History of 4.2.2.2. What's the story?

I've wondered about this for years, but only this evening did I start
searching for details. And I really couldn't find any.

Can anyone point me at distant history about how 4.2.2.2 came to be, in my
estimation, the most famous DNS server on the planet?

I know that it was originally at BBN, what I'm looking for is things like:

   How the IP was picked. (I'd guess it was one of the early DNS servers,
         and the people behind it realized that if there was one IP address
         that really needed to be easy to remember, it was the DNS server,
         for obvious reasons).
   Was it always meant to be a public resolver?
   How it continued to remain an open resolver, even in the face of
         amplifier attacks using DNS resolvers. Perhaps it has had
         rate-limiting on it for a long time.
   There's a lot of conjecture about it using anycast, anyone know anything
         about it's current configuration?

So, if anyone has any stories about 4.2.2.2, I'd love to hear them.

Thanks,
Sean

I think around 10 years ago Slashdot had a few stories (and still do, actually) about how great these resolvers were. I think that propelled quite a bit of their growth and popularity.

Since I'm watching B5 again on DVD....

I was there at the dawning of the age of 4.2.2.1

We did it, and we I mean Brett McCoy and my self. But most of the credit/blame goes to Brett... I helped him, but at the time I was mostly working on getting out Mail relays working right. This was about 12 years ago, about 1998, I left Geunitity in 2000, and am back at BBN/Raytheon now. I remember we did most of the work after we moved out of Cambridge and into Burlington.

Genuity/GTEI/Planet/BBN owned 4/8. Brett went looking for an IP that was simple to remember, I think 4.4.4.4 was in use by neteng already. But it was picked to be easy to remember, I think jhawk had put a hold on the 4.2.2.0/24 block, we got/grabbed 3 address 4.2.2.1, 4.2.2.2, and 4.2.2.3 so people had 3 address to go to. At the time people had issues with just using a single resolver. We also had issues with both users and registers since clearly they aren't geographically diverse, trying to explain routing tricks to people KNOW all IPs come in and are routed as Class A/B/C blocks is hard.

NIC.Near.Net which was our primary DNS server for years before I transferred to planet from BBN. It wasn't even in 4/8, I think it was 128.89 (BBN Corp space), but I'm not sure. BBN didn't start to use 4/8 till the Planet build out, and NIC.near.net predates that by at least 10 years.

I still have the power cord from NIC.near.net in my basement. That machine grew organically with every service known to mankind running on it, and special one-off things for customers on it. It took us literally YEARS to get that machine turned off, when we finally got it off I took the power cord so no one would help us by turning it back on, I gave the cord to Chris Yetman, who was the director of operations and told him if a customer screams he has the power to turn it back on. A year or so later, he gave the cord back to me.

Yes we set up 4.2.2.1 as a public resolver. We figured trying to filter it was larger headache than just making it public.

It was always pretty robust due to the BIND code, thanks to ISC, and the fact it was always IPV4 AnyCast.

I don't know about now, but originally it was IPV4 AnyCast. Each server advertised a routes for 4.2.2.1, .2, and .3 at different costs and the routers would listen to the routes. Originally the start up code was, basically:
advertise route to 4.2.2.1, 4.2.2.2, and 4.2.2.3
run bind in foreground mode
drop route to 4.2.2.1, 4.2.2.2, and 4.2.2.3

then we had a Tivoli process that tried to restart bind, but rate limited the restarts. But that way if the bind died the routes would drop.

johno

I've wondered about this for years, but only this evening did I start
searching for details. And I really couldn't find any.

Can anyone point me at distant history about how 4.2.2.2 came to be, in my
estimation, the most famous DNS server on the planet?

I don't think anyone else can help you determine your estimaation...

I know that it was originally at BBN, what I'm looking for is things like:

4/8 was originally BBN. Anycasted DNS resolvers came to many networks
somewhen 98-00 [I can't be more precise as my archive of 1994-2007
work and events is naturally out of my reach, being that employer's
data]. But I seem to recall that was Rodeny's babye form the Genuity
days.

   How the IP was picked. (I'd guess it was one of the early DNS servers,
         and the people behind it realized that if there was one IP address
         that really needed to be easy to remember, it was the DNS server,
         for obvious reasons).
   Was it always meant to be a public resolver?
   How it continued to remain an open resolver, even in the face of
         amplifier attacks using DNS resolvers. Perhaps it has had
         rate-limiting on it for a long time.

That is a question for folks at L3. Any publicly-sharable data might
be interesting presentation-fodder.

   There's a lot of conjecture about it using anycast, anyone know anything
         about it's current configuration?

Why "conjecture"? Examining the /32s from inside and outside of 3356
clearly shows the whole set still is, and those who have been customers
or worked with the 3356 folks over the years know it has historically
been as well.

Cheers,

Joe

It was always pretty robust due to the BIND code, thanks to ISC, and
the fact it was always IPV4 AnyCast.

$ asp 4.2.2.2 # look it up in routeviews
4.0.0.0/9 ASN 3356, path 3549 -> 3356

Wow, that's a heck of an anycast block.

R's,
John

4.2.2.2 is stunted just like any other resolvers that use only the USG root. A more useful resolver is ASLAN [199.5.157.128] which is an inclusive namespace resolver which shows users a complete map of the internet, not just what ICANN wants them
to see.

So you don't think that 4.2.2.2, being easier then 199.5.157.128 to remember, has something to do with that?

I feel a headache coming on...

Is this more of the fun from years ago where everyone thought it would be great to create a bunch of custom TLDs then try and convince everyone to use their name servers to 'enable' these (for lack of a better word) site-local domains?

I tried the OpenDNS koolaid, and well, was horribly disappointed.

a message of 42 lines which said:

A more useful resolver is ASLAN [199.5.157.128] which is an
inclusive namespace resolver which shows users a complete map of the
internet,

There are many crooks which sell dummy TLDs. At least, they make an
effort to have more than two name servers for the root. But
199.5.157.128 is better, it does not just add dummy TLDs, it adds every
possible TLD:

% dig @199.5.157.128 A www.TJTYRMYYT67DFR453.FFDD5GCXXFFRA8O

; <<>> DiG 9.5.1-P3 <<>> @199.5.157.128 A www.TJTYRMYYT67DFR453.FFDD5GCXXFFRA8O
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53344
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.TJTYRMYYT67DFR453.FFDD5GCXXFFRA8O. IN A

;; ANSWER SECTION:
www.TJTYRMYYT67DFR453.FFDD5GCXXFFRA8O. 7195 IN A 199.5.157.33

;; AUTHORITY SECTION:
. 87988 IN NS b.worldroot.net.
. 87988 IN NS a.worldroot.net.

;; Query time: 146 msec
;; SERVER: 199.5.157.128#53(199.5.157.128)
;; WHEN: Sun Feb 14 21:28:54 2010
;; MSG SIZE rcvd: 125

* John Levine:

It was always pretty robust due to the BIND code, thanks to ISC, and
the fact it was always IPV4 AnyCast.

$ asp 4.2.2.2 # look it up in routeviews
4.0.0.0/9 ASN 3356, path 3549 -> 3356

Wow, that's a heck of an anycast block.

You can do anycast with your IGP, too.

I don't think anyone else can help you determine your estimaation...

Sorry, I was being kind of flippant and paying homage to the "Peggy Hill"
character in _King_of_the_Hill_.

That is a question for folks at L3. Any publicly-sharable data might
be interesting presentation-fodder.

Good idea, I'll have to see if I have any links into L3 that can help.

Why "conjecture"? Examining the /32s from inside and outside of 3356

I said conjecture because every person I found in my searches said things
like "I think it might be anycasted" or "they could be using anycast".
Until this thread, I didn't see any that spoke with authority on the
subject.

Thanks for the reply.

Sean

Awesome. Thanks for taking the time to reply, I really enjoyed the story.
Have fun with the B5. The only time I watched it was on a VHS borrowed
from a friend. It was a 3'x3' cabinet full of them.

Sean

http://www.traceroute.org (and/or http://lg.level3.net, etc) will show
pretty readily confirm that it's anycast.

They will also show that in some parts of the world the various
4.2.2.1-6 addresses go to different locations. eg, from Level 3 in
London I'm seeing 4.2.2.1, .3 and .5 going to London, but .2, .4 and
.6 all go to Frankfurt.

Personally I've moved away from using 4.2.2.1 and .2 after we had a
few issues with them, especially in Europe. 4.2.2.5 and .6 seem to be
far more stable, although obviously that might vary depending on
region.

  Scott.

I don't care what internal routing tricks are used, they are still
under the *one* external route and as such subject to single points
of failure and as such don't have enough independence.

Mark

It's an open recursive name server, it is free, has no SLA, and is not critical infrastructure.

Besides, it is quicker / better to use your local ISP's RNS. If something goes wrong, you can fall back to OpenDNS or L3, and, of course, yell at the _company_you_are_paying_ when their stuff doesn't work.

Are you asserting architectural control over what Level3 decide to do with their own servers, Mark?

If their goal is distribute a service for the benefit of their own customers, then keeping all anycast nodes associated with that service on-net seems entirely sensible.

Joe

The best advice I have read all day. I have recently been on a few
networks that will not allow 4.2.2.2 to resolve for the clients.
  Cisco tech support tells their customers (us) to use it when testing.
Perhaps this is not such a good practice.
   Patrick is correct. Use your own stuff and yell when it does not work.

:

> I don't care what internal routing tricks are used, they are still
> under the *one* external route and as such subject to single points
> of failure and as such don't have enough independence.

Are you asserting architectural control over what Level3 decide to do =
with their own servers, Mark?

No. The reason for multiple nameservers is to remove single points
of failures. Using three consecutive addresses doesn't remove
single points of failure in the routing system.

If their goal is distribute a service for the benefit of their own =
customers, then keeping all anycast nodes associated with that service =
on-net seems entirely sensible.

Which only helps if *all* customers of those servers are also on net.

Where has Level 3 ever claimed that these servers were ever for *external* use?

As a Level 3 customer who uses these servers, I'm seeing multiple
*internal* routes to these servers.

Of course, if 4/8 disappears from the global routing tables then Level
3 has a bit bigger problem than their DNS resolvers not being
accessible from non-customers.

I'd also be interested in knowing where you consider the "single
points of failure" for their announcement of 4/8 is, but that's
probably for another thread...

  Scott.

All _customers_ are.

People using a service which was not announced or support are not customers.