nanog mailing list archives
Re: large organization nameservers sending icmp packets to dns servers.
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Tue, 7 Aug 2007 16:10:17 -0400
On Aug 7, 2007, at 3:45 PM, Valdis.Kletnieks () vt edu wrote:
On Tue, 07 Aug 2007 14:38:06 EDT, "Patrick W. Gilmore" said:In addition, any UDP truncated response needs to be retried via TCP- blocking it would cause a variety of problems.Since we are talking about authorities here, one can control the size of ones responses.Barely.
[SNIP]The point is, if you are the authority, you know how big the packet is. If you know it ain't over 512, then you don't need TCP.
Or are you saying you do? Wouldn't it be 'incredibly stupid' for recursive servers to -require- TCP, even for < 512 byte packets?
Unless, of course, you are so incredibly stupid you can't figure out the difference between an authority and a caching server.I wish people would keep straight what direction they're doing the measurement,and for who's benefit.If *XYZ* wants to find which of their servers I'm closest to, they'll most likely be poking at my *caching* nameservers, because that's where my recursivequery arrived from[1].So we're *not* talking about authorities here. We're talking about DNS servers that are quite possibly configured to not talk, or give only partial results via UDP, to queries coming from outside the provider's network (after all, those people probably *should* be using *their* provider's caching DNS, right?)
Interesting. You are suggesting that as a content provider, one should rely on measurements from random caching name servers around the Internet, many of which you admit yourself are configured not to respond to addresses outside their network? Pardon me for not considering an idea you admit yourself wouldn't work.
But you are right, I totally missed that part of the conversation. Mea Culpa.
And in case anyone wasn't clear, yes, of course, running a recursive server that doesn't accept TCP53 will probably result in missing data your users want occasionally.
As for being "incredibly stupid", well, as I have said in private, calling a bunch of people rude names without even asking them why they are doing what you think is so stupid is .. uh .. probably not very bright. :) Unless, of course, you want everyone else passing judgement on how you run your network without asking.
-- TTFN, patrick
Current thread:
- RE: large organization nameservers sending icmp packets to dns servers., (continued)
- RE: large organization nameservers sending icmp packets to dns servers. David Schwartz (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 08)
- RE: large organization nameservers sending icmp packets to dns servers. Jason J. W. Williams (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Kevin Oberman (Aug 08)
- Industry best practices (was Re: large organization nameservers sending icmp packets to dns servers) Sean Donelan (Aug 08)
- Re: Industry best practices (was Re: large organization nameservers sending icmp packets to dns servers) Doug Barton (Aug 09)
- Re: Industry best practices (was Re: large organization nameservers Paul Vixie (Aug 09)
- Re: Industry best practices (was Re: large organization nameservers Sean Donelan (Aug 11)
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Donald Stahl (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Steve Gibbard (Aug 07)
- Re: large organization nameservers sending icmp packets to dns servers. Andrew Sullivan (Aug 07)
- RE: large organization nameservers sending icmp packets to dns servers. Jamie Bowden (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. Adrian Chadd (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. Joe Abley (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. David Conrad (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. Doug Barton (Aug 09)
- Re: large organization nameservers sending icmp packets to dns servers. Matthew Black (Aug 10)
- Re: large organization nameservers sending icmp packets to dns servers. Chris L. Morrow (Aug 07)