[dns-operations] Pinging the root name servers to check my connectivity?

Paul Wouters paul at cypherpunks.ca
Wed Sep 5 16:43:46 UTC 2012


On Wed, 5 Sep 2012, Paul Hoffman wrote:

> Date: Wed, 5 Sep 2012 12:31:38
> From: Paul Hoffman <phoffman at proper.com>
> Cc: dns-operations at mail.dns-oarc.net
> To: Stephane Bortzmeyer <bortzmeyer at nic.fr>
> Subject: Re: [dns-operations] Pinging the root name servers to check my
>     connectivity?
> 
> On Sep 5, 2012, at 2:13 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
>> But I wonder what would happen if every small network with an OpenWRT
>> router and Nagios starts pinging them every minute. Is it a reasonable
>> use?
>
> No, absolutely not. The "tragedy of the commons" problems are *way* more important than your tech support issues.
>
>> Do the root name servers operators have an opinion about that? Is
>> there a better alternative?
>
> Yes: spend $50/year for a hosted web server and use that. You pay for your own traffic. There is no way to have this scale to the Internet.

Note that with dnssec-triggerd, a similar thing happens, although this
is a little more relevant as we're testing proper DNS connectivity. One
of the reasons for using the root nameservers for this test, is that
it's a good indication whether DNSSEC is filtered or not, and it does not lead to
a single point of failure when using our own dedicated server(s).

Regardless of this case, with the stubs doing more resolving/validating
themselves, the root servers are going to see a higher load. I think
that's unavoidable. I'm assumming the anycast clouds grow faster then
demand?

Paul



More information about the dns-operations mailing list