[sdnog] Materials Request

Sami Salih sami.salih at outlook.com
Sun Jul 26 13:31:21 SAST 2020 



________________________________
From: sdnog <sdnog-bounces at sdnog.sd> on behalf of Nishal Goburdhan <nishal at controlfreak.co.za>
Sent: Sunday, July 26, 2020 1:42 PM
To: sdnog at sdnog.sd <sdnog at sdnog.sd>
Subject: Re: [sdnog] Materials Request

On 26 Jul 2020, at 11:00, Kabantsh Alameen wrote:

> Dear Muaz Osman
> Regarding to DNS here are videos for Eng.Abeer Hosni:-
>
> 1- To set-up Cache-only DNS server :-
> https://www.youtube.com/watch?v=f3_AuwtScms&list=PLped9VG7STA9Foq9mI5dE6IFUsDxdCHKn&index=8hddS11cZbFr1ozD9vxhQ
> 2- To set-up Authoritative DNS server:-
> https://www.youtube.com/watch?v=NvBcN0HmMbs&list=PLped9VG7STA9Foq9mI5dE6IFUsDxdCHKn&index=9


at 32:45, i see her changing the default permission to “allow all”
to permit queries to her server.  can someone confirm what she’s
saying please  (she’s speaking waaaaaaaaaay too fast for this ajnabi
:-))

she only "allow all" requests coming from local LAN 10.0.0.1

in general, if you are setting up a recursive dns server, allowing
everyone on the internet to query your DNS server, is a Bad Idea, unless
you are sure you know what you’re doing.  you *should* limit only your
local networks to query your server.

of course if you are setting up and authoritative server, then this
should be open to query from the public.  i *want* to add that you
should also enable response rate limiting [1], but i think that most
modern DNS software does this by default now (you should still check
your software though!)

by the way, a good habit to get into, is to always make a point of
reading the documentation from the vendor first.  so, if you want to
install, say, BIND on FreeBSD, you should read the notes from the BIND
vendor.  it is great to follow tutorials like this (in fact, i really
like the digital ocean ones!) as they are often easier to understand
than the official documentation -  but *always* read the author’s
release and installation notes first to be aware of installation caveats
that tutorials like these often don’t have.

—n.

[1] https://kb.isc.org/docs/aa-01000
_______________________________________________
sdnog mailing list
sdnog at sdnog.sd
https://lists.sdnog.sd/mailman/listinfo/sdnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20200726/d200cb26/attachment.html>

More information about the sdnog mailing list