[GRLUG] Comcast & dynamic DNS

Godwin ... geektoyz at yahoo.com
Tue Mar 28 19:02:37 EST 2006 

If you can, jail the heck outta everything...  I run a
caching dns/proxy so I can tailor the sites visited. 
It makes filtering really fun.  :-)  Just have your
kids go to xanga.com and have it redirect to
dictionary.com ... :-)

G-

--- David Pembrook <david at pembrook.net> wrote:

> I guess that raises the question... should I jail a
> caching DNS server 
> that is firewalled (hardware firewall/router plus
> nat) and not accepting 
> connections outside the LAN?
> 
> Dave
> 
> David Pembrook wrote:
> > Yes, I understand that, thats why it (should) get
> jailed when its 
> > exposed to the Internet.
> >
> > A caching DNS server for your LAN doesn't need to
> accept connections 
> > from the net. What are the risks if you take an
> old desktop machine 
> > with no data on it, running behind the firewall
> providing DNS only to 
> > those behind the firewall. Its only interaction
> with the outside world 
> > is getting DNS information. I guess it could get
> corrupt information, 
> > but only for the domains the corrupt DNS server is
> authoritative for.
> >
> > I checked the lookup times using dig and I'm
> looking at about 14-15ms 
> > locally or 45-55 using my ISP on cached lookups.
> On a complicated page 
> > I think its worth the trouble. Your inhouse
> caching DNS server is 
> > certain to be lighter loaded than your ISP's.
> >
> > Collin wrote:
> >> Well, there is always the squeamishness that
> people feel toward running 
> >> something with such a long history of security
> snafu's (BIND). Granted, 
> >> the situation may be better today but it's still
> just one more vector 
> >> for intrusion.
> >>
> >> I don't run a caching DNS server at my workplace
> but we're on a T-1 line 
> >> and the response time from our provider's DNS
> server is plenty fast.
> >>
> >> David Pembrook wrote:
> >>   
> >>> Why anyone with a small lan and a spare computer
> wouldn't run dns is 
> >>> beyond me given the benefits.
> >>>
> >>> Dave
> >>>
> >>> john-thomas richards wrote:
> >>>   
> >>>     
> >>
> >> _______________________________________________
> >> grlug mailing list
> >> grlug at grandrapids-lug.org
> >> http://grlug.org/mailman/listinfo/grlug
> >>   
> >
>
------------------------------------------------------------------------
> >
> > _______________________________________________
> > grlug mailing list
> > grlug at grandrapids-lug.org
> > http://grlug.org/mailman/listinfo/grlug
> >   
> > _______________________________________________
> grlug mailing list
> grlug at grandrapids-lug.org
> http://grlug.org/mailman/listinfo/grlug
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the grlug mailing list