|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: large organization nameservers sending icmp packets to dns servers.
Drew Weaver wrote: Is it a fairly normal practice for large companies such as Yahoo! And Mozilla to send icmp/ping packets to DNS servers? If so, why? And a related question would be from a service provider standpoint is there any reason to deny ICMP/PING packets to name servers within your organization? Wearing my Mozilla hat here... I blogged about this (blog.mozilla.com/mrz, somewhere there) and Asa blog'd about it over at http://weblogs.mozillazine.org/asa/archives/2007/03/trying_to_load.html . Mozilla uses Citrix Netscalers and we're currently using dynamic proximity for load balancing between data centers. After Asa's post, we found poorly documentation that led to misconfiguration of the probe settings. I've cut down the number of probes (default was icmp, udp and tcp:80 to a nameserver) and instead of the ~10 complaints a day I was getting, I get many one a month. If you're still annoyed by the probes, ping me off-list. - mz
|