On Tue, Aug 12, 2025 at 10:48 AM David Prall via NANOG <nanog@lists.nanog.org> wrote:
Can do a quick DNS lookup via a DNS server, since they shouldn't turn that off. But, what happens when they notice the same site doing the same lookup(s) every x minutes.
I think they won't notice, because that kind of query volume is orders of magnitude less than average usage of 1 internet-connected device. That is if you are running 2 or 3 queries every 3 or 4 minutes. Meanwhile the average web-surfing user connects to websites that easily cause 20+ DNS queries over the span of a couple seconds in order to load a whole web page with all its JS frameworks, CSS, and Fonts being remote-loaded from various domains. Querying the service on the IP with an actual query is the best test, but it should be: use a few common FQDNs on different domains to run the lookup on, and not just one FQDN. If any of the lookups succeed, then the resolver is deemed "alive and working / available". If you only query one FQDN per resolver, then you might not always be able to easily distinguish between a failure of the target authoritative domain you are querying, versus a lack of responsiveness by that resolver in general -- -JA