[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: [Full-Disclosure] Question for DNS pros

To: fd@xxxxxxxxx
Subject: Re: FW: [Full-Disclosure] Question for DNS pros
From: John Hall <j.hall@xxxxxx>
Date: Wed, 04 Aug 2004 12:03:50 -0700

Mark wrote:

... Yup, the TCP SYN packets I see do the same with the IPID. (Embarrassed I missed that the first time I looked at them.) ;) ... I disagree, if it is a DNS *server* I would think it wouldn't respond with a RST. It would respond with a SERV FAIL because it's not authoritative for that domain.


Just about any response is useful for RTT/reachability measurement as long
as we can associate it back to the correct probe.

Agreed Frank, why would they bother asking in the first place? How do you even know you are asking a DNS server? It could just be a mis-configured client. It would seem to me that would only provide you with the quickest way to query what may or may not be a DNS server that may or may not be authoritative for a domain.


Generally, 3-DNS queries only come from caching/forwarding DNS servers at
the client's site, so assuming we're talking to a DNS server there is
often a correct assumption.  There are several probes that only require
a TCP/IP compliant box to respond.

Although I think we may have resolved the issue of what is causing those strange packets... I would like to see a whitepaper or something describing how this technique improves the performance of, well; anything.


While there's a lot of complexity to global load balancing and each probe
method may be rendered useless in some circumstances, we've spent a lot
of time analyzing the metrics collected and load balancing decisions made
by 3-DNS groups at many of our customers sites; and we've found that the
3-DNS has improved the reliability and responsiveness of every site for
the great majority of it's customers.  I'm not a marketeer, but you can
probably tell that I'm proud of our products.  ;)

The above paragraph is off topic. E-Mail me off list if you want to discuss that topic further.
Regards,
Mark


--
John Hall              Test Manager - Switch Team             F5 Networks, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Gary E. Miller

References:
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Frank Knobbe
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Paul Schmehl
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Paul Schmehl
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: John Hall
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Frank Knobbe
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: John Hall
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Mark

Prev by Date: Re: FW: [Full-Disclosure] Question for DNS pros
Next by Date: [Full-Disclosure] RE: Defcon spelled half backwards is Fedcon and you dumfucks walked into a trap
Previous by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Next by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Index(es):
- Date
- Thread