Dirk Steins1d ago
Andy Smith

If you work at Amazon, Google or Microsoft, the NTP Pool project could do with some sponsorship. Its core DNS infra is partially run by volunteers and one of them recently breached trust to meddle with DNS serving. The project would like to not have to rely on volunteers for this.

https://community.ntppool.org/t/dns-configuration-tampering-on-one-of-our-geodns-servers/4300/35

DNS configuration tampering on one of our GeoDNS servers

I think you identified the root of the problem: our DNS servers are quite hardened but there are some attack vectors that we just can’t stop if the attacker has control of the machine/VM. That being said, we currently lack the funding to rent all of our own infrastructure. geodns is fairly lightweight but I estimate that it would still represent around $5K-$10K per year in hosting, just for the DNS. If anyone has established contacts at AWS, Azure or Google Cloud, having a sponsorship from th...

NTP Pool Project
Apr 6 at 11:07pmWeb
Show threadAndy Smith18h ago

This received a lot more boosts than I thought it would. If you are looking to help, the NTP Pool project's main developer / maintainer since 2005 is Ask Bjørn Hansen.

As far as I understand the core of its infra (DNS, monitoring, server DB etc) is run by Ask and a couple of trusted others and they would like direct sponsorship of things like some virtual machines so they don't have to rely on individual volunteers for any of that part.

https://www.askask.com/contact/

Hello, write to me - Ask Bjørn Hansen

Show threadScott Francis19h ago
@LaF0rge thanks for boosting this; I realized I know the primary maintainer from my IRC #perl days and have reached out to offer some help
Show threadNico🦆17h ago
@grifferz honestly, I prefer a volunteer run organisation over one backed by a few big corps
Show threadAndy Smith17h ago
@nicoduck
Sure, but I think the issue here is that they got too desperate for DNS nodes so allowed a relative newcomer to buy a VPS and gift it to them. That person then logged in to it and meddled with DNS serving as part of their own unauthorised experiments. So, they would rather have a more direct relationship between the smaller group of longstanding volunteers and the hosting provider.
Show threadChristian Berger DECT 276317h ago
@grifferz Yeah, though Amazon, Google and Microsoft actually are companies known for intentionally tampering with NTP to work around software bugs in theirs systems.I'm not sure how much they even like the NTP Pool Project.