Dns-operations mailing list

[Hunter 9999 <mail AT hunter-9999.de>]

> Am 12.02.2014 um 20:31 schrieb Jeff Taylor <shdwdrgn AT sourpuss.net>:
> 
> Realtime updating ALSO relies on the client registering their new IP as 
> soon as they receive it.

Sure, I implied that.

> I wonder if we can configure something that gives some leeway for 
> filtering... for instance allow a new IP access for 5 minutes, after which 
> time they need to be listed to continue using that server?

So you let DDOS the servers for 5 minutes before blocking if you don't know 
the ip?


> On 02/12/2014 05:23 AM, Hunter 9999 wrote:
>>> Am 12.02.2014 um 06:49 schrieb Jeff Taylor <shdwdrgn AT sourpuss.net>:
>>> 
>>> FYI the list of registered IPs is global, so you don't have to specify 
>>> which T2 servers you are using... they will all read from the same data.
>> I mean to update the used servers on the users system, for auto use i.E. 
>> the fastes servers for the users system or if one get offline.
>> You should config if you want to use logging servers and specify an 
>> server-country if you want.
>> Additionally it should check if you are able to use whitelisting servers 
>> and filter them out if not.
>> 
>>> Currently, yes, there is a 15-minute lead for updates.  However on my 
>>> to-do list is looking for a method of getting real-time updates. There 
>>> are possibilities with wget (only grab the file if it is newer than the 
>>> existing file, in which case refresh BIND), but I haven't had any time to 
>>> investigate any options yet.
>> Without realtime updating you break the internet access and couldn't work 
>> for that time.
>> As an fallback you could use an not whitelisting server for that time but 
>> this should by done by an automated process as above mentioned.
>> 
>> 
>>>> On 02/11/2014 02:32 PM, Hunter 9999 wrote:
>>>> The best would be to offer ready to use daemons with installer for all 
>>>> OSs (as promoted option).
>>>> One daemon to update the whitelisting and one for updating the used T2s.
>>>> It could use an combined installer where you can choose what to install.
>>>> 
>>>> 
>>>> Something else:
>>>> Is it right, that if my ip changes every night at 4am, that I can't 
>>>> resolve DNS querys up to 4:15am due to the whitelist update every 15 
>>>> minutes?
>>>> 
>>>> 
>>>>> Am 11.02.2014 um 17:57 schrieb Jeff Taylor <shdwdrgn AT sourpuss.net>:
>>>>> 
>>>>> I didn't realize there was a discussion going on already!  Sorry I'm 
>>>>> late to the party...
>>>>> 
>>>>> If a server only allows whitelisting, then the bots will go away over 
>>>>> time.  Eventually opennic may go to only using whitelisting because of 
>>>>> the benefits from attacks.  Users should also realize that a 
>>>>> whitelisted server will be *faster* because they will have more 
>>>>> bandwidth free to answer legitimate queries.
>>>>> 
>>>>> Regarding the matter of distinguishing the servers using 
>>>>> whitelisting... There should definitely be a flag on the wiki page 
>>>>> signifying if a server is using whitelisting or not, and that flag 
>>>>> could be used for sorting the list.  Additionally, we will have to 
>>>>> revise our listings of 'nearest servers' to allow users to make a 
>>>>> choice between whitelisted and fully-open servers (with the full-open 
>>>>> servers being the default view).
>>>>> 
>>>>> And of course we will need to write some wiki how-to pages to show 
>>>>> people how to register their IP on various platforms.  This project is 
>>>>> still getting off the ground, it will take some time to get everything 
>>>>> set up.  However for anyone wondering how they can contribute, it would 
>>>>> be great if anyone wants to start working on documentation.  Linux and 
>>>>> Mac users should be easy... simply adding a cron job that runs hourly 
>>>>> or at boot...  Windows will be more involved, installing wget and 
>>>>> setting up a scheduled task (or if anyone has alternate ideas?) and 
>>>>> will require screenshots of the various steps.  We also need a front 
>>>>> page in the wiki to lay out the benefits of whitelisting, and discuss 
>>>>> the measures put in place to protect a user's privacy.
>>>>> 
>>>>> 
>>>>>>> On 02/10/2014 07:24 PM, Quinn Wood wrote:
>>>>>>> On Mon, Feb 10, 2014 at 7:37 PM, Guillaume Parent 
>>>>>>> <gparent AT gparent.org> wrote:
>>>>>>> The point is not to punish people who wish to protect their servers, 
>>>>>>> but to
>>>>>>> not confuse users who are sometimes already so technically challenged 
>>>>>>> that
>>>>>>> they have no idea what to do with the IP in the first place.
>>>>>> I guess at this junction, it's a question of whether or not we value a
>>>>>> large userbase more than educating a small userbase.
>>>>>> 
>>>>>> ----
>>>>>> To unsubscribe, email 
>>>>>> dns-operations-unsubscribe AT lists.opennicproject.org
>>>>> ----
>>>>> To unsubscribe, email 
>>>>> dns-operations-unsubscribe AT lists.opennicproject.org
>>>> ----
>>>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
>>> 
>>> ----
>>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
>> ----
>> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
> 
> 
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org