nanog mailing list archives
Re: large organization nameservers sending icmp packets to dns servers.
From: Simon Waters <simonw () zynet net>
Date: Mon, 6 Aug 2007 17:00:24 +0100
On Monday 06 August 2007 16:53, Drew Weaver wrote:
Is it a fairly normal practice for large companies such as Yahoo! And Mozilla to send icmp/ping packets to DNS servers? If so, why?
Some of the DNS load balancing schemes do this, I assume to work out how far away your server is so they can give geographically relevant answers. If you are geographically close to your recursive name server, it might even work.
And a related question would be from a service provider standpoint is there any reason to deny ICMP/PING packets to name servers within your organization?
I tend to favour filtering some types of ICMP packets and not others, the packets required for ping hold little fear for me (and are kind of useful), but YMMV. My ICMP filtering experience is not DNS specific, you might be able to do better with DNS server specific rule, but that is too much like micromanagement for me, others may know a lot more on this.
Current thread:
- Re: large organization nameservers sending icmp packets to dns servers., (continued)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 08)
- Re: large organization nameservers sending icmp packets to dns servers. Stephane Bortzmeyer (Aug 09)
- Re: large organization nameservers sending icmp packets to dns servers. Chris L. Morrow (Aug 10)
- Re: large organization nameservers sending icmp packets to dns servers. Duane Wessels (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Steve Atkins (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Leigh Porter (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Owen DeLong (Aug 06)
- Message not available
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 09)
- Re: large organization nameservers sending icmp packets to dns servers. Crist Clark (Aug 10)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 10)