Dns-operations mailing list

[Hunter 9999 <mail AT hunter-9999.de>]

> Am 12.02.2014 um 06:49 schrieb Jeff Taylor <shdwdrgn AT sourpuss.net>:
> 
> FYI the list of registered IPs is global, so you don't have to specify 
> which T2 servers you are using... they will all read from the same data.

I mean to update the used servers on the users system, for auto use i.E. the 
fastes servers for the users system or if one get offline.
You should config if you want to use logging servers and specify an 
server-country if you want.
Additionally it should check if you are able to use whitelisting servers and 
filter them out if not.

> Currently, yes, there is a 15-minute lead for updates.  However on my to-do 
> list is looking for a method of getting real-time updates. There are 
> possibilities with wget (only grab the file if it is newer than the 
> existing file, in which case refresh BIND), but I haven't had any time to 
> investigate any options yet.

Without realtime updating you break the internet access and couldn't work for 
that time.
As an fallback you could use an not whitelisting server for that time but 
this should by done by an automated process as above mentioned.


>> On 02/11/2014 02:32 PM, Hunter 9999 wrote:
>> The best would be to offer ready to use daemons with installer for all OSs 
>> (as promoted option).
>> One daemon to update the whitelisting and one for updating the used T2s.
>> It could use an combined installer where you can choose what to install.
>> 
>> 
>> Something else:
>> Is it right, that if my ip changes every night at 4am, that I can't 
>> resolve DNS querys up to 4:15am due to the whitelist update every 15 
>> minutes?
>> 
>> 
>>> Am 11.02.2014 um 17:57 schrieb Jeff Taylor <shdwdrgn AT sourpuss.net>:
>>> 
>>> I didn't realize there was a discussion going on already!  Sorry I'm late 
>>> to the party...
>>> 
>>> If a server only allows whitelisting, then the bots will go away over 
>>> time.  Eventually opennic may go to only using whitelisting because of 
>>> the benefits from attacks.  Users should also realize that a whitelisted 
>>> server will be *faster* because they will have more bandwidth free to 
>>> answer legitimate queries.
>>> 
>>> Regarding the matter of distinguishing the servers using whitelisting... 
>>> There should definitely be a flag on the wiki page signifying if a server 
>>> is using whitelisting or not, and that flag could be used for sorting the 
>>> list.  Additionally, we will have to revise our listings of 'nearest 
>>> servers' to allow users to make a choice between whitelisted and 
>>> fully-open servers (with the full-open servers being the default view).
>>> 
>>> And of course we will need to write some wiki how-to pages to show people 
>>> how to register their IP on various platforms.  This project is still 
>>> getting off the ground, it will take some time to get everything set up.  
>>> However for anyone wondering how they can contribute, it would be great 
>>> if anyone wants to start working on documentation.  Linux and Mac users 
>>> should be easy... simply adding a cron job that runs hourly or at boot... 
>>>  Windows will be more involved, installing wget and setting up a 
>>> scheduled task (or if anyone has alternate ideas?) and will require 
>>> screenshots of the various steps.  We also need a front page in the wiki 
>>> to lay out the benefits of whitelisting, and discuss the measures put in 
>>> place to protect a user's privacy.
>>> 
>>> 
>>>>> On 02/10/2014 07:24 PM, Quinn Wood wrote:
>>>>> On Mon, Feb 10, 2014 at 7:37 PM, Guillaume Parent <gparent AT gparent.org> 
>>>>> wrote:
>>>>> The point is not to punish people who wish to protect their servers, 
>>>>> but to
>>>>> not confuse users who are sometimes already so technically challenged 
>>>>> that
>>>>> they have no idea what to do with the IP in the first place.
>>>> I guess at this junction, it's a question of whether or not we value a
>>>> large userbase more than educating a small userbase.
>>>> 
>>>> ----
>>>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
>>> 
>>> ----
>>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
>> ----
>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
> 
> 
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org