Registrars with free DynDNS services of my own domains.
eculp
eculp at encontacto.net
Wed Feb 24 20:35:22 UTC 2010
Quoting Chuck Swiger <cswiger at mac.com>:
> Hi--
>
> On Feb 24, 2010, at 12:17 AM, Marcin M. Jessa wrote:
>> I actually figured out I can run my own services for all my domains
>> on a dynamic IP without breaking any DNS related RFC.
>
> Running an authoritative nameserver off of a dynamic IP is a
> terrible idea. Even if your dynamic IP doesn't change that often,
> and you adjust your TTLs and expire times in the SOA
> accordingly....whenever the IP does move, you are blindly hoping
> that the former IP will not be given to a malicious or compromised
> machine.
>
> Remember that random nameservers will be caching your nameserver
> records for up to expiry, and will continue to send queries to the
> old IP. It's a trivial matter for it to continue to answer
> authoritatively, and redirect mail, webserver requests, etc to
> anywhere at all-- a localhost proxy scanning for login attempts,
> bank info, etc would make a wonderful man-in-the-middle attack.
>
> You might think that with two nameservers listed, that the odds are
> fifty-fifty whether queries go to your primary at a static IP or the
> old secondary, but I've seen spamming domains which return DNS
> queries stuffed with as many NS and A records as will fit in a UDP
> packet (about 20) pointing to IPs all over the place in order to
> make them harder to take down. It also means that caching
> nameservers and clients are less likely to send a request to a
> legitimate nameserver for the domain (assuming one exists),
> depending on how smart the clients are.
I basically agree, Chuck. Of course there are places, such as the
country where I live where ONE STATIC IP that is listed as dynamic and
obviously causes some email issues, costs one thousand dollars a year.
Other solutions are with E-1's and base price is much, much higher.
There are no dsl's with static IP's.
I could justify it here and many folks use them even though they are
not optimal.
ed
>
> Regards,
> --
> -Chuck
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
More information about the freebsd-isp
mailing list