IP TTL plague (Internet diameter again)

[David LaPorte]

I posted a few months ago regarding the problem with Tru64 as well.  Check
out http://www.switch.ch/docs/ttl_default.html for a list of default UDP and
TDP TTLs on most operating systems (AIX and Tru64 have the lowest at 30).
In our case, we were able to tune the kernel and were back in operation...

Dave LaPorte

-----Original Message-----
From: news at aix4.segi.ulg.ac.be [mailto:news at aix4.segi.ulg.ac.be]On
Behalf Of André Pirard
Sent: Friday, June 16, 2000 11:27 AM
To: comp-protocols-dns-bind at uunet.uu.net
Subject: IP TTL plague (Internet diameter again)


Hello,

I started this analysis after receiving a notice that our DNS servers
did not resolve www.listbot.com (rather that someone had been caught
in the act of adding this name to his hosts file :-))
It turned out that ns[1,2].linkexchange.com are the authoritative
servers for this name, that both are some 32 hops away from here and
that AIX (IBM's Unix) uses 30 as the initial TTL for an UDP packet.
Hence, our DNS queries were not reaching linkexchange more than a
traceroute with standard TTL maxvalue does.

I made a survey of our hosts sending packets with a TTL < 40.
500+ hosts out of 5000+ sampled out using a TTL around 30 or less,
hence with no better hope than AIX to reach hosts like linkexchange if
they had to.

I also made an analysis of DNS packets we receive from the outside
with a TTL less than 5, indicating DNS server hosts that are "at risk"
of not reaching the whole Internet for DNS service. Well, if you count
those with a TTL of up to 3, they certainly don't reach the other end
of our campus and I wish I could know about the "negative TTLs cases".
I include a list of such hosts (only a few with TTL >4, because they
appeared to be important).

I'm not sure what the diameter of the Internet is.
But I can tell that its radius from here is larger that 32.
And that this is a sufficient reason for not manufacturing hosts
unable to reach that distance.
And I don't see a good reason for not using 255 and stop this game.

Beware that a failure within an IP providers may mean rerouting and
temporary growth of the number of hops to reach a host.

Best regards,

André.

db.domainsurvey.isc.org  9 :-)
ns.austin.ibm.com        7
a.root-servers.net       8
ns.kwandong.ac.kr        4
rata.vuw.ac.nz           6
uucp-gw-1.pa.dec.com     8
uucp-gw-2.pa.dec.com     7

dcc001.cict.fiocruz.br   1
dns.ytit.edu.tw          1
centaur.it.wsu.edu       1
ns.ufsc.br               1
euryale.inf.ufsc.br      1
gatekeeper.toyota.co.jp  1
theusc.csd.sc.edu        1
gambit.fhdf.gov.br       1

ironside.cvrd.com.br     2
dns1.uga.edu             2
dns2.uga.edu             2
dns1.cso.uiuc.edu        2
powerweb.nserc.ca        2

telecom.rzs.itesm.mx     2
theor1.theory.nipne.ro   3
massive.Mines.EDU        3
ns.prl.res.in            3
wehid.wehi.edu.au        3
ccsrv1.camosun.bc.ca     3
ccins.camosun.bc.ca      3
iprolink.co.nz           3
ux.accesscom.net         3
mars.csd.unb.ca          3
finch.cc.ukans.edu       3
ns2.professo.net         3
norwich.edu              3
dns2.cso.uiuc.edu        3
mercure.lacitec.on.ca    3

ns.USherb.ca             4
ns1.singa.pore.net       4
maestro.eecs.ukans.edu   4
aguila.dpi.UDEC.CL       4
andes.dpi.udec.CL        4
server.noc.la.net        4
cuscus.cc.uq.edu.au      4
te6000.otc.lsu.edu       4
umigw.miami.edu          4
scrooge.cadvision.com    4
manquehue.puc.cl         4
jumpgate.usask.ca        4
access.usask.ca          4
valhalla.cs.wright.edu   4
200.145.244.1            4
alpha.delta.edu          4
ns1.isc.rit.edu          4
rusty.srv.gc.ca          4
ns.fiu.edu               4
suzie.exchangedata.com   4
ns3.cadvision.com        4

acme.ucc.cuny.edu        7
nserver2.info.apple.com  8
nameo.caps.maine.edu     6
nserver1.info.apple.com  8
ns2.airmail.net          7
198.133.21.116           8
namep.caps.maine.edu     7
rtc2a.ntp.aol.com        9
198.133.21.133           9