Chances are that if you're a network operator you know the IP address 188.8.131.52. It's an easy to type and easy to remember address, which since 1998 has been a "beefy" DNS service responding to the public Internet. Since you need DNS before you can use anything other than IP addresses on the Internet, it can come in handy for testing or initial configuration.
Before Google started doing public DNS service on 184.108.40.206, and because 220.127.116.11 is typically pretty fast, many people have used it as their standard DNS server. Since the most basic test of Internet connectivity you can do is to ping an IP address (with DNS disabled), a "ping -n 18.104.22.168" can tell you if your networking problem is at a higher level or a lower level right away.
Is this just an accident, or was this a deliberate choice? Was it intentionally set up as a public DNS service, or an accident. I've wondered this for years. But just recently I was investigating a networking oddness reported by Kyle who uses this, and I decided to try to dig deep and find out the story behind whatI imagine is one of the most famous IP addresses on the public Internet.
First of all, I want to make it clear that this story doesn't involve me. I wasn't there, I am only collecting information I have gathered from others who were.
The bulk of this background is thanks to respondants on the NANOG mailing list, in particular John Orthoefer and Tony Tauber for the "I was there" level of information. See the bottom of this story for their words.
If you were involved and have anything further to add to this story, please contact me with more details at firstname.lastname@example.org.
What is 22.214.171.124?
I'll get to the story in a bit, but first I want to start from the basics. Skip this and the next section if you just want to know the story behind the DNS server.
126.96.36.199 is one of the easiest to type of a collection of 6 DNS servers at 188.8.131.52 through 184.108.40.206 (originally only 1-3). The answer queries made by the general public, which is unusual in the last several years. You see, DNS resolvers can be used to by someone on a fairly slow network line to generate a much larger amount of traffic directed at another location. This is called an "amplifier".
This IP space is currently run by Level 3 (headquartered just down the road from us in Broomfield), and actually is a large number of machines. These machines are spread out over Level 3's network and your closest is located by a mechanism called "Anycast".
John O. in an e-mail says he recalls that originally the intention was to use .1, .2, and then .3 in that order. The .2 IP was just latched onto because it just rolls off the keyboard easier, I suspect.
Should I Use 220.127.116.11?
Unless you are a Level-3 customer, absolutely not. Google now has established public DNS servers at 18.104.22.168 which you should use. 22.214.171.124 can additionally be used, but 126.96.36.199 is pretty easy. :-)
I'll back this up by saying that I never used 188.8.131.52, I can't remember when I've ever used it, even for testing. But, that's easy for me to say; tummy.com has permanent IP space from an allocation back in 1993, and those are IPs I know well. So when I need to test network connectivity, or DNS lookups, I'll use them.
I realize that not everyone has such IPs that are right in mind that they can use for testing. Further, our DNS servers don't answer recursive queries from the public, so if you need a DNS server to load web pages to find out the IP addresses of your ISP's DNS servers, or Google's DNS service, 184.108.40.206 is probably a good choice. It's also a compelling choice if you just need to send out a ping to see if you can reach the Internet, if you don't have IPs you already know like I do.
However, some people set up 4.2.2.[1-6] as their standard DNS servers. Don't do this unless you are connected to Level 3. One story I came across by "chimpoko" is that he called an ISP and they told him to that 220.127.116.11 is their DNS server.
According to Richard Golodner, Cisco support also tells people to use it for testing,
The best reason why not is that Level 3 is under no obligation to provide this service to the public and there are several reports I found that they're trying to discourage people from using it.
Your ISP's DNS servers are the best choice for use as your DNS servers. If you can't do that for some reason (say, they are doing something evil with DNS), using Google's DNS service, or setting up your own recursor (install pdns-recursor and use 127.0.0.1) is a good second choice.
Personally, I set up pdns-recursor on my laptop and my home DHCP/office DHCP servers. At our facility we have several recursors set up with high availability (for speedy lookups even during maintenance) and then a few secondary resolvers in case the primary ones have issues.
This was originally set up at BBN (one of the early Internetworking pioneers) by Brett McCoy and John Orthoefer ("but most of the credit/blame goes to Brett") in 1998.
Because they were early, they got a low starting octet of 4 (0, 1, and 2 were reserved, and 3 was taken by GE (in 1994, I don't know who it was before that). IANA says BBN got 18.104.22.168/8 in December 1992, but John O. (in an e-mail) says he's 99.9% sure they had it before that. Through the years 4/8 has passed around, finally ending up at Level 3. So it starts with 4 because it's easy to remember, and until you can do DNS resolution, all you can use is IP addresses.
When originally set up, they were hoping to put it on 22.214.171.124, because it's simple to remember. 4.0/16 and 4.1/16 were already used. John Hawkinson had set aside 4.2/16 ("under the label "Numerology" since he had the wisdom to see that the numbers in themselves could be valuable").
So they "got/grabbed" the first 3 IP addresses 126.96.36.199 through .3 as DNS servers so there were multiple options in case one was down.
John Orthoefer said they initially had issues with complaints that these DNS servers weren't geographically diverse enough, since they were on the same /24 block of addresses. Anycast wasn't that well known at the time (not that it's exactly a rock star today). The idea that 188.8.131.52 and 184.108.40.206 could be coming from completely different areas was unusual.
How did it get to be so well known?
Despite a message I ran across from someone claiming to be responsible for it's popularity, I'm not sure we can ever really know who was responsible for the spreading of this word. However, it was clearly intended from the beginning to be an easy to remember and type address when this cluster was originally set up for BBN.
Tony Tauber indicates that John Hawkinson was responsible for it being an easy IP. "He really wanted 220.127.116.11." John Orthoefer says that Brett McCoy went looking for an easy to remember IP and that "jhawk" had the superblock reserved.
My opinion is that among the reasons it is so well known are that it was designed from the very beginning to be memorable, and they folks setting up this service had the foresight to realize that having it on an easy IP was valuable. And they were lazy, never underestimate the power of avoiding headaches: "We figured trying to filter it was larger headache than just making it public."
So, a public service with an easy to remember and type IP address, which was then promoted heavily for use within BBN? How could it not spread like wildfire? We system and network admins are, out of necessity, lazy. It's a survival trait, we usually have so much to do that we have to be lazy when we can afford to.
Why was it set up?
John Orthoefer says that it was done as part of the build-out for their ISP branch: BBN Planet. Before that the BBN primary DNS server was NIC.near.net (which "predates [planet] by 10 years"). It was set up as a series of Anycast servers because adding more unicast servers and trying to get customers to switch was "all but impossible".
So that's the story
I hope you enjoyed it as much as I did. Thanks again to John Orthoefer and Tony Tauber for their time in recounting this little bit of history. I urge you to read their messages (linked in the references below) for some more details and stories related to 18.104.22.168.
- John Orthoefer, Tony Tauber, and Richard Golodner for background details in response to my NANOG post.
- Paul S. R. Chisholm of Google suggested using 22.214.171.124, and testing web connectivity using http://126.96.36.199/. See Testing your new settings for more information.
- John Orthoefer's NANOG response to my question about 188.8.131.52 history. He set up 184.108.40.206 with Brett McCoy.
- John Orthoefer's NANOG post about why it was Anycast.
- Tony Tauber's NANOG response to my question about 220.127.116.11 history. He did the Anycast setup.
- Richard Golodner's NANOG post saying that Cisco recommends using it for testing.
- Story about ISP's tech support saying their DNS sever is 18.104.22.168
- Claims of being the originator of 22.214.171.124's popularity. (At the very bottom)