IP Monitoring: Acceptable to Ping Public DNS Servers Every Second?



  • While reading the Routing chapter in the pfSense book, I strolled upon Monitor IP, and this quote regarding WAN gateways, "Some popular choices include Google public DNS servers, or popular web sites such as Google or Yahoo." and this gem, "By default, the system will ping each gateway once per second to monitor latency and packet loss..."

    I don't want to do anything unneighborly; is it really OK to ping the snot out of public DNS servers? I don't want the internet hounds released on me.

    Old technology guy, new to wide-area networking.



  • One tiny ping packet won't upset anyone, even once per second. I wouldn't worry about it. What I would worry about is whether you really want to use something that far away for your gateway monitor. We had a debate about this just a week or two ago. Some folks like to monitor some external site that's many hops away, like Google DNS. Others, like me, think it's better to monitor your actual gateway or 1-2 hops upstream.


  • LAYER 8

    no doubt that the answer from google is a courtesy
    if and when they will find ping an annoying matter they will just block it.
    until then use it



  • @KOM I searched the NetGate site for an answer before I posted this question, and came up empty. After you responded, I searched your posts and found this: https://forum.netgate.com/topic/146142/how-to-detect-a-cyber-attack (which I believe is the the thread to which you refer) Thank you.



  • @kiokoman Thanks.


  • LAYER 8 Global Moderator

    The default pings from pfsense are 0 data in size.. I just ping the local gateway of pfsense.. This tells me have connectivity to the isp.. I see no point in pinging something out in the internet, especially some anycast IP that could be anywhere - so you could get wildly differing RTT..

    The only reason you might ping something upstream, if the local gateway for pfsense is onsite - and doesn't really tell you if actually connected to the ISP.. So you would pick something a hop or 2 past that.

    I had issue just awhile ago where I noticed I was seeing packet loss to my local gateway.. This tells me something between me and my isp is not good, if was pinging something upstream - it could be anything between me and that destination..

    Do whatever makes you feel better, but I concur a ping every second to some IP that answers ping and is such a major player as say googledns isn't going to be even noticed.. They must get 100's of thousands of them ;) All the time, what is the one of the first thing anyone ever pings when checking connectivity - 8.8.8.8 ;)



  • @johnpoz Understood completely, Thanks.


  • LAYER 8 Moderator

    @johnpoz said in IP Monitoring: Acceptable to Ping Public DNS Servers Every Second?:

    So you would pick something a hop or 2 past that.

    Difficult to do that e.g. for german main ISP player German Telekom. Their ADSL/VDSL GW never responds to ping in the first place and the 2nd or third hop outof their net changes occasionally (based on dialed in users, packet load etc.) so to select a somewhat stable endpoint is a puzzle game and you can end up with an IP that moved away from your direct line of traceroute because they changed their routing again and your chosen hop isn't "your" hop anymore...

    To cite you it's a real whack-a-mole game ;)


  • LAYER 8 Global Moderator

    @JeGr said in IP Monitoring: Acceptable to Ping Public DNS Servers Every Second?:

    Their ADSL/VDSL GW never responds to ping

    Do they site a reason behind this? Are their gateways so overloaded they can't handle a few pings?


  • LAYER 8 Moderator

    @johnpoz said in IP Monitoring: Acceptable to Ping Public DNS Servers Every Second?:

    Do they site a reason behind this?

    Nope, been that way for years (tempted to say decades). Just when having a look at a traceroute of a customers WAN going out to the web and your first hop is

    * * * -
    

    you're like 90% sure already that this is a "Deutsche Telekom" DSL line - or some reseller. First hop on their PPPoE setup was never answering ICMP AFAIR.

    Are their gateways so overloaded they can't handle a few pings?

    Thinking more along the ways "we're doing it like we did it in decades! can't be wrong for 20+ years..." ;)


  • LAYER 8 Netgate

    I would wager that by now google, etc have a whole ICMP infrastructure set up and the DNS servers are not actually the ones responding to pings.


Log in to reply