Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

We have a 'whitelisting' option available, although that presents some possible problems on the client side.  Whitelisting means that only registered users are allowed to make recursive queries from your server.  All other queries are ignored, and generally causes attackers to ignore you.  This is similar to how an ISP works, only answering queries from your own customers, except it also requires the clients to set up a script to keep their IP up to date.

To set up your server for whitelisting, see this page:  http://wiki.opennicproject.org/API_BindACL

For clients to use whitelisted servers, see this page:  http://wiki.opennicproject.org/API_Whitelist

On 10/16/2015 02:50 PM, Paginas Web y Servidores :: Ventas wrote:

I have some servers I want to add back to the list

Are in USA and have DDoS protection. I remove them because some abuse.

Would be better to have private list for registered users?

El 16 de octubre de 2015 3:30:36 PM CDT, Daniel Quintiliani <danq AT runbox.com> escribió:

There's only one problem - the DoS attacks that occasionally happen, OpenNIC would be less usable if there were fewer targets to take down.

--

-dan q

danq.co
twitter.com/thebleakfire

On Fri, 16 Oct 2015 13:55:33 -0600, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

As you may (or may not) be aware, recently one of the T2 operators was forced to shut down most of their servers overnight. Unfortunately at the time, this person was running about 50% of the total list of public servers. Messages were sent to the mailing list, the servers were removed from the listings, and some of the servers were able to brought back again soon after. We've had some debates on IRC already regarding whether there should be limitations placed on how many servers each individual is allowed to add to the public list (which affects things such as the nearest-servers info displayed on opennic's homepage). There are pro and con points to this argument. If we allow unlimited server entries, it greatly expands the reach of opennic with local servers in more countries. However in a situation such as this, where a large number of servers are shut down at once, it hurts opennic's credibility and reliability, especially for those who like to set their DNS server entries and forget about them (this describes a large number of people who set up a home router or access point). Keeping this in mind, these are our options: 1) allow unlimited entries 2) limit the number of entries per person to a fixed number 3) limit the number of entries based on a formula, taking into account the current number of public servers, and/or the amount of time a user has successfully provided public servers. Number 3 seems to offer the best option, so long-time members can provide larger numbers of servers. Even within that, there are sub-options to consider: 3a) Number is a percentage of total servers -- if there are 70 public servers and we user 10% as our base, then each user would be allowed to list 7 servers. 3b) Add the percentage to a base number -- we could allow everyone 5 + 10%, so as above this would currently give everyone a total of 12 servers they could provide. 3c) Calculate a number from the length of time the user has been hosting public servers -- For a simple example, let's say 1 server per every month of hosting, so someone who has run servers for 10 months would be allowed to list up to 10 servers. Most likely we would want to create a combination of the above... something like a base of 2 servers, plus 5% of total servers for every 3 months of hosting. This would ensure a new user doesn't have too many entries to begin with, but that they become more trusted with long-term involvement with the project. Please discuss how this should be handled. We need to decide how we want to handle this and implement a solid solution that is fair to everyone. If you have ideas for a formula to use, please explain why you like it. If there are other variables that should be considered, let me know and I'll see if it's something I can implement. -------- You are a member of the OpenNIC Discuss list. You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org