nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: large organization nameservers sending icmp packets to dns servers.

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Mon, 6 Aug 2007 12:13:03 -0400

On Mon, 06 Aug 2007 11:57:08 -0400
Valdis.Kletnieks () vt edu wrote:


On Mon, 06 Aug 2007 11:53:15 EDT, Drew Weaver said:

Is it a fairly normal practice for large companies such as Yahoo!
And Mozilla to send icmp/ping packets to DNS servers? If so, why?


Sounds like one of the global-scale load balancers - when you do a
(presumably) recursive DNS lookup of one of their hosts, they'll ping
the nameserver from several locations and see which one gets an
answer the fastest.

Yes, it's a semi-borkken strategy, because it assumes that:

1) ICMP is handled at the same rate as TCP/UDP packets in all the
routers involved (so there's no danger of declaring a path "slow"
when it really isn't, just becase a router slow-pathed ICMP).


This is aimed at hosts, not routers, right?  As far as I know, routers
don't slow-path forwarded ICMP.  Hosts will probably reply to ICMP from
their kernel, so it's a faster response than a user-level DNS reply.


2) That the actual requester of service is reasonably near net-wise
to the server handling the end-user's recursive DNS lookup.


Right.  But there's no particular reason to block it, unless the rate
is high enough that it's causing you CPU or network load problems.  (If
it's your IDS that's getting overloaded, perhaps tell it not to worry
unless you see other load issues...)


                --Steve Bellovin, http://www.cs.columbia.edu/~smb
Previous By Date Next
Previous By Thread Next

Current thread: