-
sagaracharya
If I host an authoritative DNS server and have my own nameserver at the config of my domain name provider, Will my website's DNS records be fetched from my own server?
-
agh
sagaracharya, do not make your recursive resolver public, that would be insane.
-
agh
Your auth server is public
-
agh
Your rescursive resolver runs on your local network, responding to hosts in that network. That resolver, and all other resolvers will get their answers to any *.sagaracharya queries from your auth host, which will listen on a public IP port 53.
-
Martin
I have my recursive resolver public via dot and didn't realize any issues so far. What should I look for?
-
Martin
Making it public makes it easy to use it on all devices.
-
sagaracharya
> sagaracharya, do not make your recursive resolver public, that would be insane. > > Your auth server is public I have hosted it on port 53
-
sagaracharya
Recursive server is public
-
sagaracharya
pdns-recursor
-
MattJ
As others have already said, you shouldn't run a public recursive DNS server, it will end up being abused for amplification attacks. And again, this has nothing to do with XMPP.
-
nuegia.net
> As others have already said, you shouldn't run a public recursive DNS server, it will end up being abused for amplification attacks. And again, this has nothing to do with XMPP. how does google and cloudflare get away with doing that?
-
MattJ
You can prevent the attacks if you have sufficient control over the network routes, also just the fact that there are fewer of them helps (they can easily monitor/block the involved IPs if necessary)
-
moparisthebest
Or if you just don't support UDP
-
moparisthebest
(instead only TCP, DNS over TLS, and DNS over https)