nanog mailing list archives

Re: large organization nameservers sending icmp packets to dns servers.

From: John Kristoff <jtk () ultradns net>
Date: Fri, 10 Aug 2007 21:55:16 -0500


On Fri, 10 Aug 2007 16:11:04 -0700
Douglas Otis <dotis () mail-abuse org> wrote:

TCP offers a means to escape UDP related issues.  On the other hand,  
blocking TCP may offer the necessary motivation for having these UDP  
issues fixed.  After all, only UDP should be required.  When TCP is  
designed to readily fail, reliance upon TCP seems questionable.  As  
DNSSEC in introduced, TCP could be relied upon in the growing number  
of instances where UDP is improperly handled.


As a datapoint I ran some tests against a reasonably diverse and
sizeable TLD zone I work with in another forum.  I queried the name
servers listed in the parent to see if I could successfuly query
them for their corresponding domain name they are configured for
using TCP.  Out of about 9,300 unique name servers I failed to
receive any answer from about 1700 of them.  That is a bit more
than an 18% failure rate.

John

Current thread:

Re: large organization nameservers sending icmp packets to dns servers., (continued)
- - - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Roland Dobbins (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. John Kristoff (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. David Conrad (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 07)
    - RE: large organization nameservers sending icmp packets to dns servers. David Schwartz (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 08)
    - RE: large organization nameservers sending icmp packets to dns servers. Jason J. W. Williams (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Kevin Oberman (Aug 08)
    - Industry best practices (was Re: large organization nameservers sending icmp packets to dns servers) Sean Donelan (Aug 08)
    - Re: Industry best practices (was Re: large organization nameservers sending icmp packets to dns servers) Doug Barton (Aug 09)
    - Re: Industry best practices (was Re: large organization nameservers Paul Vixie (Aug 09)

(Thread continues...)