From owner-freebsd-isp@FreeBSD.ORG Thu Feb 25 02:03:40 2010 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0696A1065672 for ; Thu, 25 Feb 2010 02:03:40 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from smtp.ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id 98CEC8FC13 for ; Thu, 25 Feb 2010 02:03:39 +0000 (UTC) Received: (qmail 84858 invoked by uid 89); 25 Feb 2010 02:08:16 -0000 Received: from unknown (HELO ?192.168.1.114?) (steve@ibctech.ca@::ffff:208.70.104.100) by ::ffff:208.70.104.210 with ESMTPA; 25 Feb 2010 02:08:16 -0000 Message-ID: <4B85DA8A.9080202@ibctech.ca> Date: Wed, 24 Feb 2010 21:03:54 -0500 From: Steve Bertrand User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1 MIME-Version: 1.0 To: eculp References: <4B82F976.8020308@yazzy.org> <4B84E0B0.8070904@yazzy.org> <20100224142517.19682yqym2r7d7qc@econet.encontacto.net> In-Reply-To: <20100224142517.19682yqym2r7d7qc@econet.encontacto.net> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Registrars with free DynDNS services of my own domains. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2010 02:03:40 -0000 On 2010.02.24 15:25, eculp wrote: > Quoting Chuck Swiger : > >> Hi-- >> >> On Feb 24, 2010, at 12:17 AM, Marcin M. Jessa wrote: >>> I actually figured out I can run my own services for all my domains >>> on a dynamic IP without breaking any DNS related RFC. >> >> Running an authoritative nameserver off of a dynamic IP is a terrible >> idea. Even if your dynamic IP doesn't change that often, and you >> adjust your TTLs and expire times in the SOA accordingly....whenever >> the IP does move, you are blindly hoping that the former IP will not >> be given to a malicious or compromised machine. >> >> Remember that random nameservers will be caching your nameserver >> records for up to expiry, and will continue to send queries to the old >> IP. It's a trivial matter for it to continue to answer >> authoritatively, and redirect mail, webserver requests, etc to >> anywhere at all-- a localhost proxy scanning for login attempts, bank >> info, etc would make a wonderful man-in-the-middle attack. >> >> You might think that with two nameservers listed, that the odds are >> fifty-fifty whether queries go to your primary at a static IP or the >> old secondary, but I've seen spamming domains which return DNS queries >> stuffed with as many NS and A records as will fit in a UDP packet >> (about 20) pointing to IPs all over the place in order to make them >> harder to take down. It also means that caching nameservers and >> clients are less likely to send a request to a legitimate nameserver >> for the domain (assuming one exists), depending on how smart the >> clients are. > > I basically agree, Chuck. I completely agree with Chuck. > Of course there are places, such as the > country where I live where ONE STATIC IP that is listed as dynamic and > obviously causes some email issues, costs one thousand dollars a year. > Other solutions are with E-1's and base price is much, much higher. > There are no dsl's with static IP's. Your setup is wrong. You have a setup that costs you because you are doing it wrong. If you have one static IP that is causing email issues, you need to fix it. This is FreeBSD-ISP. If you are looking for help hosting a resi mail server, good luck. Otherwise, any one of us could help you host proper DNS records and/or mail servers to suit your needs. So long as you meet my ToS, you can host what you want on my network, and not have to deal with dynamic addressing. ;) Steve ps. my ToS is likely more costly than a T/E1.