This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] Probes suffering DNS interception?
- Previous message (by thread): [atlas] Probes suffering DNS interception?
- Next message (by thread): [atlas] new website, but outdated information
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert Kisteleki
robert at ripe.net
Fri Dec 11 09:26:29 CET 2020
Hello, A couple of reflections from me: On 2020-12-10 18:29, Ray Bellis wrote: > Is there any RIPE policy about whether nodes that are subject to DNS > interception should be excluded from results (or maybe even dropped > altogether) ? I agree with others who said we shouldn't *exclude* these. However, given a workable definition, we can tag these probes which is likely to be helpful to everyone who are looking for an easy way to filter. As always, the devil is in the details: if we tag probes "now" that does not mean their behaviour was the same "yesterday". So one would need to align the probe tag times with result times, which complicates things. > For the visualisation I've just been building based on the Root System's > "hostname.bind" data returned by Atlas it was pretty difficult to figure > out how to exclude those probes on the client side. The difficulty is the same (or worse, see below) even if we do this on the server side :-) So while I don't think shifting the solution around makes things easier, as noted above it can be done "once" instead of by every client. > If there was a heuristic that could be applied on the probe itself or > within the RIPE data collector that tagged the probe as having "bad DNS" > that would help a lot. Indeed, we (on the infrastructure side) can help here. > I don't have a fully automated way (yet), but I do have a list of > regexes that appear to match all known correct variants of the various > RSO's hostname.bind strings with no false positives being returned from > the currently active Atlas probes: > > 'a': /^(?:rootns-|nnn1-)([a-z]{3})\d$/, > 'b': /^b\d-([a-z]{3})$/, > 'c': /^([a-z]{3})\d[a-z]\.c\.root-servers\.org$/, ... (*) The *real* difficulty here is that these rules change over time, and the decoder needs to follow these changes (if it know about them...) This fact also makes the server side tagging susceptible to erroneous tagging. BTW this very rule set exists in our visualisations already (powering maps like https://atlas.ripe.net/results/maps/root-instances/). In reality it's 26 entries, not 13, in order to cover historical naming schemes. Unfortunately so far root server operators haven't converged on a single scheme, and even if they did, the historical queries would not be simplified. Cheers, Robert
- Previous message (by thread): [atlas] Probes suffering DNS interception?
- Next message (by thread): [atlas] new website, but outdated information
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]