North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: large organization nameservers sending icmp packets to dns servers.

  • From: Patrick W. Gilmore
  • Date: Tue Aug 07 16:14:38 2007


On Aug 7, 2007, at 3:45 PM, [email protected] wrote:


On Tue, 07 Aug 2007 14:38:06 EDT, "Patrick W. Gilmore" said:
In addition, any UDP truncated response needs to be retried via
TCP- blocking it would cause a variety of problems.

Since we are talking about authorities here, one can control the size
of ones responses.

Barely.

[SNIP]


The point is, if you are the authority, you know how big the packet is. If you know it ain't over 512, then you don't need TCP.

Or are you saying you do? Wouldn't it be 'incredibly stupid' for recursive servers to -require- TCP, even for < 512 byte packets?



Unless, of course, you are so incredibly stupid you can't figure out
the difference between an authority and a caching server.

I wish people would keep straight what direction they're doing the measurement,
and for who's benefit.


If *XYZ* wants to find which of their servers I'm closest to, they'll most
likely be poking at my *caching* nameservers, because that's where my recursive
query arrived from[1].


So we're *not* talking about authorities here. We're talking about DNS servers
that are quite possibly configured to not talk, or give only partial results
via UDP, to queries coming from outside the provider's network (after all,
those people probably *should* be using *their* provider's caching DNS, right?)

Interesting. You are suggesting that as a content provider, one should rely on measurements from random caching name servers around the Internet, many of which you admit yourself are configured not to respond to addresses outside their network? Pardon me for not considering an idea you admit yourself wouldn't work.


But you are right, I totally missed that part of the conversation. Mea Culpa.


And in case anyone wasn't clear, yes, of course, running a recursive server that doesn't accept TCP53 will probably result in missing data your users want occasionally.


As for being "incredibly stupid", well, as I have said in private, calling a bunch of people rude names without even asking them why they are doing what you think is so stupid is .. uh .. probably not very bright. :) Unless, of course, you want everyone else passing judgement on how you run your network without asking.

--
TTFN,
patrick