I am getting sent multiple queries from opnsense NTP servers, not NTP, any ideas what thats about?
Like 5 to 10 every few minutes
What do you mean by "opnsense NTP servers" and which device is "I" in this context? Can you show the queries, e.g. from the firewall live log or a packet trace?
Doing more packet captures I dont think they are opnsense servers
There is a dns zone transfer going on
Need to turn off ntp
ok I have managed to stop the NTP servers
And it has ruled out anything to do with the opnsense NTP servers
It has to do with XID IPv6 solicits
The unsolicited servers and later websites are coming after IPv6 XID solicits
There is no response to them
I will have to find a way to shut that down
I know its RFC, its a known haven for hacking, not used, and everyone is wondering what it is still doing on the net
Something upstream has been tampered with, find out when I stop XID
How do they alter my DNS settings, within opnsense, which then alters NTP servers
I have gotten DHCP handshake to look more normal, the DORA handshake although it skips the offer packet
and the DHCP(correct one) server sends an ack
still more work to do