Registrars with free DynDNS services of my own domains.
Steve Bertrand
steve at ibctech.ca
Thu Feb 25 02:03:40 UTC 2010
On 2010.02.24 15:25, eculp wrote:
> Quoting Chuck Swiger <cswiger at mac.com>:
>
>> Hi--
>>
>> On Feb 24, 2010, at 12:17 AM, Marcin M. Jessa wrote:
>>> I actually figured out I can run my own services for all my domains
>>> on a dynamic IP without breaking any DNS related RFC.
>>
>> Running an authoritative nameserver off of a dynamic IP is a terrible
>> idea. Even if your dynamic IP doesn't change that often, and you
>> adjust your TTLs and expire times in the SOA accordingly....whenever
>> the IP does move, you are blindly hoping that the former IP will not
>> be given to a malicious or compromised machine.
>>
>> Remember that random nameservers will be caching your nameserver
>> records for up to expiry, and will continue to send queries to the old
>> IP. It's a trivial matter for it to continue to answer
>> authoritatively, and redirect mail, webserver requests, etc to
>> anywhere at all-- a localhost proxy scanning for login attempts, bank
>> info, etc would make a wonderful man-in-the-middle attack.
>>
>> You might think that with two nameservers listed, that the odds are
>> fifty-fifty whether queries go to your primary at a static IP or the
>> old secondary, but I've seen spamming domains which return DNS queries
>> stuffed with as many NS and A records as will fit in a UDP packet
>> (about 20) pointing to IPs all over the place in order to make them
>> harder to take down. It also means that caching nameservers and
>> clients are less likely to send a request to a legitimate nameserver
>> for the domain (assuming one exists), depending on how smart the
>> clients are.
>
> I basically agree, Chuck.
I completely agree with Chuck.
> Of course there are places, such as the
> country where I live where ONE STATIC IP that is listed as dynamic and
> obviously causes some email issues, costs one thousand dollars a year.
> Other solutions are with E-1's and base price is much, much higher.
> There are no dsl's with static IP's.
Your setup is wrong.
You have a setup that costs you because you are doing it wrong.
If you have one static IP that is causing email issues, you need to fix it.
This is FreeBSD-ISP.
If you are looking for help hosting a resi mail server, good luck.
Otherwise, any one of us could help you host proper DNS records and/or
mail servers to suit your needs.
So long as you meet my ToS, you can host what you want on my network,
and not have to deal with dynamic addressing. ;)
Steve
ps. my ToS is likely more costly than a T/E1.
More information about the freebsd-isp
mailing list