On Fri, 15 Oct 2004 17:47:46 -0400, Ben Pitzer <[EMAIL PROTECTED]> wrote: > Rick, > > In response to your thoughts here: > > 1. Black hole lists are typically best used by most folks to temporarily > eliminate DDOS attacks, or other abusive situations. They can be used, for > example, to corral and eliminate problems from virus laden hosts hammering > DNS servers with thousands of TCP queries, which can cause serious load > spikes, on occasion. Usually, adding the offender to the black hole list > for 24-48 hours is enough to ensure that they're not going to hit you > anymore, especially if coupled with an email to the IP owner's abuse > coordinator. > > For a small, home based DNS server, however, it'll probably be rare that > you'd need to do something like this.
Understood, but I wasn't talking about protecting a DNS server from DOS attacks my gripe was about ISPs who keep legitimate e-mails from getting to me because they've ended up temporarily or not on a list like spamcop.net. I've seen this happen to mail from yahoo groups. I've also had mailing list sign-up confirmations blocked from many mailing lists, particularly sourceforge lists. That's what led me set up my own mail server. > 2. Views could be better used to set up a view for your internal LAN to do > lookups on one set of zones, while everybody external sees a different zone, > perhaps both containing the same hostnames. That way, you could keep your > internal LAN's records pointing to internal IPs, while letting your external > view point to external IP zones. (I hope that make sense...) Yes, that's how I understand it, but in a typical SOHO setup with a single dynamic ISP supplied ip address a lan behind a NAT router, with all of the externally viewed name mapping to the only ip address I've got I'm not sure I see either how to or why I should use views. How well do the DNS protocols support domains, as opposed to hosts, with dynamic addresses? Dyndns doesn't seem to support exposing name servers on a dynamic address, do any similar outfits allow it? -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
