[dns-operations] ip id from servers

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Thu Mar 11 08:49:58 UTC 2010


On Thu, Mar 11, 2010 at 08:32:03AM +0100, sthaug at nethelp.no wrote:
> > we think that this would be due to high retransmits, extremely poor ip
> > id randomization, a massive number of packets so that ids are recycled,
> > an anycast artifact, or cosmic rays.  i note that these are mostly name
> > servers.  so i gotta wonder if there is some commonly used software with
> > its own stack or something similar.
> 
> I can only confirm a few of these from here (Oslo, Norway). What I see
> is pretty bad. *All* of the DNS answers I receive from these 3 servers
> have IP ID 0:
> 
> > 193.0.0.195   ns-pri.ripe.net.
> > 192.54.112.30 h.gtld-servers.net.
> > 202.12.28.140 sec3.apnic.net.
> 

193.0.0.195 reports NSD
192.54.112.30 reports not-imp
202.12.28.140 reports ANS

	ergo, not common nameserver software.

--bill



More information about the dns-operations mailing list