[dns-operations] Acceptable query limit to root servers

Theodore Baschak theodore at ciscodude.net
Tue Jun 7 20:23:47 UTC 2016


I found the following article pretty handy in terms of checking a locations connectivity:
https://labs.ripe.net/Members/stephane_bortzmeyer/checking-your-internet-connectivity-with-ripe-atlas-anchors <https://labs.ripe.net/Members/stephane_bortzmeyer/checking-your-internet-connectivity-with-ripe-atlas-anchors>
I've implemented it with great success. These hosts are explicitly on the internet *to* answer ICMP.

Theodore Baschak - AS395089 - Hextet Systems

> On Jun 7, 2016, at 1:16 PM, Andrew White <andrew at vivalibre.com> wrote:
> 
> Hi DRC,
> 
> Thanks for your reply. If we have a root server on-net, then I still have the issue of not knowing whether my recursive server has working outbound connectivity; a local copy of the root then moves the issue to the TLD servers.
> 
> Andrew
> 
> On Tue, Jun 7, 2016 at 12:32 PM, David Conrad <drc at virtualized.org <mailto:drc at virtualized.org>> wrote:
> Hi,
> 
> On Jun 7, 2016, at 8:12 AM, Andrew White <andrew at vivalibre.com <mailto:andrew at vivalibre.com>> wrote:
> > We are considering adding some health checks on our recursive DNS platform.
> >
> > We'd like to ensure each server has access to the root via a remote dig at the recursive server. Specifically we are considering a query to an effectively random top-level domain that should always be answered by an NXDOMAIN by a root server.
> >
> > Given the large number of servers and our need to perform this check fairly often, this could result in a large number of queries resulting in NXDOMAIN to the root.
> 
> Not that it's likely your probes will go above the noise in the noise, why not mirror the root (a la https://tools.ietf.org/rfc/rfc7706.txt <https://tools.ietf.org/rfc/rfc7706.txt>)?
> 
> Regards,
> -drc
> (speaking only for myself)
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160607/e2337b14/attachment.html>


More information about the dns-operations mailing list