[TriLUG] OT: Opinion about DNS service

ac via TriLUG trilug at trilug.org
Sat Aug 5 03:19:48 EDT 2017 

On Fri, 4 Aug 2017 13:08:59 -0400
David Burton via TriLUG <trilug at trilug.org> wrote:
> > Port blocking.
> > Commonly-abused ports (like 25) /might/ not be blocked at any
> > moment with residential class.  I can be /guaranteed/ they aren't
> > blocked with business class.
> 
> Well, I gave up on running my own mailserver, anyhow. It was just too
> *hard*, largely due to the spam flood.
> 

Email is easy :)

Spam is basically dead.

Six? golden rules:
1. Bounce when no rDNS (exim/postfix/sendmail/qmail - 2 second conf)
2. Use 10 dnsbl with properly configured spamassasin - with 2 points
per dnsbl listing 
(five minutes copy & paste for exim/postfix) -> bl -> http://multirbl.valli.org/
3. hard bounce any incoming over 10 (10 second conf)
4. hand white/black bad domains, like the spammy twitter.com
5. iptables firewall sorbs drop & block spam nets (no need to worry
about AS jack as you have point 1 (rDNS) 
6. Filter outgoing (also using spamassasin & out rulesets) & delete
abusive users (spend money/time on abuse admin)

Mind you, I did get a spam about two weeks ago... so you may still get
the odd spam email every month or two...

Andre
 
> It is so hard to do email properly that AT&T gave up, and outsourced
> the chore to Yahoo (which is now awkward, since Yahoo is now owned by
> Verizon).
> Also, these days most big mail providers won't accept connections from
> mailservers running on residential / dynamic IP addresses. The
> problem is not that Spectrum or AT&T will block your ports, it is
> that nobody else will talk to them.
> 
> These days all I run is a web server. For my web server, on port 80,
> it hasn't been a problem. Nobody seems to block port 80, and I assume
> they don't block port 443, either (I'm not currently doing https).
> 
> When Spectrum/TWC went down for 42 hours, a week ago, I temporarily
> used my neighbor's AT&T (with his permission). I connected to his
> WiFi with my Win10 laptop, enabled ICS (Internet Connection Sharing),
> ran an Ethernet cable from the laptop to the gazinta port on my
> router, forwarded port 80 from his modem to my laptop, and from my
> laptop to the router, changed my ZoneEdit settings to direct traffic
> to my neighbor's IP, and my sites were back up.
> 
> It had three (3) levels of NAT going on, and it felt a lot like it
> was held together with duct tape and bailing wire, but it worked.
> 
> (And now I know for sure that AT&T doesn't block port 80, either.)
> 
> 
> 
> > Now, the reality might be that, say, a Linode VPS is cheaper per
> > year, and that I could do everything I currently do physically in
> > my house on such a system.  But I like having the hardware in front
> > of me.  I can use and abuse it however I want and there's nobody to
> > complain but me. 
> 
> Me too!
> 
> 
> 
> >
> > On the IPv6 front: Apparently it comes and goes.  A month or so ago
> > it was working; this past week it inexplicably stopped and I had to
> > set up tunneling again.
> >  
> 
> I'm not using IPv6 yet, because my router is one small hardware rev
> short of the version with IPv6 support.
> 
> 
> 
> >
> > Oh, and the best thing about business class:  I call for support
> > and get a person that actually knows something.  Just the other day
> > I called to report an outage, and the conversation went something
> > like this:
> >
> >
> > Me: "Yeah, I just lost connectivity to my remote site.  Can you
> > check stuff?"
> >
> > Him: "I am showing your modem is offline.  Can you check the lights
> > on the front and cycle power?"
> >
> > Me: "Nope, I'm not on site at the moment."
> >
> > Him: "Well let me do a deeper check, hold on..."
> >
> > ...a couple minutes pass...
> >
> > Him: "Huh.  Looks like 12 out of 13 business class modems in that
> > sector are offline.  Let me get our guys working on that."
> >
> >
> > I defy you to get that level of service on a residential contract.
> >
> > -B  
> 
> 
> Now that is a *very* good point.
> 
> When my Spectrum/TWC went down during the thunderstorm, a few minutes
> after 5 pm, one week ago, their support people kept saying, "we don't
> show an outage in your area."
> 
> They said that over 85% of the modems on my "node" (whatever that is)
> were up and running, which they said was normal, and they don't
> "declare an outage" unless it drops below 70%. I asked whether my
> neighbors on my street were up, and they couldn't tell me. I asked
> how many modems are on my "node" and they said "305," so it must be a
> big "node!"
> 
> I went to their office and rented a modem, and thereby proved that the
> problem wasn't my (customer-owned) modem.
> 
> I surveyed a couple of my neighbors on my street, and determined that
> service was out for them, too.
> 
> But Spectrum wouldn't believe me that it was an area outage, so they
> scheduled a service call for Monday (three days out). Ugh!
> 
> One of my neighbors beat 'em up and got 'em to schedule a service
> call for the next day (Saturday), but then they called her back and
> postponed it until Sunday.
> 
> They finally fixed it on Sunday morning, though there's now an
> unburied wire running along the curb, so I won't be surprised if we
> have another brief outage when they get around to burying it.
> 
> Dave
> www.sealevel.info  <== *can you tell that this is running on an
> ancient IBM repurposed XP computer at the end of a cablemodem wire?*

More information about the TriLUG mailing list