[sdnog] Materials Request

[Nishal Goburdhan]

On 26 Jul 2020, at 11:00, Kabantsh Alameen wrote:

> Dear Muaz Osman
> Regarding to DNS here are videos for Eng.Abeer Hosni:-
>
> 1- To set-up Cache-only DNS server :-
> https://www.youtube.com/watch?v=f3_AuwtScms&list=PLped9VG7STA9Foq9mI5dE6IFUsDxdCHKn&index=8hddS11cZbFr1ozD9vxhQ
> 2- To set-up Authoritative DNS server:-
> https://www.youtube.com/watch?v=NvBcN0HmMbs&list=PLped9VG7STA9Foq9mI5dE6IFUsDxdCHKn&index=9


at 32:45, i see her changing the default permission to “allow all” 
to permit queries to her server.  can someone confirm what she’s 
saying please  (she’s speaking waaaaaaaaaay too fast for this ajnabi  
:-))

in general, if you are setting up a recursive dns server, allowing 
everyone on the internet to query your DNS server, is a Bad Idea, unless 
you are sure you know what you’re doing.  you *should* limit only your 
local networks to query your server.

of course if you are setting up and authoritative server, then this 
should be open to query from the public.  i *want* to add that you 
should also enable response rate limiting [1], but i think that most 
modern DNS software does this by default now (you should still check 
your software though!)

by the way, a good habit to get into, is to always make a point of 
reading the documentation from the vendor first.  so, if you want to 
install, say, BIND on FreeBSD, you should read the notes from the BIND 
vendor.  it is great to follow tutorials like this (in fact, i really 
like the digital ocean ones!) as they are often easier to understand 
than the official documentation -  but *always* read the author’s 
release and installation notes first to be aware of installation caveats 
that tutorials like these often don’t have.

—n.

[1] https://kb.isc.org/docs/aa-01000