large organization nameservers sending icmp packets to dns servers.

Owen DeLong owen at
Mon Aug 6 16:46:25 UTC 2007

On Aug 6, 2007, at 9:13 AM, Leigh Porter wrote:

> But why would they care where the nameserver is? Point 2 would seem to
> be a little stupid a thing to assume. Also, what happens if, at that
> moment, the ICMP packet is stuck in a queue for a few ms making the
> shortest route longer.
While point 2 is a bad assertion if you depend completely upon it, it's
not necessarily a bad starting point if you have no other data to go on.

1.	90+% of resolvers are topologically proximate to either the
	requestor, or, the requestors NAT box that you will have to
	talk to anyway.

2.	At the GLB level, you really don't have any data other than the
	IP address of the resolver upon which to base your GLB decision.
	Since you'll be right 90+% of the time, and, only sub-optimal,
	not broken the other <10% of the time, it generally works OK.

3.	When I worked for Netli, before they were acquired in what I would
	call a much less than ethical transaction, we maintained an
	exception table for cases where we learned that the DNS
	resolver was not topologically proximate to the requestors
	that flowed through it.  We also spent a fair amount of time
	explaining the benefits of having the resolver be topologically
	proximate to our customers and their customers.

The Netli system was designed to be quite gentle in the amount of
probing it did, but, we did occasionally get messages from people
with paranoid IDS boxes.  Usually, once we explained that our
efforts were directed at improving the quality of service to their
users, and how the system worked and how little traffic we sent
their way to accomplish this, they were happy to reconfigure their
alarm preferences.

I don't have first hand knowledge of anyone elses use of these
kinds of ICMP probes, but, I would say that generally, they are
somewhat useful and mostly harmless.


More information about the NANOG mailing list