Chances are that if you're a network operator you know the IP address 4.2.2.2. It's an easy to type and easy to remember address, which since 1998 has been a "beefy" DNS service responding to the public Internet. Since you need DNS before you can use anything other than IP addresses on the Internet, it can come in handy for testing or initial configuration.

Before Google started doing public DNS service on 8.8.8.8, and because 4.2.2.2 is typically pretty fast, many people have used it as their standard DNS server. Since the most basic test of Internet connectivity you can do is to ping an IP address (with DNS disabled), a "ping -n 4.2.2.2" can tell you if your networking problem is at a higher level or a lower level right away.

Is this just an accident, or was this a deliberate choice? Was it intentionally set up as a public DNS service, or an accident. I've wondered this for years. But just recently I was investigating a networking oddness reported by Kyle who uses this, and I decided to try to dig deep and find out the story behind whatI imagine is one of the most famous IP addresses on the public Internet.

Acknowledgements

First of all, I want to make it clear that this story doesn't involve me. I wasn't there, I am only collecting information I have gathered from others who were.

The bulk of this background is thanks to respondants on the NANOG mailing list, in particular John Orthoefer and Tony Tauber for the "I was there" level of information. See the bottom of this story for their words.

If you were involved and have anything further to add to this story, please contact me with more details at jafo@tummy.com.

What is 4.2.2.2?

I'll get to the story in a bit, but first I want to start from the basics. Skip this and the next section if you just want to know the story behind the DNS server.

4.2.2.2 is one of the easiest to type of a collection of 6 DNS servers at 4.2.2.1 through 4.2.2.6 (originally only 1-3). The answer queries made by the general public, which is unusual in the last several years. You see, DNS resolvers can be used to by someone on a fairly slow network line to generate a much larger amount of traffic directed at another location. This is called an "amplifier".

This IP space is currently run by Level 3 (headquartered just down the road from us in Broomfield), and actually is a large number of machines. These machines are spread out over Level 3's network and your closest is located by a mechanism called "Anycast".

John O. in an e-mail says he recalls that originally the intention was to use .1, .2, and then .3 in that order. The .2 IP was just latched onto because it just rolls off the keyboard easier, I suspect.

Should I Use 4.2.2.2?

Unless you are a Level-3 customer, absolutely not. Google now has established public DNS servers at 8.8.8.8 which you should use. 8.8.4.4 can additionally be used, but 8.8.8.8 is pretty easy. :-)

I'll back this up by saying that I never used 4.2.2.2, I can't remember when I've ever used it, even for testing. But, that's easy for me to say; tummy.com has permanent IP space from an allocation back in 1993, and those are IPs I know well. So when I need to test network connectivity, or DNS lookups, I'll use them.

I realize that not everyone has such IPs that are right in mind that they can use for testing. Further, our DNS servers don't answer recursive queries from the public, so if you need a DNS server to load web pages to find out the IP addresses of your ISP's DNS servers, or Google's DNS service, 4.2.2.2 is probably a good choice. It's also a compelling choice if you just need to send out a ping to see if you can reach the Internet, if you don't have IPs you already know like I do.

However, some people set up 4.2.2.[1-6] as their standard DNS servers. Don't do this unless you are connected to Level 3. One story I came across by "chimpoko" is that he called an ISP and they told him to that 4.2.2.2 is their DNS server.

According to Richard Golodner, Cisco support also tells people to use it for testing,

The best reason why not is that Level 3 is under no obligation to provide this service to the public and there are several reports I found that they're trying to discourage people from using it.

Your ISP's DNS servers are the best choice for use as your DNS servers. If you can't do that for some reason (say, they are doing something evil with DNS), using Google's DNS service, or setting up your own recursor (install pdns-recursor and use 127.0.0.1) is a good second choice.

Personally, I set up pdns-recursor on my laptop and my home DHCP/office DHCP servers. At our facility we have several recursors set up with high availability (for speedy lookups even during maintenance) and then a few secondary resolvers in case the primary ones have issues.

Why 4.2.2.2?

This was originally set up at BBN (one of the early Internetworking pioneers) by Brett McCoy and John Orthoefer ("but most of the credit/blame goes to Brett") in 1998.

Because they were early, they got a low starting octet of 4 (0, 1, and 2 were reserved, and 3 was taken by GE (in 1994, I don't know who it was before that). IANA says BBN got 4.0.0.0/8 in December 1992, but John O. (in an e-mail) says he's 99.9% sure they had it before that. Through the years 4/8 has passed around, finally ending up at Level 3. So it starts with 4 because it's easy to remember, and until you can do DNS resolution, all you can use is IP addresses.

When originally set up, they were hoping to put it on 4.4.4.4, because it's simple to remember. 4.0/16 and 4.1/16 were already used. John Hawkinson had set aside 4.2/16 ("under the label "Numerology" since he had the wisdom to see that the numbers in themselves could be valuable").

So they "got/grabbed" the first 3 IP addresses 4.2.2.1 through .3 as DNS servers so there were multiple options in case one was down.

John Orthoefer said they initially had issues with complaints that these DNS servers weren't geographically diverse enough, since they were on the same /24 block of addresses. Anycast wasn't that well known at the time (not that it's exactly a rock star today). The idea that 4.2.2.1 and 4.2.2.2 could be coming from completely different areas was unusual.

How did it get to be so well known?

Despite a message I ran across from someone claiming to be responsible for it's popularity, I'm not sure we can ever really know who was responsible for the spreading of this word. However, it was clearly intended from the beginning to be an easy to remember and type address when this cluster was originally set up for BBN.

Tony Tauber indicates that John Hawkinson was responsible for it being an easy IP. "He really wanted 4.4.4.4." John Orthoefer says that Brett McCoy went looking for an easy to remember IP and that "jhawk" had the superblock reserved.

My opinion is that among the reasons it is so well known are that it was designed from the very beginning to be memorable, and they folks setting up this service had the foresight to realize that having it on an easy IP was valuable. And they were lazy, never underestimate the power of avoiding headaches: "We figured trying to filter it was larger headache than just making it public."

So, a public service with an easy to remember and type IP address, which was then promoted heavily for use within BBN? How could it not spread like wildfire? We system and network admins are, out of necessity, lazy. It's a survival trait, we usually have so much to do that we have to be lazy when we can afford to.

Why was it set up?

John Orthoefer says that it was done as part of the build-out for their ISP branch: BBN Planet. Before that the BBN primary DNS server was NIC.near.net (which "predates [planet] by 10 years"). It was set up as a series of Anycast servers because adding more unicast servers and trying to get customers to switch was "all but impossible".

So that's the story

I hope you enjoyed it as much as I did. Thanks again to John Orthoefer and Tony Tauber for their time in recounting this little bit of history. I urge you to read their messages (linked in the references below) for some more details and stories related to 4.2.2.2.

Contributions

• John Orthoefer, Tony Tauber, and Richard Golodner for background details in response to my NANOG post.
• Paul S. R. Chisholm of Google suggested using 8.8.4.4, and testing web connectivity using http://18.62.0.96/. See Testing your new settings for more information.

References

• John Orthoefer's NANOG response to my question about 4.2.2.2 history. He set up 4.2.2.2 with Brett McCoy.
• John Orthoefer's NANOG post about why it was Anycast.
• Tony Tauber's NANOG response to my question about 4.2.2.2 history. He did the Anycast setup.
• Richard Golodner's NANOG post saying that Cisco recommends using it for testing.
• Story about ISP's tech support saying their DNS sever is 4.2.2.2
• Claims of being the originator of 4.2.2.2's popularity. (At the very bottom)

from https://www.tummy.com/articles/famous-dns-server/

常规情形下，服务器是不会开启iptables的，原因比较简单：一是外部请求需要经过代理或者中转服务器，后端服务器不会直接暴露；二是外层网络安全组已经配置访问规则，安全组正常工作的情况下，iptables的角色重复。

面向终端用户的服务器基本上要求开启iptables。配置过程中就不说被自己踢下去这样的坑了，最近几次遇到的坑是：开启iptables后，无法访问外网，也无法ping通外网，关闭后一切正常。主意到这个现象是半年前在一台服务器上开启iptables，过了几天发现解析域名异常。解析域名问题第一反应当然是排查DNS。经过配置DNS，提工单找技术支持等方案折腾后，某天灵感闪现，上网一查果然是iptables的问题。

本人最常用的iptables配置是这样：

iptables -F
iptables -P INPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
配置其他规则
iptables -P INPUT DROP

上述配置在不会主动访问外网（需解析域名的）url服务器上没有问题。此时如果在服务器上执行curl www.baidu.com或者ping www.baidu.com，会发现命令卡住无返回。原因在于iptables默认的策略是DROP，解析域名和ping用到的udp和icmp包在iptables中均被丢弃掉了。

解决dns解析的问题，需要加上如下规则：

iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT

ping通外网，或者让外网ping通，需要加上如下规则：

iptables -A INPUT -p imcp -j ACCEPT