Authoritative Resources for Public DNS Pinging

Grant Taylor gtaylor at tnetconsulting.net
Fri Feb 11 16:35:23 UTC 2022


On 2/11/22 7:58 AM, Jon Lewis wrote:
> 8.8.8.8 is already anycasted.  What if each large ISP (for whatever 
> definition of large floats your boat) setup their own internal 
> instance(s) of 8.8.8.8 with a caching DNS server listening, and handled 
> the traffic without bothering GOOG?

I've pontificated doing this.  On one hand I think it's a neat technical 
solution.  On the other hand I think how ... displeased I would be if 
someone were to anycast one of my services without my knowledge, much 
less consent for them to do so.  Thus I've never done it where I had a 
choice.

I believe that anycasting resources from another organization /without/ 
their consent is a hard fail and non-starter.  Independent of how pure 
the intentions are.

> For users using 8.8.8.8 as a lighthouse, this would change the meaning 
> of their test...i.e. a response means their connection to their ISP is 
> up, and the ISP's network works at least enough to reach an internal 
> 8.8.8.8, but the question of their connectivity to the rest of the 
> Internet would be unanswered.

I say "where I had a choice" because I have anycasted 8.8.8.8 (for ICMP 
and DNS) in an offline lab ~> D.R. exercise environment /explicitly/ 
because other systems therein had been configured to test reach ability 
to 8.8.8.8 et al.  Thus my hand was forced /inside/ the D.R. environment.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220211/579e0bcc/attachment.bin>


More information about the NANOG mailing list