From owner-freebsd-isp@FreeBSD.ORG Wed Feb 24 20:35:22 2010 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A2C8106577D for ; Wed, 24 Feb 2010 20:35:22 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from ns2.bafirst.com (ns2.bafirst.com [97.67.198.91]) by mx1.freebsd.org (Postfix) with ESMTP id 171BB8FC12 for ; Wed, 24 Feb 2010 20:35:21 +0000 (UTC) Received: from HOME.encontacto.net ([189.190.27.29]) by ns2.bafirst.com with esmtp; Wed, 24 Feb 2010 14:25:18 -0600 id 000D4DE9.4B858B2E.00005CCA Received: from localhost (localhost [127.0.0.1]) (uid 80) by HOME.encontacto.net with local; Wed, 24 Feb 2010 14:25:17 -0600 id 0004AC15.4B858B2D.0000CC42 Received: from dsl-189-129-9-117-dyn.prod-infinitum.com.mx (dsl-189-129-9-117-dyn.prod-infinitum.com.mx [189.129.9.117]) by econet.encontacto.net (Horde Framework) with HTTP; Wed, 24 Feb 2010 14:25:17 -0600 Message-ID: <20100224142517.19682yqym2r7d7qc@econet.encontacto.net> Date: Wed, 24 Feb 2010 14:25:17 -0600 From: eculp To: freebsd-isp@freebsd.org References: <4B82F976.8020308@yazzy.org> <4B84E0B0.8070904@yazzy.org> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs) X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2) Gecko/20100209 Ant.com Toolbar 2.0 Firefox/3.6 X-IMP-Server: 189.190.27.29 X-Originating-IP: 189.129.9.117 X-Originating-User: eculp@encontacto.net Subject: Re: Registrars with free DynDNS services of my own domains. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2010 20:35:22 -0000 Quoting Chuck Swiger : > Hi-- > > On Feb 24, 2010, at 12:17 AM, Marcin M. Jessa wrote: >> I actually figured out I can run my own services for all my domains >> on a dynamic IP without breaking any DNS related RFC. > > Running an authoritative nameserver off of a dynamic IP is a =20 > terrible idea. Even if your dynamic IP doesn't change that often, =20 > and you adjust your TTLs and expire times in the SOA =20 > accordingly....whenever the IP does move, you are blindly hoping =20 > that the former IP will not be given to a malicious or compromised =20 > machine. > > Remember that random nameservers will be caching your nameserver =20 > records for up to expiry, and will continue to send queries to the =20 > old IP. It's a trivial matter for it to continue to answer =20 > authoritatively, and redirect mail, webserver requests, etc to =20 > anywhere at all-- a localhost proxy scanning for login attempts, =20 > bank info, etc would make a wonderful man-in-the-middle attack. > > You might think that with two nameservers listed, that the odds are =20 > fifty-fifty whether queries go to your primary at a static IP or the =20 > old secondary, but I've seen spamming domains which return DNS =20 > queries stuffed with as many NS and A records as will fit in a UDP =20 > packet (about 20) pointing to IPs all over the place in order to =20 > make them harder to take down. It also means that caching =20 > nameservers and clients are less likely to send a request to a =20 > legitimate nameserver for the domain (assuming one exists), =20 > depending on how smart the clients are. I basically agree, Chuck. Of course there are places, such as the =20 country where I live where ONE STATIC IP that is listed as dynamic and =20 obviously causes some email issues, costs one thousand dollars a year. =20 Other solutions are with E-1's and base price is much, much higher. =20 There are no dsl's with static IP's. I could justify it here and many folks use them even though they are =20 not optimal. ed > > Regards, > -- > -Chuck > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >