Hi,

Since a lot of probes use RFC1918 DNS resolvers (like home DSL/Cable routers etc.) you can't tell, if an ISP-resolver or Public-resolver is actually used.

Another thing I noticed is, that some eyeball providers stopped provisioning their own DNS resolvers. Instead, they assing public resolvers like Cloudflare to their customers.

If the distinction isn't to difficult to implement, I would prefer these three types as system tags:

Inside-AS DNS
Outside-AS DNS
RFC1918 DNS

Best Regards,
Simon


On 6 October 2022 09:23:15 UTC, Robert Kisteleki <robert@ripe.net> wrote:
Hello,

This seems to be an interesting question.

We can certainly apply some (system) tags for probes that have the popular resolvers 8.8.8.8, 9.9.9.9 and so on in the resolver configuration. This would allow users like you to easily filter for, or filter out, probes that do this.

One complication is that in many cases probes (an by extension, the users) have such a public resolver *in addition to* whatever else they use - which complicates the semantics of what resolver was actually used. But I guess one can accept that as a fact and still consider the feature to be useful.

As an extension, we can, if that's deemed useful, tag other resolvers, along the lines of:
* resolvers on private IPs (ie. on-net in the home?)
* mixed private-and-quadX
* mixed private-and-public

If we go this far, a probe could have multiple tags, eg. uses-8888 + uses-private + mixed-private-and-quad8888. This may be overdoing it...

We'd be curious about what you think.

Regards,
Robert


On 2022-10-06 03:38, Max Grobecker wrote:
Hi,

a few days ago I wanted to debug a name resolution problem of one of our domains.
For this reason, I wanted to test if probes inside a specific ASN are having difficulties to resolve a specific name (because only customers of this ISP were complaining).
This lead to very mixed results, mostly because some of the selected probes did queries to a public DNS service like Google, Quad9 and so on.
The problem existed only with the provider's DNS servers for some reason.


It did take some time to make a script which tried to filter out these probes, so I wondered if anyone else had the same use-case and problem.
Is there a way to automatically tag probes, which are (seemingly) using the ISP's own DNS servers, or, at least, not a well-known public service?
This could be done maybe by querying a special DNS name which returns the IP address from where the query was received (like "whoami.akamai.net").
By comparing the ASN of the probe and the ASN of the IP address returned by the DNS query, one could determine, if the ISP's servers are used.
This would also be true for people running their own recursor, but this could be filtered as well very easy.
If an ISP is using multiple ASN, this could be a problem. Maybe there's an easy solution for this as well.

Probes which pass this test, could then be tagged with "DNS-using-ISP-server" or something like that and explicitly be selected for specific DNS resolution tests.


Greetings,
 Max


--
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas