Chances are that if you're a network operator you know the IP address
188.8.131.52. It's an easy to type and easy to remember address, which since
1998 has been a "beefy" DNS service responding to the public Internet.
Since you need DNS before you can use anything other than IP addresses on
the Internet, it can come in handy for testing or initial configuration.
Before Google started doing public DNS service on 184.108.40.206, and because
220.127.116.11 is typically pretty fast, many people have used it as their
standard DNS server. Since the most basic test of Internet connectivity
you can do is to ping an IP address (with DNS disabled), a "ping -n
18.104.22.168" can tell you if your networking problem is at a higher level or a
lower level right away.
Is this just an accident, or was this a deliberate choice? Was it
intentionally set up as a public DNS service, or an accident. I've
wondered this for years. But just recently I was investigating a
networking oddness reported by Kyle who uses this, and I decided to try to
dig deep and find out the story behind whatI imagine is one of the most
famous IP addresses on the public Internet.
First of all, I want to make it clear that this story doesn't involve
me. I wasn't there, I am only collecting information I have gathered from
others who were.
The bulk of this background is thanks to respondants on the NANOG mailing list, in particular John Orthoefer and
Tony Tauber for the "I was there" level of information. See the bottom of
this story for their words.
If you were involved and have anything further to add to this story,
please contact me with more details at firstname.lastname@example.org.
What is 22.214.171.124?
I'll get to the story in a bit, but first I want to start from the
basics. Skip this and the next section if you just want to know the story
behind the DNS server.
126.96.36.199 is one of the easiest to type of a collection of 6 DNS
servers at 188.8.131.52 through 184.108.40.206 (originally only 1-3). The answer
queries made by the general public, which is unusual in the last several
years. You see, DNS resolvers can be used to by someone on a fairly
slow network line to generate a much larger amount of traffic directed
at another location. This is called an "amplifier".
This IP space is currently run by Level 3 (headquartered just down the
road from us in Broomfield), and actually is a large number of machines.
These machines are spread out over Level 3's network and your closest is
located by a mechanism called "Anycast".
John O. in an e-mail says he recalls that originally the intention was
to use .1, .2, and then .3 in that order. The .2 IP was just latched onto
because it just rolls off the keyboard easier, I suspect.
Should I Use 220.127.116.11?
Unless you are a Level-3 customer, absolutely not. Google now has
established public DNS servers at 18.104.22.168 which you should use. 22.214.171.124
can additionally be used, but 126.96.36.199 is pretty easy. :-)
I'll back this up by saying that I never used 188.8.131.52, I can't
remember when I've ever used it, even for testing. But, that's easy
for me to say; tummy.com has permanent IP space from an allocation back
in 1993, and those are IPs I know well. So when I need to test network
connectivity, or DNS lookups, I'll use them.
I realize that not everyone has such IPs that are right in mind that
they can use for testing. Further, our DNS servers don't answer recursive
queries from the public, so if you need a DNS server to load web pages to
find out the IP addresses of your ISP's DNS servers, or Google's DNS
service, 184.108.40.206 is probably a good choice. It's also a compelling choice
if you just need to send out a ping to see if you can reach the Internet,
if you don't have IPs you already know like I do.
However, some people set up 4.2.2.[1-6] as their standard
DNS servers. Don't do this unless you are connected to
Level 3. One story I came across by "chimpoko" is that he called
an ISP and they told him to that 220.127.116.11 is their DNS server.
According to Richard Golodner, Cisco support also tells people to
use it for testing,
The best reason why not is that Level 3 is under no obligation to
provide this service to the public and there are several reports I found
that they're trying to discourage people from using it.
Your ISP's DNS servers are the best choice for use as your DNS
servers. If you can't do that for some reason (say, they are doing
something evil with DNS), using Google's DNS service, or setting up your
own recursor (install pdns-recursor and use 127.0.0.1) is a good second
Personally, I set up pdns-recursor on my laptop and my home
DHCP/office DHCP servers. At our facility we have several recursors set up
with high availability (for speedy lookups even during maintenance) and
then a few secondary resolvers in case the primary ones have issues.
This was originally set up at BBN (one of the
early Internetworking pioneers) by Brett McCoy and John Orthoefer ("but
most of the credit/blame goes to Brett") in 1998.
Because they were early, they got a low starting octet of 4 (0,
1, and 2 were reserved, and 3 was taken by GE (in 1994, I don't know
who it was before that). IANA says BBN got 18.104.22.168/8 in December 1992,
but John O. (in an e-mail) says he's 99.9% sure they had it before that.
Through the years 4/8 has passed around, finally ending up at Level 3.
So it starts with 4 because it's easy to remember, and until you can do
DNS resolution, all you can use is IP addresses.
When originally set up, they were hoping to put it on 22.214.171.124, because
it's simple to remember. 4.0/16 and 4.1/16 were already used. John
Hawkinson had set aside 4.2/16 ("under the label "Numerology" since he had
the wisdom to see that the numbers in themselves could be valuable").
So they "got/grabbed" the first 3 IP addresses 126.96.36.199 through .3 as
DNS servers so there were multiple options in case one was down.
John Orthoefer said they initially had issues with complaints that
these DNS servers weren't geographically diverse enough, since they were
on the same /24 block of addresses. Anycast wasn't that well known at
the time (not that it's exactly a rock star today). The idea that 188.8.131.52
and 184.108.40.206 could be coming from completely different areas was unusual.
How did it get to be so well known?
Despite a message I ran across from someone claiming to
be responsible for it's popularity, I'm not sure we can ever really
know who was responsible for the spreading of this word. However, it was
clearly intended from the beginning to be an easy to remember and type
address when this cluster was originally set up for BBN.
Tony Tauber indicates that John Hawkinson was responsible for it being
an easy IP. "He really wanted 220.127.116.11." John Orthoefer says that Brett
McCoy went looking for an easy to remember IP and that "jhawk" had the
My opinion is that among the reasons it is so well known are that it
was designed from the very beginning to be memorable, and they folks
setting up this service had the foresight to realize that having it on an
easy IP was valuable. And they were lazy, never underestimate the power of
avoiding headaches: "We figured trying to filter it was larger headache than
just making it public."
So, a public service with an easy to remember and type IP address,
which was then promoted heavily for use within BBN? How could it not
spread like wildfire? We system and network admins are, out of necessity,
lazy. It's a survival trait, we usually have so much to do that we have to
be lazy when we can afford to.
Why was it set up?
John Orthoefer says that it was done as part of the build-out for
their ISP branch: BBN Planet. Before that the BBN primary DNS server was
NIC.near.net (which "predates [planet] by 10 years"). It was set up as a
series of Anycast servers because adding more unicast servers and trying to
get customers to switch was "all but impossible".
So that's the story
I hope you enjoyed it as much as I did. Thanks again to John
Orthoefer and Tony Tauber for their time in recounting this little bit of
history. I urge you to read their messages (linked in the references
below) for some more details and stories related to 18.104.22.168.
John Orthoefer, Tony Tauber, and Richard Golodner for background
details in response to my NANOG post.
Paul S. R. Chisholm of Google suggested using 22.214.171.124, and testing
web connectivity using http://126.96.36.199/. See Testing
your new settings for more information.