[dns-operations] Question for fellow users of RIPE ATLAS (broken/saturated probes or what?)

Giovane Moura giovane.moura at sidn.nl
Tue Dec 11 09:13:41 UTC 2018


Hi Jake,

Thanks for pointing this. We also monitor our authoritative name servers
but I was not aware of this issue. This is particularly important when
deciding where to deploy new anycast sites.

Say a country X observes 200ms latency to one of your NSes. You'd need
to break it down per probe version,as you did, and consider version>6000
 to be sure that this is not an artifact.

Monitoring systems that rely of the variation of RTT should be OK, at
least in the aggregate.

thanks,

/giovane


On 12/7/18 10:13 PM, Jake Zack wrote:
> Hey all,
> 
>  
> 
> I often do DNS tests via RIPE ATLAS to confirm that changes and/or new
> additions to our anycast network haven’t created any collateral damage
> to our clouds and others.
> 
>  
> 
> I’ve noticed that the first several thousand probes (probe ID’s < ~6000)
> consistently return inaccurate/terrible/useless results to DNS tests.
> 
>  
> 
> Has anyone else noticed this?  Has anyone else reported it to RIPE
> ATLAS?  Any theories?
> 
>  
> 
> I’ll first use DNS queries coming out of Belgium as an example…
> 
>  
> 
>                 My average response time from Belgium to
> ANY.CA-SERVERS.CA is 25.103 ms when you exclude probe ID’s < ~6000. 
> With those probes, it’s 83.944 ms – Greater than a 300% difference?!
> 
>  
> 
> The worst part is that the ‘traceroute’ functionality never seems to
> show this latency…so I feel powerless in fixing this brokenness from my end.
> 
>  
> 
> And it’s not just traffic from Belgium, to be clear…
> 
>  
> 
>                 My average response time from Ireland to
> ANY.CA-SERVERS.CA is 21.296 ms when you exclude probe ID’s < ~6000. 
> With those probes, it’s 33.507 ms.
> 
>                 My average response time from Netherlands to
> ANY.CA-SERVERS.CA is 22.187 ms when you exclude probe ID’s < ~6000. 
> With those probes, it’s 77.280ms.
> 
>                 My average response time from Poland to
> ANY.CA-SERVERS.CA is 43.910 ms when you exclude probe ID’s < ~6000. 
> With those probes, it’s 89.235 ms.
> 
>  
> 
> And it’s not just CIRA…
> 
>  
> 
>                 The average response time from Belgium to SNS-PB.ISC.ORG
> is 22.883 ms when you exclude probe ID’s < ~6000.  With those probes,
> it’s  33.169 ms.
> 
>                 The average response time from Belgium to
> F.ROOT-SERVERS.NET is 15.094 ms when you exclude probe ID’s < ~6000. 
> With those probes, it’s 23.076 ms.
> 
>                 The average response time from Belgium to AC1.NSTLD.COM
> is 36.333 ms when you exclude probe ID’s < ~6000.  With those probes,
> it’s 44.900 ms.
> 
>                 The average response time from Belgium to
> A0.INFO.AFILIAS-NST.INFO is 146.38 ms when you exclude probe ID’s <
> ~6000.  With those probes, it’s 155.70 ms.
> 
>                 The average response time from Belgium to X.NS.DNS.BE is
> 67.214 ms when you exclude probe ID’s < ~6000.  With those probes, it’s
> 83.836 ms.
> 
>  
> 
> I’m attaching some photos to visually show just how ineffective these
> probes are at measuring anything related to DNS…
> 
>  
> 
> Confirmations on others seeing this, or reporting this, or moving away
> from RIPE ATLAS for these measurements because of this?  Recommendations
> other than ThousandEyes (I’m not interested in paying $100K/year for
> what costs $500/year in VM’s and perl scripts).
> 
>  
> 
> Ideas on how to get this rectified so that these tests can be useful again?
> 
>  
> 
> -Jacob Zack
> 
> DNS Architect – CIRA (.CA TLD)
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 




More information about the dns-operations mailing list