Authoritative Resources for Public DNS Pinging
Łukasz Bromirski
lukasz at bromirski.net
Wed Feb 9 14:53:15 UTC 2022
Yup. And Google folks accounted for the world pinging them all day long.
I wouldn't call using DNS resolvers as best "am I connected to internet over this interface" tool though. A day, year or 5 years from now the same team may decide to drop/filter and then thousands of hardcoded "handmade automation solutions" will break. And I believe that's closer to what Masataka was trying to convey.
—
Łukasz Bromirski
> On 9 Feb 2022, at 14:23, Mark Tinka <mark at tinka.africa> wrote:
>
>> On 2/9/22 15:00, Masataka Ohta wrote:
>>
>>
>> Wrong. It is not bad, at least not so bad, pinging properly
>> anycast DNS servers.
>>
>> The point of anycast is resistance to DDoS.
>>
>> But, relying on hard coded 8.8.8.8 is not a good idea because
>> DNS service of the address may be terminated.
>>
>> Instead, properly anycast root name servers are authoritative
>> resources provided for public DNS queries which can be used for
>> pinging, though pinging so with ICMP should be less painful
>> for the servers.
>
> That's like saying you won't have an egg for dinner because it's typically had for breakfast.
>
> Users don't care what infrastructure has been designated for. If they can find another use for it other than designed, which serves their interests, they will use it.
>
> We need to allow, and account, for that.
>
> Mark.
More information about the NANOG
mailing list