDNS packets with by default. i.e. they pass all 
specified EDNS options as well as unknown EDNS versions, EDNS flags, and EDNS 
options.  If you are not sure if your DNS servers and firewalls are compliant 
you can test them at https://ednscomp.isc.org.

https://ednscomp.isc.org/compliance/ts/au-graphs.html
https://ednscomp.isc.org/compliance/au-report.html
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] OzHosting issues

[Ross Marston]

Anyone heard anything about where OzHosting went?  They seem to have 
disappeared off the interwebs today. Can’t even contact their DNS servers.
Off list response is fine if anyone can help.

Ross Marston
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] OzHosting issues

[Cameron Murray]

https://status.ozhosting.com/current-system-status/inw12131/

On Thu, Jan 31, 2019 at 7:53 AM Ross Marston  wrote:

> Anyone heard anything about where OzHosting went?  They seem to have
> disappeared off the interwebs today. Can’t even contact their DNS servers.
> Off list response is fine if anyone can help.
>
> Ross Marston
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] OzHosting issues

[Ross Marston]

Thanks for the response. Unfortunately I can’t get to that site or load any 
pages from them Today. But I gather it means they know that they’ve disappeared.

Kind regards
Ross Marston

From: Cameron Murray 
Sent: Thursday, January 31, 2019 8:09 am
To: Ross Marston
Cc: AusNOG@lists.ausnog.net
Subject: Re: [AusNOG] OzHosting issues

https://status.ozhosting.com/current-system-status/inw12131/

On Thu, Jan 31, 2019 at 7:53 AM Ross Marston 
mailto:r...@ramtech.net.au>> wrote:
Anyone heard anything about where OzHosting went?  They seem to have 
disappeared off the interwebs today. Can’t even contact their DNS servers.
Off list response is fine if anyone can help.

Ross Marston
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] OzHosting issues

[Cameron Murray]

The page appears to be hosted externally to their network; Snippet for your
troubles:

Issue:
INW12131
Update
Time: 5:37am

Our network vendor is still currently working on this issue.

We understand the issue is related to BGP routing and our network vendor is
aiming at resolving the issue quickly.

Further updates will be made

Kind Regards,
OzHosting.com Support Team

We are experiencing issues with our network provider which is affecting the
accessibility of all services hosted by OzHosting.

Our engineers are working with our Network provider to resolve this issue
quickly.

Further updates will be provided

Kind Regards,
The Ozhosting.com Team

On Thu, Jan 31, 2019 at 8:12 AM Ross Marston  wrote:

> Thanks for the response. Unfortunately I can’t get to that site or load
> any pages from them Today. But I gather it means they know that they’ve
> disappeared.
>
> Kind regards
> Ross Marston
> --
> *From:* Cameron Murray 
> *Sent:* Thursday, January 31, 2019 8:09 am
> *To:* Ross Marston
> *Cc:* AusNOG@lists.ausnog.net
> *Subject:* Re: [AusNOG] OzHosting issues
>
> https://status.ozhosting.com/current-system-status/inw12131/
>
> On Thu, Jan 31, 2019 at 7:53 AM Ross Marston  wrote:
>
>> Anyone heard anything about where OzHosting went?  They seem to have
>> disappeared off the interwebs today. Can’t even contact their DNS servers.
>> Off list response is fine if anyone can help.
>>
>> Ross Marston
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] OzHosting issues

[Matthew Young]

It's a bgp issue, I can see this page.

Given that they probably host their own site, you're affected by the bgp
issue

On Thu, 31 Jan. 2019, 8:13 am Ross Marston  Thanks for the response. Unfortunately I can’t get to that site or load
> any pages from them Today. But I gather it means they know that they’ve
> disappeared.
>
> Kind regards
> Ross Marston
> --
> *From:* Cameron Murray 
> *Sent:* Thursday, January 31, 2019 8:09 am
> *To:* Ross Marston
> *Cc:* AusNOG@lists.ausnog.net
> *Subject:* Re: [AusNOG] OzHosting issues
>
> https://status.ozhosting.com/current-system-status/inw12131/
>
> On Thu, Jan 31, 2019 at 7:53 AM Ross Marston  wrote:
>
>> Anyone heard anything about where OzHosting went?  They seem to have
>> disappeared off the interwebs today. Can’t even contact their DNS servers.
>> Off list response is fine if anyone can help.
>>
>> Ross Marston
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Cancellations and Number holding periods

[Benjamin Ricardo]

Hi all,
Got a bit of an administrative technical question here,

Say you have a client who has had a person leave their company (not necessarily 
disgruntled).
This person happens to be an authorised contact on the account with the clients 
VOIP phone provider and cancels the account after they have left the company.
Despite the reactivation of a number being a relatively straightforward process 
(you would expect), we are told this is not so and the account can never be 
activated and the number is gone. - this is in a follow up phone call less than 
24hrs after the request for the account to be cancelled.

My question is "is there a time period that a service provider is obligated to 
hold a number after it has been cancelled by the end user?"
If the answer is yes
Then
My next question is "is there any TPG admins on list that can help? we're going 
round and round here and the clock is ticking"

As a bonus question for the keen ones "where do the numbers go when they have 
been cancelled? To number heaven?" :)

Thanks all for your assistance in advance,

Ben
[2013 logo]

Ben Ricardo | Senior Technician |  M Net&SysAdmin, MCITP-SA, CEHv8, ITIL
Australian Computer Solutions Pty Ltd | 2/28 Barralong Rd Erina NSW 2250 |
P: 02 4365 2727 or 1300-807-131 | F: 02 4365 2304 | E: 
ben.rica...@acs.com.au
Twitter: @austcompso
P Please consider the environment before printing this e-mail.






___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Cancellations and Number holding periods

[Peter Childs]

https://www.tio.com.au/about-us/position-statements/use-of-numbers-and-numbers-in-quarantine


From: AusNOG  on behalf of Benjamin Ricardo 

Date: Thursday, 31 January 2019 at 2:38 pm
To: "ausnog@lists.ausnog.net" 
Subject: [AusNOG] Cancellations and Number holding periods

Hi all,
Got a bit of an administrative technical question here,

Say you have a client who has had a person leave their company (not necessarily 
disgruntled).
This person happens to be an authorised contact on the account with the clients 
VOIP phone provider and cancels the account after they have left the company.
Despite the reactivation of a number being a relatively straightforward process 
(you would expect), we are told this is not so and the account can never be 
activated and the number is gone. – this is in a follow up phone call less than 
24hrs after the request for the account to be cancelled.

My question is “is there a time period that a service provider is obligated to 
hold a number after it has been cancelled by the end user?”
If the answer is yes
Then
My next question is “is there any TPG admins on list that can help? we’re going 
round and round here and the clock is ticking”

As a bonus question for the keen ones “where do the numbers go when they have 
been cancelled? To number heaven?” ☺

Thanks all for your assistance in advance,

Ben
[2013 logo]

Ben Ricardo | Senior Technician |  M Net&SysAdmin, MCITP-SA, CEHv8, ITIL
Australian Computer Solutions Pty Ltd | 2/28 Barralong Rd Erina NSW 2250 |
P: 02 4365 2727 or 1300-807-131 | F: 02 4365 2304 | E: 
ben.rica...@acs.com.au
Twitter: @austcompso
P Please consider the environment before printing this e-mail.






___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Cancellations and Number holding periods

[Philip Loenneker]

I don't know about TPG, but I know that Telstra quarantine numbers when they 
get cancelled. Not sure how long, I think it is 3 months but don't quote me on 
that. I think it has to go to their back of house team to manually grab the 
number out of quarantine.

Regards,
Philip Loenneker | Network Engineer | TasmaNet

From: AusNOG  On Behalf Of Benjamin Ricardo
Sent: Thursday, 31 January 2019 3:06 PM
To: ausnog@lists.ausnog.net
Subject: [AusNOG] Cancellations and Number holding periods

Hi all,
Got a bit of an administrative technical question here,

Say you have a client who has had a person leave their company (not necessarily 
disgruntled).
This person happens to be an authorised contact on the account with the clients 
VOIP phone provider and cancels the account after they have left the company.
Despite the reactivation of a number being a relatively straightforward process 
(you would expect), we are told this is not so and the account can never be 
activated and the number is gone. - this is in a follow up phone call less than 
24hrs after the request for the account to be cancelled.

My question is "is there a time period that a service provider is obligated to 
hold a number after it has been cancelled by the end user?"
If the answer is yes
Then
My next question is "is there any TPG admins on list that can help? we're going 
round and round here and the clock is ticking"

As a bonus question for the keen ones "where do the numbers go when they have 
been cancelled? To number heaven?" :)

Thanks all for your assistance in advance,

Ben
[2013 logo]

Ben Ricardo | Senior Technician |  M Net&SysAdmin, MCITP-SA, CEHv8, ITIL
Australian Computer Solutions Pty Ltd | 2/28 Barralong Rd Erina NSW 2250 |
P: 02 4365 2727 or 1300-807-131 | F: 02 4365 2304 | E: 
ben.rica...@acs.com.au
Twitter: @austcompso
P Please consider the environment before printing this e-mail.







___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] [article] Greens ask ScoMo to justify encryption law hurry

[Darren Moss]

Afternoon Noggers,

Interesting article in today's IT News.

https://itwire.com/government-tech-policy/85894-greens-ask-morrison-to-justify-encryption-law-hurry.html

--

The Australian Greens have asked Prime Minister Scott Morrison to provide data 
on the potential security threats that were identified and foiled over the 
Christmas break as a result of rushing the government's encryption law through 
Parliament.

Greens Digital Rights spokesperson Senator Jordon Steele-John said the 
government should justify the passage of the unprecedented powers in the bill.

He made the statement after the Inspector-General of Intelligence and Security, 
Margaret Stone, had called for more resources to monitor and scrutinise the use 
of the new powers by government agencies.

In November 2018, during hearings on what is officially known as the 
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 
2018, a number of law enforcement agencies - ASIO, the Australian Signals 
Directorate, the Australian Federal Police and Victoria Police - said the law 
needed to be 
passed
 as quickly as possible, and before Christmas, though no concrete justification 
was offered for this.

Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton 
told the media that they would be asking the Parliamentary Joint Committee on 
Intelligence and Security, which was holding hearings into the bill, to speed 
up the 
process
 and send the bill back to Parliament as soon as possible.

Senator Steele-John said: "Scott Morrison said he wanted to keep us all safe. 
Well, I want to know just how dangerous Christmas was this year for the average 
Australian.

"Either we've seen an unprecedented spike in suspicious activity over Christmas 
and New Year - as the government claimed we would - or our own security 
agencies have already succumbed to the the dangerous misuse and mission creep 
of these anti-encryption powers that the rest of us predicted!

"If our own intelligence watchdog is already calling for greater resources to 
monitor the use of these new powers then there can be no other explanation."

The Australian Security Intelligence Organisation appeared before the 
Parliamentary Joint Committee on Intelligence and Security and made its 
case
 in open committee on 26 November, with other government agencies, all of whom 
were pushing for the bill to become law before Parliament rose for the year on 
6 December.

At that time, Duncan Lewis, the head of ASIO, had to admit that there was no 
specific threat on the radar of his agency. All that he could offer was that 
Christmas is a time when the threat is generally high.

Asked why the country's threat level could not be raised, he again was forced 
to admit that to do that, ASIO would have to have knowledge of a specific 
threat.

"This anti-encryption legislation has been condemned by the UN, the Human 
Rights Commission, the Digital Rights community and Australia's tech sector at 
large. It is a threat to the online safety, security and privacy of every 
single Australian," Senator Steele-John said.

"Many technology and innovation companies have already deemed Australia 'too 
high risk' because these laws are incompatible with the European Union's 
General Data Protection Regulation.

"Furthermore, what was intended to be a national security measure will in fact 
become a national security threat, as hackers and third parties exploit the 
necessary weaknesses built into end-to-end encryption services.

"This is massive government overreach and I'm yet to see a skerrick of evidence 
to justify the need for these powers. They make a mockery of our right to 
privacy, leave us more vulnerable to cyber espionage and permanently weaken the 
existing protections we all rely on to stay safe and secure online."

The bill was 
passed
 on 6 December but just 12 days later, the PJCIS said it would begin a fresh 
review.

The new review has asked for 
submissions
 and will submit a report by 3 April.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Cancellations and Number holding periods

[Benjamin Ricardo]

Many thanks to all who have responded I am now in very good hands with this.


From: Peter Childs [mailto:peter.chi...@vocus.com.au]
Sent: Thursday, 31 January 2019 3:33 PM
To: Benjamin Ricardo ; ausnog@lists.ausnog.net
Subject: Re: [AusNOG] Cancellations and Number holding periods


https://www.tio.com.au/about-us/position-statements/use-of-numbers-and-numbers-in-quarantine


From: AusNOG 
mailto:ausnog-boun...@lists.ausnog.net>> on 
behalf of Benjamin Ricardo 
mailto:ben.rica...@acs.com.au>>
Date: Thursday, 31 January 2019 at 2:38 pm
To: "ausnog@lists.ausnog.net" 
mailto:ausnog@lists.ausnog.net>>
Subject: [AusNOG] Cancellations and Number holding periods

Hi all,
Got a bit of an administrative technical question here,

Say you have a client who has had a person leave their company (not necessarily 
disgruntled).
This person happens to be an authorised contact on the account with the clients 
VOIP phone provider and cancels the account after they have left the company.
Despite the reactivation of a number being a relatively straightforward process 
(you would expect), we are told this is not so and the account can never be 
activated and the number is gone. – this is in a follow up phone call less than 
24hrs after the request for the account to be cancelled.

My question is “is there a time period that a service provider is obligated to 
hold a number after it has been cancelled by the end user?”
If the answer is yes
Then
My next question is “is there any TPG admins on list that can help? we’re going 
round and round here and the clock is ticking”

As a bonus question for the keen ones “where do the numbers go when they have 
been cancelled? To number heaven?” ☺

Thanks all for your assistance in advance,

Ben
[2013 logo]

Ben Ricardo | Senior Technician |  M Net&SysAdmin, MCITP-SA, CEHv8, ITIL
Australian Computer Solutions Pty Ltd | 2/28 Barralong Rd Erina NSW 2250 |
P: 02 4365 2727 or 1300-807-131 | F: 02 4365 2304 | E: 
ben.rica...@acs.com.au
Twitter: @austcompso
P Please consider the environment before printing this e-mail.






___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] New voice payload issues? Vocus QLD

[Roger Lienert]

Hi All,

To close this thread, we found a couple of erroring E1's on our interconnect in 
Brisbane causing these voice quality issues, they were removed from service 
late yesterday afternoon which resolved the issue.

This fault was totally unrelated to last week's issue.

Regards,
Roger

From: Roger Lienert
Sent: Wednesday, 30 January 2019 3:58 PM
To: 'Elliott Willink' ; ausnog@lists.ausnog.net
Subject: RE: New voice payload issues? Vocus QLD

Hi Elliott,

We were able to reproduce the issue last week and then unable to reproduce once 
the issue was identified and resolved. For this reason, along with customer 
feedback, we are confident the original issue had been fixed. The fix was to 
replace a faulty module in a gateway device.

We are looking into this issue and have engaged our voice engineering team for 
further investigation, it is being treated as a real and serious issue.

The impact to your customer base is understood and we are working on 
identifying and resolving asap.


Regards,

Roger Lienert | Manager Customer Assurance - Wholesale

M: +61 404 079 779   D: +61 2 8999 8226   E: 
roger.lien...@vocus.com.au
Support:: 1300 855 845 or +61 2 8117 5909  W: 
vocus.com.au
A: Level 12, 60 Miller Street, North Sydney, NSW 2060, Australia

[ite]




From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Elliott 
Willink
Sent: Wednesday, 30 January 2019 3:00 PM
To: ausnog@lists.ausnog.net
Subject: [AusNOG] New voice payload issues? Vocus QLD


Hi All,



After incident #20495093 
(http://status.vocus.com.au/view-incident.aspx?IncidentID=475) was resolved 
last week we have had consistent reports from multiple customers of one way 
audio for inbound calls to QLD DIDs on Vocus CTS.



One way audio is always the same (inbound call, customer reports they can't 
hear calling party but calling party can hear the customer. Calling party calls 
back and the audio stream is fine). At a guess 5 to 10% of calls are impacted.



Vocus NOC initially blamed 'mobile networks not being reliable' as our example 
calls were not land-line, then packet loss in our network after we provided 
land-line examples. I captured a faulting call at an edge switch facing them 
and Vocus is sending us an empty RTP stream (payload entirely made up of 0x54 
(g711.a idle?). The faulting calls behave the same from Vocus's Melbourne and 
Sydney SBC's and are isolated just to QLD in-dials so I'm somewhat convinced 
this is some sort of flow on effect of the incident last week.



In the interests of expediting a resolution has anyone else had similar issues? 
I've had a ticket open since Friday and Vocus are telling me nobody else has 
reported anything... It's slow progress.



Thanks,



Elliott
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] ntp server issues today... strange one... clutching at straws but just in case

[Roy Adams]

Hi All, I have a domain controller *seemingly* receiving bad time info
today from 0.au.pool.ntp.org
Issuing this confirmed the time was flapping forward 30 mins, then 30 mins
later back to normal:
w32tm /query /status
It confirmed the above ntp server as the server that supplied the bad (then
good, then bad, then good etc) time
I have now changed the DC to pull instead from 3.au.pool.ntp.org.
1 hour has passed and so far so good.

Cannot say I have ever seen anything like this...
It's only occurring on one site on a windows2008r2sp1 domain controller.
The DC in turn relays this updated time to all domain members of course.
Anyone else had time issues on any sites today in Aus?


Kindly,

ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au

Please never upgrade to the latest Windows 10 - You don’t need the hassle,
and I don’t need the work.
If you think it's expensive to hire a professional to do the job, wait
until you hire an amateur - Red Adair.
Life is a journey through a series of adventures.. Live them, love them,
hate them, but never give up on your dreams, desires, and goals.
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] ntp server issues today... strange one... clutching at straws but just in case

[Roy Adams]

Thanks for the PM's offering ideas
I am tempted to set it back to 0. to debug the offending ntp pool IP, but
it was breaking all the backups among other things due to AD sync being
more than 5 mins out.

I always use the below config for domain controllers:
sc config W32Time start= auto & net start W32Time
w32tm /config /manualpeerlist:"0.au.pool.ntp.org 2.au.pool.ntp.org
3.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update & w32tm
/resync /nowait

One of the replies noted that linux sanity checks by getting ntp time from
4 servers - I wish MS were that smart.
Clearly MS are not using all the configured servers, I suspect they are
purely for failover like a DNS client.

I have just changed this site to:
w32tm /config /manualpeerlist:"3.au.pool.ntp.org" /syncfromflags:manual
/reliable:yes /update & w32tm /resync /nowait
So far so good.. still stable

All Domain members of course sync to the DC
I am not seeing this on any other sites.. all sites are cookie cutter for me


event logs confirm ONLY the change... not the server IP :(

The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.254922100Z from
‎2019‎-‎01‎-‎31T02:18:29.51480Z.

The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.25400Z from
‎2019‎-‎01‎-‎31T01:47:11.254922100Z.

The system time has changed to ‎2019‎-‎01‎-‎31T03:43:51.74700Z from
‎2019‎-‎01‎-‎31T03:12:32.312621000Z.

The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.703840400Z from
‎2019‎-‎01‎-‎31T04:07:36.10500Z.

The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.70300Z from
‎2019‎-‎01‎-‎31T03:36:17.703840400Z.

The system time has changed to ‎2019‎-‎01‎-‎31T05:41:23.07500Z from
‎2019‎-‎01‎-‎31T05:10:04.617935900Z.

The system time has changed to ‎2019‎-‎01‎-‎31T06:01:12.10700Z from
‎2019‎-‎01‎-‎31T06:01:12.10700Z.

The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.707385800Z from
‎2019‎-‎01‎-‎31T06:01:28.112628100Z.

The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.70700Z from
‎2019‎-‎01‎-‎31T05:30:09.707385800Z.

The system time has changed to ‎2019‎-‎01‎-‎31T05:39:51.77000Z from
‎2019‎-‎01‎-‎31T05:39:51.770276000Z.






Kindly,

ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au

Please never upgrade to the latest Windows 10 - You don’t need the hassle,
and I don’t need the work.
If you think it's expensive to hire a professional to do the job, wait
until you hire an amateur - Red Adair.
Life is a journey through a series of adventures.. Live them, love them,
hate them, but never give up on your dreams, desires, and goals.



On Thu, 31 Jan 2019 at 16:13, Nick Stallman  wrote:

> Do you know which server specifically? The ntp pools hand out random NTP
> server IPs, it's not a fixed server.
>
> I'm not a Windows server admin, but this would likely be why Linux
> connects to ~4 NTP servers so it can disregard dodgy servers.
> On 31/1/19 5:09 pm, Roy Adams wrote:
>
> Hi All, I have a domain controller *seemingly* receiving bad time info
> today from 0.au.pool.ntp.org
> Issuing this confirmed the time was flapping forward 30 mins, then 30 mins
> later back to normal:
> w32tm /query /status
> It confirmed the above ntp server as the server that supplied the bad
> (then good, then bad, then good etc) time
> I have now changed the DC to pull instead from 3.au.pool.ntp.org.
> 1 hour has passed and so far so good.
>
> Cannot say I have ever seen anything like this...
> It's only occurring on one site on a windows2008r2sp1 domain controller.
> The DC in turn relays this updated time to all domain members of course.
> Anyone else had time issues on any sites today in Aus?
>
>
> Kindly,
>
> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
> https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au
> 
> Please never upgrade to the latest Windows 10 - You don’t need the hassle,
> and I don’t need the work.
> If you think it's expensive to hire a professional to do the job, wait
> until you hire an amateur - Red Adair.
> Life is a journey through a series of adventures.. Live them, love them,
> hate them, but never give up on your dreams, desires, and goals.
>
>
> ___
> AusNOG mailing 
> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
> --
> Nick Stallman
> Technical Director
> [image: Email] n...@agentpoint.com
> [image: Phone] 02 8039 6820 <0280396820>
> [image: Website] www.agentpoint.com.au
> [image: Agentpoint] 
> [image: Netpoint] 
> Level 3, 100 Harris Street, Pyrmont NSW 2009 [image: Facebook]
>  [image: Twitter]
>  [image: Instagram]
>  [image: Linkedin]
> 
>
___
AusNOG mailing li

Re: [AusNOG] ntp server issues today... strange one... clutching at straws but just in case

[Jasper Relph]

As has probably already been said via PM to you. pool.ntp.org uses "random" servers. I note that you say the error logs do not show the server that sent the bad time. Are you able to pull this from firewall logs perhaps?Kind Regards,Jasper Relph On Jan 31, 2019 17:32, Roy Adams  wrote:Thanks for the PM's offering ideasI am tempted to set it back to 0. to debug the offending ntp pool IP, but it was breaking all the backups among other things due to AD sync being more than 5 mins out.I always use the below config for domain controllers:sc config W32Time start= auto & net start W32Timew32tm /config /manualpeerlist:"0.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update & w32tm /resync /nowaitOne of the replies noted that linux sanity checks by getting ntp time from 4 servers - I wish MS were that smart.Clearly MS are not using all the configured servers, I suspect they are purely for failover like a DNS client.I have just changed this site to:w32tm /config /manualpeerlist:"3.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update & w32tm /resync /nowaitSo far so good.. still stableAll Domain members of course sync to the DCI am not seeing this on any other sites.. all sites are cookie cutter for meevent logs confirm ONLY the change... not the server IP :(





The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.254922100Z from ‎2019‎-‎01‎-‎31T02:18:29.51480Z.





The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.25400Z from ‎2019‎-‎01‎-‎31T01:47:11.254922100Z.





The system time has changed to ‎2019‎-‎01‎-‎31T03:43:51.74700Z from ‎2019‎-‎01‎-‎31T03:12:32.312621000Z.





The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.703840400Z from ‎2019‎-‎01‎-‎31T04:07:36.10500Z.





The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.70300Z from ‎2019‎-‎01‎-‎31T03:36:17.703840400Z.





The system time has changed to ‎2019‎-‎01‎-‎31T05:41:23.07500Z from ‎2019‎-‎01‎-‎31T05:10:04.617935900Z.





The system time has changed to ‎2019‎-‎01‎-‎31T06:01:12.10700Z from ‎2019‎-‎01‎-‎31T06:01:12.10700Z.





The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.707385800Z from ‎2019‎-‎01‎-‎31T06:01:28.112628100Z.





The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.70700Z from ‎2019‎-‎01‎-‎31T05:30:09.707385800Z.





The system time has changed to ‎2019‎-‎01‎-‎31T05:39:51.77000Z from ‎2019‎-‎01‎-‎31T05:39:51.770276000Z.Kindly,ROY ADAMS | P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki: https://ex.racs.com.au:444/ | eMail: mailto:roy@racs.com.auPlease never upgrade to the latest Windows 10 - You don’t need the hassle, and I don’t need the work.If you think it's expensive to hire a professional to do the job, wait until you hire an amateur - Red Adair.Life is a journey through a series of adventures.. Live them, love them, hate them, but never give up on your dreams, desires, and goals.On Thu, 31 Jan 2019 at 16:13, Nick Stallman  wrote:
  

  
  
Do you know which server specifically? The ntp pools hand out
  random NTP server IPs, it's not a fixed server.
I'm not a Windows server admin, but this would likely be why
  Linux connects to ~4 NTP servers so it can disregard dodgy
  servers.

On 31/1/19 5:09 pm, Roy Adams wrote:


  
  

  

  Hi
All, I have a domain controller seemingly
receiving bad time info today from 0.au.pool.ntp.org
  Issuing
this confirmed the time was flapping forward 30 mins,
then 30 mins later back to normal:
  
  w32tm /query /status
  
  It confirmed the above ntp server as the
  server that supplied the bad (then good, then bad,
  then good etc) time
  I have now changed the DC to pull instead
  from 3.au.pool.ntp.org.
  1 hour has
  passed and so far so good.
  

  

  

  

  

  

  

  

  

  Cannot
say I have ever seen
anything like