@IndianCERT Not just the whole country, even MNCs with infra in other countries need to rely on these servers because...

"it is to be ensured that their time source shall not deviate from NPL and NIC"

From cert-in.org.in/PDF/CERT-In_Di…

@IndianCERT The National Informatics Centre @NICMeity NTP server is pretty much impossible to find.

Searching for "NTP" or "NTP Server" on all nic.in sites shows nothing except some old magazine articles that they've archived in their "library"(which BTW doesn't use HTTPS)

Searching for "Network Time Server" on nic.in sites throws up some Directorate of Coordination Police Wireless and Indian Navy tenders/handbooks and even NCERT textbooks.

*NOTHING* about these all important NTP servers that the whole country is supposed to use.

National Physical Laboratory @CSIR_NPL has relatively easy to find page for their NTP servers.

nplindia.in/clockcode/html…

And this gimmicky clock page which would have been cool in the 90s but doesn't account for 21st century browser privacy settings.

nplindia.in/clockcode/html…

So we now have one of the two recommended NTP servers the nation is supposed to use - time.nplindia.org

Let's try guessing the other NTP server...

There's a DNS entry for ntp.nic.in but it doesn't work! #DigtialIndia

These NTP servers are IPv4 only. There are no AAAA records.

So if your infra is on IPv6 you cannot sync with these time servers.

Guess @CSIR_NPL and @NICMeity aren't taking the @DoT_India IPv6 transition timeline seriously because they have been constantly kicked down the road for many many years now.

Let's see what happens on 30th June.

dot.gov.in/sites/default/…

Oh well forget IPv6...

2 out of 3 of @CSIR_NPL's NTP servers are down!

And if ntp.nic.in is the @NICMeity NTP server, that is down too.

Effectively 3 out of 4 NTP server IPs that the country is supposed to use are unusable. #DigitalIndia #FAIL

@CSIR_NPL @NICMeity If this stupid #AtmanirbharNPT rule was implemented at present...

The whole country's NTP traffic would be directed to just one IP address - 14.139.60.102

(And no it isn't anycasted.)

@CSIR_NPL @NICMeity Also these are the 3 @CSIR_NPL NTP servers

14.139.60.107
14.139.60.106
14.139.60.102

All of them are on the same NKN /24 subnet.

A subset of which has been assigned to NPL.

@CSIR_NPL @NICMeity Detailed @CSIR_NPL NTP server status...

14.139.60.106 - Unresponsive.

14.139.60.107 - Unreachable!(Machine powered off?)

15:36:07.646780 IP 14.139.60.97 > 192.168.1.4: ICMP host 14.139.60.107 unreachable, length 84

14.139.60.102 - Up & Running.
#DigitalIndia

@CSIR_NPL @NICMeity The routing to all 4 IP addresses seems to be a mess too.

Traffic from an Airtel IP to NKN/NPL goes via Jio.

Does NKN not peer with NIXI?

How much is Jio being paid for this transit?

Traceroute to 14.139.60.102

@CSIR_NPL @NICMeity Traffic from Airtel IP to @NICMeity's ntp.nic.in also transits Jio.

Last hop - 49.44.220.188

inetnum: 49.32.0.0 - 49.47.255.255
netname: RELIANCEJIO-IN
descr: Reliance Jio Infocomm Limited
country: IN
org: ORG-RJIL1-AP

Thanks to a Twitter troll, I had to stop being lazy and look up National Knowledge Network/ NKN's peers and upstreams.

Jio has indeed landed a monopoly of sorts as the only ISP peer/upstream for the
NKN INTERNET GATEWAY NETWORK.

bgp.tools/as/9885#connec…

The official FAQ has finally made @NICMeity's NTP servers public. (h/t @ncrguys)

samay1.nic.in 164.100.255.122

samay2.nic.in 164.100.255.123

Why couldn't they just have samay.nic.in pointing to the 2 IPs is beyond me.

Also #stopHindiImposition?

Also @NICMeity's NTP server name that I had discovered and wasn't functional/responding when the rules were released. ntp.nic.in has been updated and points to samay1.nic.in IP.

So it wasn't some secure/secret/private NTP server.