Authoritative Resources for Public DNS Pinging

Joe Greco jgreco at ns.sol.net
Fri Feb 11 16:10:31 UTC 2022


On Fri, Feb 11, 2022 at 09:58:19AM -0500, Jon Lewis wrote:
> So...here's a pair of "what if"s:
> 
> What if instead of pinging 8.8.8.8, all these things using it to "test the 
> Internet" sent it DNS requests instead?  i.e.
> GOOG=$(dig +short @8.8.8.8 google.com)
> if [ -z "$GOOG" ] ; then
>   echo FAIL
> fi 
> Would that make things better or worse for GOOG (Trading lots more DNS 
> requests for the ICMP echo requests)?


ping is relatively ubiquitous.  There are certainly platforms on which
it isn't installed, but compare/contrast to the DNS options.  Is it
host?  nslookup?  dig?  No tool?

"ping internet" or "ping 8.8.8.8" are fairly straightforward by
comparison. 

> 8.8.8.8 is already anycasted.  What if each large ISP (for whatever 
> definition of large floats your boat) setup their own internal instance(s) 
> of 8.8.8.8 with a caching DNS server listening, and handled the traffic 
> without bothering GOOG?  For users using 8.8.8.8 as a lighthouse, this 
> would change the meaning of their test...i.e. a response means their 
> connection to their ISP is up, and the ISP's network works at least enough 
> to reach an internal 8.8.8.8, but the question of their connectivity to 
> the rest of the Internet would be unanswered.

Certainly that is true.  Hijacking of any mechanism is a potential risk.
Tying it into the DNS somehow at least introduces the opportunity for
DNSSEC to reduce the chance of an ISP to muck with the intended result.

We could even call it the Enhanced Link Verification Internet Service.

"ping elvis"  :-P

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"The strain of anti-intellectualism has been a constant thread winding its way
through our political and cultural life, nurtured by the false notion that
democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov


More information about the NANOG mailing list