[atlas] Strong doubts about the option "DNS recursion"
Philip Homburg philip.homburg at ripe.net
Fri Oct 25 13:14:41 CEST 2013
Hi Stephane, On 2013/10/25 12:41 , Stephane Bortzmeyer wrote: > So, it seems as if recursion_desired is ignored and the reality is that > the RD bit is always set. > > By the way, this investigation was done because some people, to > monitor the content of the DNS caches, use open resolvers > (<https://indico.dns-oarc.net//getFile.py/access?contribId=7&resId=1&materialId=slides&confId=1> > and <http://samarudge.github.io/dnsyo/>) and I tought it would be > better to use Atlas probes. But the tests may have to be run without > RD, otherwise you risk "poisoning" the caches, if you use the > measurement to test a hijacking, for instance, as in the first example > mentioned. The RD bit is set because Atlas is supposed to do active measurements and not probe the host's systems. One obvious bug is that this behavior is not documented. Whether setting this flag is a good idea is of course subject to debate. Another thing is that just silently setting the flag is not optimal, maybe the measurement should have been rejected instead. Philip