Understood, but I wasn't talking about protecting a DNS server from DOS attacks my gripe was about ISPs who keep legitimate e-mails from getting to me because they've ended up temporarily or not on a list like spamcop.net.
Speaking from the provider's prospective, it's a tragedy to throw mail away. I can certainly understand why some shops think it's necessary, after all Intrex pulls through roughly a million messages a day, and spam scanning all of those takes quite a bit of horsepower. Still, your suggestion of treating spamcop or any other RBL as a "weight" in the system is the best advice _for_a_provider_. Now if you're one of the few, or the only user of your mail system - it is certainly in your rights to make that decision, but a provider shouldn't make it unilaterally for all of their users.
Yes, that's how I understand it, but in a typical SOHO setup with a single dynamic ISP supplied ip address a lan behind a NAT router, with all of the externally viewed name mapping to the only ip address I've got I'm not sure I see either how to or why I should use views.
Given your situation as you describe it (an internal server which is only accessed by one set of clients), views really doesn't do much for you. Now if you intend to change the roll of that server, it could be more useful. More about that in a second.
How well do the DNS protocols support domains, as opposed to hosts, with dynamic addresses? Dyndns doesn't seem to support exposing name servers on a dynamic address, do any similar outfits allow it?
The DNS protocols are incredibly flexible. On the other hand, providers are often not quite as flexible. Also keep in mind that flexibility is always a trade off.
I'm going to make some assumptions. First, I'm going to assume you want to host your own DNS (not necessarily the best idea, but we'll assume it). If you want to do this, there's nothing to prevent you from pulling up what ever web interface your DNS registrar provides you, setting your NS record to your current dynamic IP address, and clicking Update. Then setup BIND accordingly on your home machine, make sure TCP and UDP ports 54 are redirected in to your name server, and you *should* be in good shape.
Now of course, there are some caveats to this situation. When your IP address eventually changes, every DNS server that has the old NS records cached will keep trying to talk to that DNS server until the record expires. You can work against this one of two ways. The simplest is turning down the cache time, something short like a few hours is probably sufficient. I ran my DNS this way for several years when all I had at my disposal was a few dynamic DNS machines.
This brings us to the next idea - more than one DNS server. If you have another friend on a dynamic IP, you can share the load between the two of you, and have a reasonably reliable DNS setup. How? Simple. Setup your friends box as a slave server, and add him as an NS record. Then, when your box's IP changes, all of those hosts which have your old record cached will try to talk to the machine that moved, give up, and then talk to your friend. He can conveniently update his DNS with the new IPs and will hand out the appropriate updates to everyone the first time they ask - instant propagation of your new IP. Of course if you both have DNS domains that you want to maintain, you can serve as a backup for each other, and things can happen rather quickly. This is what's commonly referred to as a peering agreement, although a bit on the informal side. :) It's to your mutual benefit to cooperate.
Okay, so you don't have any friends. And you post to this list but you don't know anyone else who runs a DNS server. Well, there are always commercial solutions. <shameless plug>Intrex.net, my employer, offers secondary DNS services for the ridiculously cheap price of $2 / month, and will waive the setup fee for TriLUG members. We will also do full DNS services for $5 / month (normally $8/month) for TriLUG members, again w/ no setup fee.</shameless plug> There are of course other commercial solutions, feel free to investigate around on the web. Since it's terribly important that at least one of your DNS servers be accessible at all times, the benefits of having a backup DNS server, with a static IP, in a secured data-center on redundant connections can't be overstated. If your business or other critical infrastructure depends on DNS, regardless of any commercial affiliations, please place some importance on having reliable DNS. :)
Aaron S. Joyner -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
