Hello, I am currently out of the office until January 2nd.
If this is an urgent message please reach out to my manager Robert Kisteleki or myself directly at +31 643419539. Happy holidays :) Guy Meyer On 6 Oct 2022, at 12:32, Simon Brandt via ripe-atlas <[email protected]> wrote: > Hi, > > Since a lot of probes use RFC1918 DNS resolvers (like home DSL/Cable routers > etc.) you can't tell, if an ISP-resolver or Public-resolver is actually used. > > Another thing I noticed is, that some eyeball providers stopped provisioning > their own DNS resolvers. Instead, they assing public resolvers like > Cloudflare to their customers. > > If the distinction isn't to difficult to implement, I would prefer these > three types as system tags: > > Inside-AS DNS > Outside-AS DNS > RFC1918 DNS > > Best Regards, > Simon > > > On 6 October 2022 09:23:15 UTC, Robert Kisteleki <[email protected]> wrote: > Hello, > > This seems to be an interesting question. > > We can certainly apply some (system) tags for probes that have the popular > resolvers 8.8.8.8, 9.9.9.9 and so on in the resolver configuration. This > would allow users like you to easily filter for, or filter out, probes that > do this. > > One complication is that in many cases probes (an by extension, the users) > have such a public resolver *in addition to* whatever else they use - which > complicates the semantics of what resolver was actually used. But I guess one > can accept that as a fact and still consider the feature to be useful. > > As an extension, we can, if that's deemed useful, tag other resolvers, along > the lines of: > * resolvers on private IPs (ie. on-net in the home?) > * mixed private-and-quadX > * mixed private-and-public > > If we go this far, a probe could have multiple tags, eg. uses-8888 + > uses-private + mixed-private-and-quad8888. This may be overdoing it... > > We'd be curious about what you think. > > Regards, > Robert > > > On 2022-10-06 03:38, Max Grobecker wrote: > Hi, > > a few days ago I wanted to debug a name resolution problem of one of our > domains. > For this reason, I wanted to test if probes inside a specific ASN are having > difficulties to resolve a specific name (because only customers of this ISP > were complaining). > This lead to very mixed results, mostly because some of the selected probes > did queries to a public DNS service like Google, Quad9 and so on. > The problem existed only with the provider's DNS servers for some reason. > > > It did take some time to make a script which tried to filter out these > probes, so I wondered if anyone else had the same use-case and problem. > Is there a way to automatically tag probes, which are (seemingly) using the > ISP's own DNS servers, or, at least, not a well-known public service? > This could be done maybe by querying a special DNS name which returns the IP > address from where the query was received (like "whoami.akamai.net"). > By comparing the ASN of the probe and the ASN of the IP address returned by > the DNS query, one could determine, if the ISP's servers are used. > This would also be true for people running their own recursor, but this could > be filtered as well very easy. > If an ISP is using multiple ASN, this could be a problem. Maybe there's an > easy solution for this as well. > > Probes which pass this test, could then be tagged with "DNS-using-ISP-server" > or something like that and explicitly be selected for specific DNS resolution > tests. > > > Greetings, > Max > > > -- > ripe-atlas mailing list > [email protected] > https://lists.ripe.net/mailman/listinfo/ripe-atlas > -- > ripe-atlas mailing list > [email protected] > https://lists.ripe.net/mailman/listinfo/ripe-atlas
-- ripe-atlas mailing list [email protected] https://lists.ripe.net/mailman/listinfo/ripe-atlas
