[GRLUG] Comcast & dynamic DNS
David Pembrook
david at pembrook.net
Tue Mar 28 09:29:30 EST 2006
Yes, I understand that, thats why it (should) get jailed when its
exposed to the Internet.
A caching DNS server for your LAN doesn't need to accept connections
from the net. What are the risks if you take an old desktop machine with
no data on it, running behind the firewall providing DNS only to those
behind the firewall. Its only interaction with the outside world is
getting DNS information. I guess it could get corrupt information, but
only for the domains the corrupt DNS server is authoritative for.
I checked the lookup times using dig and I'm looking at about 14-15ms
locally or 45-55 using my ISP on cached lookups. On a complicated page I
think its worth the trouble. Your inhouse caching DNS server is certain
to be lighter loaded than your ISP's.
Collin wrote:
> Well, there is always the squeamishness that people feel toward running
> something with such a long history of security snafu's (BIND). Granted,
> the situation may be better today but it's still just one more vector
> for intrusion.
>
> I don't run a caching DNS server at my workplace but we're on a T-1 line
> and the response time from our provider's DNS server is plenty fast.
>
> David Pembrook wrote:
>
>> Why anyone with a small lan and a spare computer wouldn't run dns is
>> beyond me given the benefits.
>>
>> Dave
>>
>> john-thomas richards wrote:
>>
>>
>
> _______________________________________________
> grlug mailing list
> grlug at grandrapids-lug.org
> http://grlug.org/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://grlug.org/pipermail/grlug/attachments/20060328/50a47140/attachment-0001.htm
More information about the grlug
mailing list