[H-GEN] problems with accessing mail at bigpond
gjb at humbug.org.au
Sat May 4 07:56:03 EDT 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Robert Brockway wrote:
| Personally I don't have a problem with open dns servers (ie server which
| will answer queries from any remote host). I see it as one last thing we
| haven't had to tighten up on the net because someone found a way of
| abusing the trust of others (all mail relays used to be open not so long
| ago...). I block AXFR from anywhere except slaves of course.
It's a choice that we can make, although I think it's usually
not made consciously.
| I certainly find having remote dns servers ready to answer queries useful
| for diagnostics
Right now, I can't imagine a case where an open DNS server would
be necessary for any diagnostics that I'd want to run, but maybe
that's a failure of my imagination.
| I can only think of
| a handful of dns servers that are not open (UQ being a notably example).
All the servers that I run are closed to outsiders and I find
that is increasingly the case.
| I'd be interested in any security issues relating directly to having
| a dns server which will answer queries from any host.
There was a time when new BIND exploits came out regularly and
in those days I kept a fake BIND server online to capture the
attempts so that I could quantify them. This is less true now
than it was, but why open yourself to exploits when there's no
need to provide this service?
It's not just a matter of security. I resent providing services
to people who aren't entitled to them -- if I run an open name
server, I lose bandwidth to outside queries and I may cause my
caches to be less effective for their intended users if those
external queries force legitimate data out of the caches.
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General