lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: j.hall at f5.com (John Hall)
Subject: FW: Question for DNS pros

Mark wrote:

> ...
> Yup, the TCP SYN packets I see do the same with the IPID.  
> (Embarrassed I missed that the first time I looked at them.) ;)
> ...
> I disagree, if it is a DNS *server* I would think it wouldn't respond 
> with a RST.  It would respond with a SERV FAIL because it's not 
> authoritative for that domain.

Just about any response is useful for RTT/reachability measurement as long
as we can associate it back to the correct probe.

> Agreed Frank, why would they bother asking in the first place?  How do 
> you even know you are asking a DNS server?  It could just be a 
> mis-configured client.  It would seem to me that would only provide 
> you with the quickest way to query what may or may not be a DNS server 
> that may or may not be authoritative for a domain.

Generally, 3-DNS queries only come from caching/forwarding DNS servers at
the client's site, so assuming we're talking to a DNS server there is
often a correct assumption.  There are several probes that only require
a TCP/IP compliant box to respond.

> Although I think we may have resolved the issue of what is causing 
> those strange packets...   I would like to see a whitepaper or 
> something describing how this technique improves the performance of, 
> well; anything.

While there's a lot of complexity to global load balancing and each probe
method may be rendered useless in some circumstances, we've spent a lot
of time analyzing the metrics collected and load balancing decisions made
by 3-DNS groups at many of our customers sites; and we've found that the
3-DNS has improved the reliability and responsiveness of every site for
the great majority of it's customers.  I'm not a marketeer, but you can
probably tell that I'm proud of our products.  ;)

> The above paragraph is off topic.  E-Mail me off list if you want to 
> discuss that topic further.
>
> Regards,
> Mark

-- 
John Hall              Test Manager - Switch Team             F5 Networks, Inc.


Powered by blists - more mailing lists