On Dec 10, 2020, at 12:29 PM, Ray Bellis <ray@isc.org> wrote:
Is there any RIPE policy about whether nodes that are subject to DNS interception should be excluded from results (or maybe even dropped altogether) ?
While these probes are perhaps still useful for ping and traceroute tests, they are effectively useless for DNS related tests other than as a proxy measure for how prevalent that practise actually is.
For the visualisation I've just been building based on the Root System's "hostname.bind" data returned by Atlas it was pretty difficult to figure out how to exclude those probes on the client side.
If there was a heuristic that could be applied on the probe itself or within the RIPE data collector that tagged the probe as having "bad DNS" that would help a lot.
I think this is valuable, you can get an idea of what part of the population is being tampered with either by bad NETGEAR devices or otherwise. It’s clear you need to design something to measure for this, but I don’t think they should be automatically excluded. There are providers that do strange things like TTL lengthening which are problematic, but you often can’t see these non-compliant resolvers without a much more in-depth investigation. (No, I’m not talking about serve-stale either, that I think is a fine behavior). - Jared