Re: large organization nameservers sending icmp packets to dns servers.
On Mon, 06 Aug 2007 17:21:49 -, John Levine said: Sounds like one of the global-scale load balancers - when you do a (presumably) recursive DNS lookup of one of their hosts, they'll ping the nameserver from several locations and see which one gets an answer the fastest. Why would they ping rather than just sending the query to all of the NS and see which one answers first? It's an IP round trip either way. If you have sites in San Fran, London, and Tokyo, and you launch a ping from all 3 and see which one gets there first, you'll *know* the RTT from each site. If you just send DNS replies from all 3, you don't have a good way of telling which one got to the destination first. Your method works if *I* want to know which one of the 3 sites is closest (assuming I can identify an DNS server at the 3 sites). The problem of the owner of the 3 sites trying to identify which one I'm closest to isn't symmetric to it. pgpzefgui6GnP.pgp Description: PGP signature
Re: large organization nameservers sending icmp packets to dns servers.
On Aug 6, 2007, at 10:21 AM, John Levine wrote: Sounds like one of the global-scale load balancers - when you do a (presumably) recursive DNS lookup of one of their hosts, they'll ping the nameserver from several locations and see which one gets an answer the fastest. Why would they ping rather than just sending the query to all of the NS and see which one answers first? It's an IP round trip either way. I agree that pinging is harmless, but for this application it seems pointless, too. Well... we're talking about recursive resolvers. There's not really a simple way for a third party to measure the round trip time to the recursive resolver at the dns level. It may not respond to external queries at all, and even if it does, what query would you send that would cause an immediate reply without any additional processing or network latency at the resolver? There's lots of tricks you can play to do this, but most of them are no better than a simple ICMP ping. Cheers, Steve
Re: large organization nameservers sending icmp packets to dns servers.
On Mon, 6 Aug 2007, Patrick W. Gilmore wrote: first I agree that in most cases the 'RTT to client cacheresolver' probably works well enough. That said though... Owen said it worked well for his customers (in a past life), and he has operational experience with this. Can anyone give a serious counter example _from experience_? Or are we just discussing possibilities? Sure, 75% of the people that use cache00.ns.uu.net and aren't in the 'mid-atlantic' region... (and someone's blocking echo-request to cache00 but...) Unless there exist exceptions and other metrics for the clients it's probably not very accurate in this instance (or the other cacheXX.ns.uu.net cases really, since they tend to move about the network as required...)