On Mon, 6 Aug 2007, Drew Weaver wrote:
Is it a fairly normal practice for large companies such as Yahoo! And Mozilla to send icmp/ping packets to DNS servers? If so, why? And a related question would be from a service provider standpoint is there any reason to deny ICMP/PING packets to name servers within your organization?
They use ICMP/Echo Request to calculate a rough surrogate latency estimate for potential users of that caching DNS server so they can return different DNS answers depending on your network topology. Yes its an approximation, and can be wrong. Some networks even re-route ICMP/Echo to a completely different box which just responsed to pings; so it may not even go to the same place. Given all those caveats, many times its still the best guess you can make. ICMP/ECHO is a separate protocol which is easy to filter if you want to, without affecting "normal" TCP/UDP/etc packets. But then expect to get "worse" default DNS answers from those same sites attempting to optimize their DNS answers. It would be cool if people ran NTP port 123 on their DNS servers, and then we could get extreme measurements. But then I'm sure someone would point out 62 flaws with that. In the end, its up to each network operator to make its own decision. If your DNS servers aren't being negatively impacted, and it helps your users get better answers, you might keep it. If the answers are reversed, you might drop them. My IDS is badly tuned.... Well maybe there is a fix for that.