Hello David,
Wednesday, February 19, 2003, 11:29:47 AM, you wrote:
David> DNS sometimes also uses TCP on port 53 for large packets, so you
David> probably want to allow that as well.
I don't think so. DNS uses TCP only for zone transfers. But since
he'll use dbjdns, which specifically DOESN'T supports either zone
transfers or TCP, there's no point in opening that point of failure.
Besides, the problem of hsoting your own DNS is that:
1) You get a listed server so you're fair game for script kiddies.
2) No software has the security track record of BIND (ok, may be MS,
but let's not get to a MS bashing fest). So it's the number one
port for script kiddies to try. Specifically, because they can't
know the difference with dbjdns.
I have contracted my dns. So I forget about that security problem,
and since it's so cheap, and given that the increase in reading logs
that causes hosting a DNS, I think it's actually cheaper. I pay like
$4 per year for domain. Being cheap let's say that I make than in an
hour. Do I save myself more than an hour of dns maintenance plus
security aduting plus the eventuality of the time and expenses of
having your machine owned? Yeah! Big time! Think about it. In fact it
might be cheaper than buing a new sofa :-)
--
Best regards,
Alejandro Belluscio
