Re: Authoritative Resources for Public DNS Pinging

[Grant Taylor via NANOG <nanog () nanog org>]

On 2/11/22 7:58 AM, Jon Lewis wrote:
> 8.8.8.8 is already anycasted.  What if each large ISP (for whatever 
> definition of large floats your boat) setup their own internal 
> instance(s) of 8.8.8.8 with a caching DNS server listening, and handled 
> the traffic without bothering GOOG?

I've pontificated doing this.  On one hand I think it's a neat technical 
solution.  On the other hand I think how ... displeased I would be if 
someone were to anycast one of my services without my knowledge, much 
less consent for them to do so.  Thus I've never done it where I had a 
choice.

I believe that anycasting resources from another organization /without/ 
their consent is a hard fail and non-starter.  Independent of how pure 
the intentions are.

> For users using 8.8.8.8 as a lighthouse, this would change the meaning 
> of their test...i.e. a response means their connection to their ISP is 
> up, and the ISP's network works at least enough to reach an internal 
> 8.8.8.8, but the question of their connectivity to the rest of the 
> Internet would be unanswered.

I say "where I had a choice" because I have anycasted 8.8.8.8 (for ICMP 
and DNS) in an offline lab ~> D.R. exercise environment /explicitly/ 
because other systems therein had been configured to test reach ability 
to 8.8.8.8 et al.  Thus my hand was forced /inside/ the D.R. environment.



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature