XMPP Service Operators - 2022-03-06

  1. shobuz.nt

    B

  2. moparisthebest

    It was DNS, I did nothing and it fixed itself, that's my favorite kind of error

  3. Martin

    > Ah, then it is DNS, self inflicted as I impose a minimum TTL on my end I've seen this option in kresd but i didn't enable it as I thought improving the caching by altering the TTL seems not like a good idea. What's the reason you are doing this?

  4. moparisthebest

    Martin: again self inflicted, DNS over Tor is slow, but also very slow TTLs are an attack vector, I think I'm pinning them to 12 hours minimum or so

  5. moparisthebest

    Low TTLs enable DNS rebinding attacks like https://unit42.paloaltonetworks.com/dns-rebinding/

  6. moparisthebest

    Though pinning them to a few minutes instead of several hours is enough to mitigate those

  7. Martin

    Ah, I see.

  8. Martin

    So how long do you set the minimum TTL?

  9. moparisthebest

    I'd have to look, it's either 12 or 24 hours though if I recall correctly

  10. Martin

    That's pretty high.

  11. moparisthebest

    It almost never causes my problems except when it does :)

  12. moparisthebest

    Everything is a trade-off, my setup is faster and avoids DNS outages like a few have had recently, it also hits problems like this

  13. shobuz.nt

    B

  14. alberto

    > B OK, this is some kind of annoying bot posting this nonsense for two days. Can we do something about it?

  15. MattJ

    alberto, yes, I kicked them yesterday, looks like they've returned

  16. alberto

    OK, thanks