large organization nameservers sending icmp packets to dns servers.

matthew zeier mrz at velvet.org
Mon Aug 6 16:07:30 UTC 2007



Drew Weaver wrote:
> Is it a fairly normal practice for large companies such as Yahoo! And
> Mozilla to send icmp/ping packets to DNS servers? If so, why? And a
> related question would be from a service provider standpoint is there
> any reason to deny ICMP/PING packets to name servers within your
> organization?

Wearing my Mozilla hat here...

I blogged about this (blog.mozilla.com/mrz, somewhere there) and Asa 
blog'd about it over at 
http://weblogs.mozillazine.org/asa/archives/2007/03/trying_to_load.html .

Mozilla uses Citrix Netscalers and we're currently using dynamic 
proximity for load balancing between data centers.

After Asa's post, we found poorly documentation that led to 
misconfiguration of the probe settings.  I've cut down the number of 
probes (default was icmp, udp and tcp:80 to a nameserver) and instead of 
the ~10 complaints a day I was getting, I get many one a month.

If you're still annoyed by the probes, ping me off-list.

- mz




More information about the NANOG mailing list