[dns-operations] Pinging the root name servers to check my connectivity?

Paul Hoffman phoffman at proper.com
Wed Sep 5 16:31:38 UTC 2012

On Sep 5, 2012, at 2:13 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> But I wonder what would happen if every small network with an OpenWRT
> router and Nagios starts pinging them every minute. Is it a reasonable
> use?

No, absolutely not. The "tragedy of the commons" problems are *way* more important than your tech support issues.

> Do the root name servers operators have an opinion about that? Is
> there a better alternative?

Yes: spend $50/year for a hosted web server and use that. You pay for your own traffic. There is no way to have this scale to the Internet.

> [You have probably seen this project, which is partially related:
> <https://labs.ripe.net/Members/dfk/ripe-atlas-anchors>. A case where
> many small boxes testing an unwilling service created problems: 
> <http://slashdot.org/story/06/04/07/130209/d-link-firmware-abuses-open-ntp-servers>.]

Another story: I was asked to set up an open STUN server in the early days, so I did so. The instructions at the web site very clearly said "use the domain name, not the actual IP address". A few years later, my ISP noted that the STUN traffic to my server was more than an order of magnitude more than all the other traffic combined, so I turned off the STUN server and had the name point to a box at Cisco (who had suggested I do the work the first time).

Six months later, the traffic to the IP address of a STUN server that had been silent for over six months was still higher than the rest of the web and mail for that server. So, not only did developers ignore the "use the domain name" request, they weren't even checking the return results.

Do not send crap to the root servers, OK?

--Paul Hoffman

More information about the dns-operations mailing list