On Mon, 06 Aug 2007 11:57:08 -0400 Valdis.Kletnieks@vt.edu wrote:
On Mon, 06 Aug 2007 11:53:15 EDT, Drew Weaver said:
Is it a fairly normal practice for large companies such as Yahoo! And Mozilla to send icmp/ping packets to DNS servers? If so, why?
Sounds like one of the global-scale load balancers - when you do a (presumably) recursive DNS lookup of one of their hosts, they'll ping the nameserver from several locations and see which one gets an answer the fastest.
Yes, it's a semi-borkken strategy, because it assumes that:
1) ICMP is handled at the same rate as TCP/UDP packets in all the routers involved (so there's no danger of declaring a path "slow" when it really isn't, just becase a router slow-pathed ICMP).
This is aimed at hosts, not routers, right? As far as I know, routers don't slow-path forwarded ICMP. Hosts will probably reply to ICMP from their kernel, so it's a faster response than a user-level DNS reply.
2) That the actual requester of service is reasonably near net-wise to the server handling the end-user's recursive DNS lookup.
Right. But there's no particular reason to block it, unless the rate is high enough that it's causing you CPU or network load problems. (If it's your IDS that's getting overloaded, perhaps tell it not to worry unless you see other load issues...) --Steve Bellovin, http://www.cs.columbia.edu/~smb