[Atlas-anchors-pilot] Services on Atlas anchors as measurement targets

john jbond at ripe.net
Fri Mar 8 12:01:45 CET 2013 

Hi Stefan,


On 3/8/13 9:47 AM, Stephane Bortzmeyer wrote:
> On Fri, Mar 08, 2013 at 09:23:12AM +0100,
>  Robert Kisteleki <robert at ripe.net> wrote 
>  a message of 26 lines which said:
> 
>> At the moment our question to you is: what do you think about adding
>> larger pre-defined responses to the DNS service?
> 
> It does not work for me yet:
I think this could be a bug in the documentation, hopefully this is a
bit more clear now.

Each anchor has a zone delegated to it which takes the form

   dns.${anchor}.anchors.atlas.ripe.net

i.e. your anchors zone is

   dns.fr-cdg-as2486.anchors.atlas.ripe.net

This zone has the records described on the help page. e.g.

   $ORIGIN dns.fr-cdg-as2486.anchors.atlas.ripe.net
   484.4 IN TXT bla

so what you need to try is

   dig TXT 484.4.dns.fr-cdg-as2486.anchors.atlas.ripe.net

Also 484.6 does not exist only 484.4 and 464.6.  The values may seem
somewhat arbitrary.  I have tried to do is pick  potentially problematic
packet sizes +- Header size so the above two records correspond to:

ipv4
512 - 8(udp Header) - 20(Ip Header) - 14(Ethernet header*)

ipv6
512 - 8(udp Header) - 20(Ip Header) - 14(Ethernet header*)

In the future we would like to make this dynamic so you can request a
packet size of any length.  In the mean time if there are values you or
others think useful please let us know and we can add them to the zone(s).

> I have a suggestion
> about DNS debugging. Why not installing a DNS looking glass on the
> Anchors (shameless plug: <http://www.bortzmeyer.org/dns-lg.html>)? It
> is not the same service but it would be useful.
I can see a benefit to this service; however i am curious to hear your
answer to Philips question.  Perhaps we could implement missing features
in to atlas.  Im also not sure if a service like this should go on the
anchor or perhaps as a different vm/container/service?

If we did implement a dns looking glass what would you recommend as sane
values for ACL's, Rate limiting and other relevant settings.  As a
looking glass can also be viewed as an open resolver.

Regards
John