> On Dec 10, 2020, at 12:29 PM, Ray Bellis <[email protected]> wrote:
>
> Is there any RIPE policy about whether nodes that are subject to DNS
> interception should be excluded from results (or maybe even dropped
> altogether) ?
>
> While these probes are perhaps still useful for ping and traceroute
> tests, they are effectively useless for DNS related tests other than as
> a proxy measure for how prevalent that practise actually is.
>
> For the visualisation I've just been building based on the Root System's
> "hostname.bind" data returned by Atlas it was pretty difficult to figure
> out how to exclude those probes on the client side.
>
> If there was a heuristic that could be applied on the probe itself or
> within the RIPE data collector that tagged the probe as having "bad DNS"
> that would help a lot.
I think this is valuable, you can get an idea of what part of the population is
being tampered with either by bad NETGEAR devices or otherwise. It’s clear you
need to design something to measure for this, but I don’t think they should be
automatically excluded.
There are providers that do strange things like TTL lengthening which are
problematic, but you often can’t see these non-compliant resolvers without a
much more in-depth investigation. (No, I’m not talking about serve-stale
either, that I think is a fine behavior).
- Jared