[TriLUG] Slides from last night's DNS Presentation

Ben Pitzer uncleben at mindspring.com
Fri Oct 15 17:47:46 EDT 2004


Rick,

In response to your thoughts here:

1.  Black hole lists are typically best used by most folks to temporarily
eliminate DDOS attacks, or other abusive situations.  They can be used, for
example, to corral and eliminate problems from virus laden hosts hammering
DNS servers with thousands of TCP queries, which can cause serious load
spikes, on occasion.  Usually, adding the offender to the black hole list
for 24-48 hours is enough to ensure that they're not going to hit you
anymore, especially if coupled with an email to the IP owner's abuse
coordinator.

For a small, home based DNS server, however, it'll probably be rare that
you'd need to do something like this.

2.  Views could be better used to set up a view for your internal LAN to do
lookups on one set of zones, while everybody external sees a different zone,
perhaps both containing the same hostnames.  That way, you could keep your
internal LAN's records pointing to internal IPs, while letting your external
view point to external IP zones.  (I hope that make sense...)

Regards,
Ben Pitzer

---------------------------------------------

"Those that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 --Ben Franklin--




> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> Behalf Of Rick DeNatale
> Sent: Friday, October 15, 2004 4:12 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] Slides from last night's DNS Presentation
>
>
> Another thank you for last night's session.
>
> Apropos the discussion of BIND security, gmail popped in with this
> link http://www.circleid.com/article/774_0_1_0_C/ as a "comment" on
> this thread.
> I thought that some might find it interesting.
>
> I've got a few other thoughts which were provoked by the session.
>
> 1) The discussion of black hole lists as interesting, and hit one of
> my hot buttons, which is ISPs which use dnsrbls (or rbls in general)
> like SpamCop to bounce e-mail rather than as one positive indication
> of spam so that a tool like Spamassassin can tag it. Much as I had
> spam and junkmail, I'd rather have it delivered and let me and my
> tools decide it's junk rather than the postman throughing good mail
> away with the bad.  Most rbls have warnings against using them in this
> way, but it seems that lots of ISPs ignore them either ignorantly or
> even actively feeling that the reduction in load on their servers is
> worth thowing away a "few" of their customers' emails.  I got into
> running my own local mail server just to avoid problems with this. I'm
> amazed at how much spam gets through on my ISP email account only to
> be caught by SA.
>
> 2) I looked into the view feature of BIND 9, I'm not sure that it's
> usable in my situation. My home lan is behind a Netgear NAT router.
> I've got a dyndns free dns listing for denhaven2.homeip.net which
> resolves (via dyndns.org's name servers to my router's address. Inside
> the lan, I run BIND on a linux server which forwards to the router
> (which in turn forwards to the name servers it gets from the ISP via
> DHCP). Dyndns wildcards the hostnames in my domain, and the NAT router
> uses it's virtual server by ports to route to the right machines
> inside. My BIND server has a zone for local.denhaven2.homeip.net to
> resolve the addresses of machines on the lan. Now views would let me
> have names like fred.denhaven2.homeip.net instead of
> fred.local.denhaven2.homeip.net, but to do this, I'd need to expose my
> name server to the internet right? Dyndns doesn't appear to support
> this for an dynamic ip address even if I wanted to pay for it. Does it
> even make sense to be thinking about this in the typical home setup
> with a single exposed ip address?
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>




More information about the TriLUG mailing list