On Jan 5, 2015, at 3:17 PM, Alexander Neilson <[email protected]> wrote:
> > >> On 6/01/2015, at 11:59 am, Franck Martin <[email protected]> wrote: >> >> >> On Jan 4, 2015, at 2:44 AM, Alexander Neilson <[email protected]> >> wrote: >> > >> >>> >>>> >>>>> * Resolved Fragmentation issues to allow full 4096 EDNS resolution >>>> The best ;-). It seems like you already learned a lot and have taken the >>>> right decisions. >>> >>> I am doing my best to try improve all aspects of our network. However the >>> learning is what I really value out of it all as every change I make helps >>> me to understand how it all works in the plumbing. >> >> You may find some useful documentation here if you worry about your network >> and not DNS only: https://www.m3aawg.org/published-documents >> > > Thank you, more resources on networks all over (DNS or otherwise) are always > welcome. Trying to learn more to be a better network operator. > The big rule, is block port 25 traffic outside your network for all dynamic IP customers or end customers by default (they can use the submission port). Monitor this traffic as it will help you locate infected machines from your customers. Make sure that any of your IPs has an attached working abuse email address. It is set up via the APNIC interface, gets visible in the whois but is surfaced via free and easy to use services like https://abusix.com/contactdb.html It makes reporting issues very easy (like DNS amplification attacks) and automatic, data you will want to have to keep your network cleaner, react to issues faster and contribute to world peace :P Learn about spamhaus.org, surbl.org, uribl.org, spamcop.net, sorbs.net, shadowserver.org …. Finally check: https://dmarcian.com/spf-survey/neilson.net.nz https://dmarcian.com/dmarc-inspector/neilson.net.nz
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
