Authoritative Resources for Public DNS Pinging
Mark Tinka
mark at tinka.africa
Sat Feb 12 09:13:43 UTC 2022
On 2/11/22 15:33, Tom Beecher wrote:
> I respectfully strongly disagree on 'need'.
>
> Let's perform a thought experiment. Assert that 8.8.8.8 was expressly
> codified by Google to be a designated ICMP endpoint, and that for 100%
> of ICMP echo requests they receive, they guarantee an echo-reply will
> be sent. There are countless reasons , even with that (unreasonable)
> assumption of 100% uptime of the endpoint, that echo-requests may not
> reach them, or that echo-replies may be sent but not reach the
> originating source. Extend this idea even further. Assert that it is
> now not just Google running it, and the largest networks in the world
> all agree to anycast it from their networks.Assert is still guaranteed
> to respond to 100% if all echo requests it receives, wherever it
> receives. ( An even more unreasonable assertion than before!) There
> are STILL countless reasons why an endpoint may, at times, have that
> simple ICMP check fail.
>
> The prediciate assumption that "pinging one destination is a valid
> check that my internet works' is INCORRECT. There is no magical
> unicorn that could be built that could make that true, and 'they're
> gonna do it anyways' is a poor excuse to even consider it.
>
> This is a mistake many of us have made. I'll openly admit I made it 20
> years ago. Like someone on the outages list I think mentioned, I had
> built a couple SLA checks that triggered some routing changes to occur
> based on their status, and I thought I was super hot shit. Until I had
> to drive an hour through a blizzard to bring my routers back up after
> my incorrect assumptions knocked my entire company (an ISP) offline.
> Sometimes these are lessons people need to learn, but it's also
> helpful to point out to others why what they are trying to do is a bad
> idea so they can( if they chose to) learn from our prior mistakes.
I said "liveliness detection", not that "is the Internet working?".
The most basic thing is to check that the link between your device and
your ISP is working, and a simple ping (of 8.8.8.8, nowadays) is
typical, either by hand, or by your CPE. It does not guarantee that the
rest of the Internet is alive, but it does tell you that if there is a
problem further upstream, it's not yours, but likely either your ISP's,
or the remote network you are trying to reach.
There is a need for that. It just so happens that 8.8.8.8 fills that
need, at present. If 8.8.8.8 goes away, folk will find something else to
use for first-line liveliness detection.
Mark.
More information about the NANOG
mailing list