Why can I ping google.com, but not nasa.gov?

I have to ping it like this

ping www.nasa.gov

Is it because of DNS record of NASA?

Also how does a ping response time improve?

ping google.com 
time 44 msec
ping google.com
time 10 msec

edit: new query If I am correct, isnt WWW one level below the nasa node in a DNS tree? Then as most of the addresses we use in the browser are with WWW, does that mean that the A record is with the WWW node or with the nasa node or with both?

zcqwevb

Posted 2011-07-14T13:19:49.670

Reputation: 710

3Every ping packet may take a different time to reach its destination and come back. This depends on the load of the hops on its way. – slhck – 2011-07-14T13:30:57.947

3Ping times depend more on the route taken than load in my experience. Routers may send packets to their destination by different routes at different times. – CarlF – 2011-07-14T13:37:24.403

7Did any of you who actually picked Tom Frey's answer actually try pinging nasa.gov (minus the www) or do an NSLOOKUP? That answer is so wrong. The same firewall he says is dropping them, responds to ping www.nasa.gov. It is because it is lacking a DNS A record for NASA.gov. – KCotreau – 2011-07-14T15:35:43.453

Answers

Because for some reason, they have not added a DNS "A record" for nasa.gov, so it does not resolve, and returns a host unknown. Most administrators do configure their DNS to respond to requests, especially for HTTP, to both the domain.com and www.domain.com. You can ping www.nasa.gov though.

Although, not in this case, another reason would be if they chose to drop ICMP ping requests, which is configured on a firewall or router.

KCotreau

Posted 2011-07-14T13:19:49.670

Reputation: 24 985

1One more thing: In general, it is usually ignorance that leads to this situation, but I find it strange that one of THE most technically-oriented agencies in the world would do this by accident. I can't think of their reason, but I sure hope for the last Shuttle in space right now, they did not overlook something so simple. – KCotreau – 2011-07-14T13:34:27.870

4nasa.gov does have DNS records and resolves fine. It just doesn't have any addresses (A/AAAA records). It used to be relatively common for websites to be hosted on the www subdomain (similar to mail for mail servers, etc.) – user1686 – 2011-07-14T14:01:29.373

1Of course, I meant A records since we are talking about resolving to a host. Think" "Context" of the question please. – KCotreau – 2011-07-14T14:31:43.050

@grawity check edit – zcqwevb – 2011-07-14T19:56:43.653

Also try pinging microsoft.com for comparison. It will also drop the requests. Also why does this answer get like 19 thumb-ups in 6 hours(!!) and my answer on http://superuser.com/questions/241181/why-does-ping-returns-request-timed-out-for-some-hosts/241204#241204 which is almost the same question (only difference here being the DNS the error) only gets one? ;D. Yes, I'm jelly :O

– sinni800 – 2011-07-14T20:31:29.217

@sinni800 Because you are missing why nasa.gov does not work. It is not failing due to a firewall configuration and dropping the request, like microsoft.com, but because there is no DNS A record in the first place. In other words, there is not way to "find" nasa.gov in the first place, so the firewall cannot reject something that is not even getting to it at all. They are not the same scenario at all, and while the questions are similar, the answers are radically different because they fail for different reasons. – KCotreau – 2011-07-14T20:40:28.130

1I didn't miss this, read my comment: (only difference here being the DNS the error). I know the sentence is messed up, sorry for that! – sinni800 – 2011-07-14T20:42:25.977

$ host nasa.gov
nasa.gov mail is handled by 10 ndjsnpf01.ndc.nasa.gov.
nasa.gov mail is handled by 10 ndjsnpf02.ndc.nasa.gov.
nasa.gov mail is handled by 10 ndjsnpf03.ndc.nasa.gov.
nasa.gov mail is handled by 10 ndmsnpf01.ndc.nasa.gov.
nasa.gov mail is handled by 10 ndmsnpf02.ndc.nasa.gov.
nasa.gov mail is handled by 10 ndmsnpf03.ndc.nasa.gov.

So you can send mail to username@nasa.gov, but there is no machine nasa.gov to connect to.

$ host www.nasa.gov
www.nasa.gov is an alias for www.nasa.gov.speedera.net.
www.nasa.gov.speedera.net is an alias for www.nasa.gov.edgesuite.net.
www.nasa.gov.edgesuite.net is an alias for a1718.x.akamai.net.
a1718.x.akamai.net has address 92.122.213.138
a1718.x.akamai.net has address 92.122.213.200

So when you ping www.nasa.gov you are really pinging an Akamai machine via several indirections.

The NASA mail server is run by NASA directly. It doesn't reply to ping requests:

$ host ndjsnpf01.ndc.nasa.gov
ndjsnpf01.ndc.nasa.gov has address 198.117.1.121
$ whois 198.117.1.121
[...]
National Aeronautics and Space Administration NETBLK-NSI (NET-198-116-0-0-1) 198.116.0.0 - 198.123.255.255
[...]
$ ping ndjsnpf01.ndc.nasa.gov
PING ndjsnpf01.ndc.nasa.gov (198.117.1.121) 56(84) bytes of data.

starblue

Posted 2011-07-14T13:19:49.670

Reputation: 573

NASA's firewall is probably dropping ICMP (ping) packets, thus your pings will time out. The largest factor of latency is physical distance, the further away your target, the bigger the latency (speed of light is the top limiting factor)

TJF

Posted 2011-07-14T13:19:49.670

Reputation: 263

1but why is there is an improvement of performance between successive runs of ping to same host? – zcqwevb – 2011-07-14T13:32:39.803

8it increase and decrease, each packet you send doesn't necessarily take the same route to reach the final destination. Routes are dynamic and constantly changing to avoid bottle necks. – squareborg – 2011-07-14T13:40:13.590

5Also, routers consider ICMP low priority, thus depending on the router's load, they may schedule to reply to ICMP at a later time once higher priority packets have been processed – TJF – 2011-07-14T14:37:50.130

Mobile communication also has a lot more latency, I get ping times of about 100ms with a good connection, and much more with bad connections. – starblue – 2011-07-14T14:40:07.673

It's true that routes are dynamic, but they should not be changing every few seconds, so I would not expect that to affect the results of a ping command. – Kevin Panko – 2011-07-14T14:53:02.527

I thought the slow first ping was because you need an ARP request find the gateway before you can send the ICMP packet. – Robert – 2011-07-14T15:17:51.847

1my default gw is my router I guess, so ARP request wont be needed as I already did some ping's before. – zcqwevb – 2011-07-14T15:48:38.323

17-1: I can ping www.nasa.gov (hosted in akamai.net). But nasa.gov doesn't resolve, so no address, so no packet sent. Nothing for a firewall to drop. – Richard – 2011-07-14T16:04:22.727

1@Robert - An ARP request won't effect the statistics gathered by the PING command. Those are two totally different, unrelated, and un-connected functions. – Iszi – 2011-07-14T16:41:03.203