Discuss mailing list

["A.J. Maurin" <coyo AT darkdna.net>]

Zach Gibbens wrote:
> if it were just dns traffic, it'd be no real increase in bandwidth, a 
> small delay for the crypto in the processor, I've thought about having 
> a vpn between the servers to take some of the attacks off the tier1 
> servers (sadly, as long as the tier2s have to be public servers, they 
> will see attacks)
Yeah, there's only so much you can do.
> the issue then is, what ip range will the vpn use so there are no 
> collisions, I've assigned my vpn a few addresses that I thought were 
> out of the way, only to wind up at a hotel, college network or hotspot 
> that thought the same thing.
We'd almost certainly have to have a hosting datacenter allocate us a 
small block.
> then, what's the subscription cost, where are the proceeds going, the 
> usual questions there.
>
> there's a few reasons I hate this idea, however, I hate the problem 
> more, idk how many times I've gotten a ToS letter due to an attacker, 
> to the point where I realized if the attacks keep up, I won't be able 
> to keep a tier2 server up for a month, I'd be willing to bring back up 
> a few servers if they weren't open resolvers.
Well, I don't know about anyone else, but I'm willing to pay you guys a 
subscription. It would help fight off potential legal costs and help pay 
for moar nameservers.
> I like Julian's white-listing idea, but it needs a dynamic ip solution 
> too (for linux this is easy with an rndc key, haven't been on a 
> windows machine in awhile, not sure how to set that up)
Yeah. Most ISPs allocate temporary leases to people. You can login with 
four different address in a given month.

My ISP hasn't changed my IP, but that's because I'm a networking nerd, 
and have rigged it that way.