[98362] in North American Network Operators' Group
Re: large organization nameservers sending icmp packets to dns servers.
daemon@ATHENA.MIT.EDU (matthew zeier)
Mon Aug 6 12:16:34 2007
Date: Mon, 06 Aug 2007 09:07:30 -0700
From: matthew zeier <mrz@velvet.org>
To: Drew Weaver <drew.weaver@thenap.com>
CC: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <B7152C470C9BF3448ED33F16A75D81C14D04152AD7@exchanga.thenap.com>
Errors-To: owner-nanog@merit.edu
Drew Weaver wrote:
> Is it a fairly normal practice for large companies such as Yahoo! And
> Mozilla to send icmp/ping packets to DNS servers? If so, why? And a
> related question would be from a service provider standpoint is there
> any reason to deny ICMP/PING packets to name servers within your
> organization?
Wearing my Mozilla hat here...
I blogged about this (blog.mozilla.com/mrz, somewhere there) and Asa
blog'd about it over at
http://weblogs.mozillazine.org/asa/archives/2007/03/trying_to_load.html .
Mozilla uses Citrix Netscalers and we're currently using dynamic
proximity for load balancing between data centers.
After Asa's post, we found poorly documentation that led to
misconfiguration of the probe settings. I've cut down the number of
probes (default was icmp, udp and tcp:80 to a nameserver) and instead of
the ~10 complaints a day I was getting, I get many one a month.
If you're still annoyed by the probes, ping me off-list.
- mz
