[GRLUG] Comcast & dynamic DNS

David Pembrook david at pembrook.net
Tue Mar 28 09:34:17 EST 2006 

I guess that raises the question... should I jail a caching DNS server 
that is firewalled (hardware firewall/router plus nat) and not accepting 
connections outside the LAN?

Dave

David Pembrook wrote:
> Yes, I understand that, thats why it (should) get jailed when its 
> exposed to the Internet.
>
> A caching DNS server for your LAN doesn't need to accept connections 
> from the net. What are the risks if you take an old desktop machine 
> with no data on it, running behind the firewall providing DNS only to 
> those behind the firewall. Its only interaction with the outside world 
> is getting DNS information. I guess it could get corrupt information, 
> but only for the domains the corrupt DNS server is authoritative for.
>
> I checked the lookup times using dig and I'm looking at about 14-15ms 
> locally or 45-55 using my ISP on cached lookups. On a complicated page 
> I think its worth the trouble. Your inhouse caching DNS server is 
> certain to be lighter loaded than your ISP's.
>
> Collin wrote:
>> Well, there is always the squeamishness that people feel toward running 
>> something with such a long history of security snafu's (BIND). Granted, 
>> the situation may be better today but it's still just one more vector 
>> for intrusion.
>>
>> I don't run a caching DNS server at my workplace but we're on a T-1 line 
>> and the response time from our provider's DNS server is plenty fast.
>>
>> David Pembrook wrote:
>>   
>>> Why anyone with a small lan and a spare computer wouldn't run dns is 
>>> beyond me given the benefits.
>>>
>>> Dave
>>>
>>> john-thomas richards wrote:
>>>   
>>>     
>>
>> _______________________________________________
>> grlug mailing list
>> grlug at grandrapids-lug.org
>> http://grlug.org/mailman/listinfo/grlug
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> grlug mailing list
> grlug at grandrapids-lug.org
> http://grlug.org/mailman/listinfo/grlug
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://grlug.org/pipermail/grlug/attachments/20060328/5bb2f218/attachment.htm

More information about the grlug mailing list