large organization nameservers sending icmp packets to dns servers.
Patrick W. Gilmore
patrick at ianai.net
Tue Aug 7 20:10:17 UTC 2007
On Aug 7, 2007, at 3:45 PM, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 07 Aug 2007 14:38:06 EDT, "Patrick W. Gilmore" said:
>>> In addition, any UDP truncated response needs to be retried via
>>> TCP- blocking it would cause a variety of problems.
>
>> Since we are talking about authorities here, one can control the size
>> of ones responses.
>
> Barely.
[SNIP]
The point is, if you are the authority, you know how big the packet
is. If you know it ain't over 512, then you don't need TCP.
Or are you saying you do? Wouldn't it be 'incredibly stupid' for
recursive servers to -require- TCP, even for < 512 byte packets?
>> Unless, of course, you are so incredibly stupid you can't figure out
>> the difference between an authority and a caching server.
>
> I wish people would keep straight what direction they're doing the
> measurement,
> and for who's benefit.
>
> If *XYZ* wants to find which of their servers I'm closest to,
> they'll most
> likely be poking at my *caching* nameservers, because that's where
> my recursive
> query arrived from[1].
>
> So we're *not* talking about authorities here. We're talking about
> DNS servers
> that are quite possibly configured to not talk, or give only
> partial results
> via UDP, to queries coming from outside the provider's network
> (after all,
> those people probably *should* be using *their* provider's caching
> DNS, right?)
Interesting. You are suggesting that as a content provider, one
should rely on measurements from random caching name servers around
the Internet, many of which you admit yourself are configured not to
respond to addresses outside their network? Pardon me for not
considering an idea you admit yourself wouldn't work.
But you are right, I totally missed that part of the conversation.
Mea Culpa.
And in case anyone wasn't clear, yes, of course, running a recursive
server that doesn't accept TCP53 will probably result in missing data
your users want occasionally.
As for being "incredibly stupid", well, as I have said in private,
calling a bunch of people rude names without even asking them why
they are doing what you think is so stupid is .. uh .. probably not
very bright. :) Unless, of course, you want everyone else passing
judgement on how you run your network without asking.
--
TTFN,
patrick
More information about the NANOG
mailing list