Conversation

Notices

1. Embed this notice
   pawlicker (pawlicker@pawlicker.ddns.net)'s status on Tuesday, 18-Oct-2022 03:58:42 JST pawlicker
   Honestly I might just start hosting my main domain at home tbh
   • Embed this notice
     arcanicanis (arcanicanis@were.social)'s status on Tuesday, 18-Oct-2022 06:22:59 JST arcanicanis

     in reply to

     @pawlicker Just be mindful of this, in case if there’s any response-heavy queries possible: https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/ I’ve self-hosted my own authoritative DNS servers for my domains, with any recursive queries disabled, and still had a moment one day to wake up to my VPS being used for a reflected/amplified DoS attack putting a significant CPU/bandwidth load on it. Changed the NS records to point to Linode’s authoritative DNS service, and had Linode’s DNS slave from my server for my zones (so that I still held full control over DNSSEC keying). Still had later incidents of things trying to weaponize it for an amplification attack until I basically firewalled all of port 53 to only respond to Linode’s servers (for slaving) and nobody else, and then everything was fine.

   • Embed this notice
     arcanicanis (arcanicanis@were.social)'s status on Tuesday, 18-Oct-2022 06:24:50 JST arcanicanis

     in reply to

     • arcanicanis
     @pawlicker Or, derp: just realized you meant the hosting of the website, not the authoritative DNS I assume. Either way, just worth mentioning as a public service announcement nonetheless.