Anyone seeing ping corruption?

Lukas Tribus lukas at ltri.eu
Tue Dec 21 08:34:55 UTC 2021


On Tue, 21 Dec 2021 at 08:11, Hank Nussbacher <hank at interall.co.il> wrote:
> > Out of curiosity - does anyone know why Google is truncating ICMP
> > responses ?
>
> As Google has stated in many forums and I quote:
> "Google Public DNS is a Domain Name System service, not an ICMP network
> testing service."

The core issue is that many watchdogs implemented in all kinds of
devices use ICMP for health checking (and just one host), as opposed
to DNS or HTTP services of multiple hosts. Those users have to point
their watchdogs somewhere, and "ping.crappy-iot-vendor.com" just
sounds less reliable (and probably is), then one of those quad8. quad1
or quad9 services.

It's obvious that it's not a DNS Servers job to respond to ICMP
requests, and under DoS they'd probably rate-limit it.


I think Google choice makes sense, at least it does not allow 1:1
reflection at big sizes.

Nobody is interested in running reliable anycast ICMP responders on
the internet, after all, no useful data can be collected with it.
Device vendors will keep shipping code with watchdogs that can only
ping a single host, so users will keep putting DNS servers in there.



Lukas


More information about the NANOG mailing list