Max Grobecker <max.grobec...@ml.grobecker.info> writes: > This could be done maybe by querying a special DNS name which returns > the IP address from where the query was received (like > "whoami.akamai.net"). By comparing the ASN of the probe and the ASN > of the IP address returned by the DNS query, one could determine, if > the ISP's servers are used.
There should be no need for a new service. The SOS queries already provides the necessary raw data. You can see resolver addresses in the probe's "SOS History". Someone "just" has to process the data and produce a "Resolver-in-same-AS" tag. > This would also be true for people running their own recursor, but > this could be filtered as well very easy. How? Reject resolvers which are only used by a single probe? Or did you have something smarter in mind? If not, I fear it would produce a large number of false positives. Many ISPs will have a relatively large resolver to probe ratio (when counting resolver addresses visible to authoritative servers). > If an ISP is using multiple ASN, this could be a problem. Maybe > there's an easy solution for this as well. Geoff Huston has tried to analyze this as part of open resolver measurements: https://www.potaroo.net/ispcol/2019-09/centrality.html Doing a "same CC and not well-kown public resolver" might do it. Bjørn -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas