[TriLUG] Slides from last night's DNS Presentation
Rick DeNatale
rick.denatale at gmail.com
Fri Oct 15 18:25:37 EDT 2004
On Fri, 15 Oct 2004 17:47:46 -0400, Ben Pitzer <uncleben at mindspring.com> wrote:
> Rick,
>
> In response to your thoughts here:
>
> 1. Black hole lists are typically best used by most folks to temporarily
> eliminate DDOS attacks, or other abusive situations. They can be used, for
> example, to corral and eliminate problems from virus laden hosts hammering
> DNS servers with thousands of TCP queries, which can cause serious load
> spikes, on occasion. Usually, adding the offender to the black hole list
> for 24-48 hours is enough to ensure that they're not going to hit you
> anymore, especially if coupled with an email to the IP owner's abuse
> coordinator.
>
> For a small, home based DNS server, however, it'll probably be rare that
> you'd need to do something like this.
Understood, but I wasn't talking about protecting a DNS server from
DOS attacks my gripe was about ISPs who keep legitimate e-mails from
getting to me because they've ended up temporarily or not on a list
like spamcop.net. I've seen this happen to mail from yahoo groups.
I've also had mailing list sign-up confirmations blocked from many
mailing lists, particularly sourceforge lists. That's what led me set
up my own mail server.
> 2. Views could be better used to set up a view for your internal LAN to do
> lookups on one set of zones, while everybody external sees a different zone,
> perhaps both containing the same hostnames. That way, you could keep your
> internal LAN's records pointing to internal IPs, while letting your external
> view point to external IP zones. (I hope that make sense...)
Yes, that's how I understand it, but in a typical SOHO setup with a
single dynamic ISP supplied ip address a lan behind a NAT router, with
all of the externally viewed name mapping to the only ip address I've
got I'm not sure I see either how to or why I should use views.
How well do the DNS protocols support domains, as opposed to hosts,
with dynamic addresses? Dyndns doesn't seem to support exposing name
servers on a dynamic address, do any similar outfits allow it?
More information about the TriLUG
mailing list