[atlas] Tagging probes which are using the ISP's DNS server?
- Previous message (by thread): [atlas] Tagging probes which are using the ISP's DNS server?
- Next message (by thread): [atlas] Revive an abandoned probe?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bjørn Mork
bjorn at mork.no
Thu Oct 6 11:32:28 CEST 2022
Max Grobecker <max.grobecker at ml.grobecker.info> writes: > This could be done maybe by querying a special DNS name which returns > the IP address from where the query was received (like > "whoami.akamai.net"). By comparing the ASN of the probe and the ASN > of the IP address returned by the DNS query, one could determine, if > the ISP's servers are used. There should be no need for a new service. The SOS queries already provides the necessary raw data. You can see resolver addresses in the probe's "SOS History". Someone "just" has to process the data and produce a "Resolver-in-same-AS" tag. > This would also be true for people running their own recursor, but > this could be filtered as well very easy. How? Reject resolvers which are only used by a single probe? Or did you have something smarter in mind? If not, I fear it would produce a large number of false positives. Many ISPs will have a relatively large resolver to probe ratio (when counting resolver addresses visible to authoritative servers). > If an ISP is using multiple ASN, this could be a problem. Maybe > there's an easy solution for this as well. Geoff Huston has tried to analyze this as part of open resolver measurements: https://www.potaroo.net/ispcol/2019-09/centrality.html Doing a "same CC and not well-kown public resolver" might do it. Bjørn
- Previous message (by thread): [atlas] Tagging probes which are using the ISP's DNS server?
- Next message (by thread): [atlas] Revive an abandoned probe?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]