Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/jtk/statuses/113867693771890360">John Kristoff (jtk@infosec.exchange)'s status on Wednesday, 22-Jan-2025 12:45:35 JST</a><a href="https://infosec.exchange/@jtk" title="jtk@infosec.exchange"><img src="https://gnusocial.jp/avatar/65700-48-20240119133020.webp" width="48" height="48" alt="John Kristoff" style="position: absolute; left: 0; top: 0;">John Kristoff</a><div><a href="https://toots.sahilister.in/@sahil/113867466031866973" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://toots.sahilister.in/@sahil">@sahil</a> If you want to see details about who and what is issuing queries for your names, it's a good idea.</p><p>If your name(s) are prone to attack, it might be a bad idea unless you partner with a provider who can host and help mitigate large floods.</p><p>If your zone(s) don't change very often and have few records, it is relatively easy to setup and run a couple of authoritative name servers, ideally on at least a couple of diverse networks using bind, unbound, or whatever you're comfortable with.</p><p>Don't provide answers (recursion) you're not authoritative for.</p><p>Don't forget to update your SOA serial every time you make a zone change.</p><p>Do run your zone through various zone checking online tools (e.g., zonemaster.fr).</p><p>Do use a provider who won't arbitrarily block networks/addresses or source ports.</p><p>Don't run anything else on your name server, but maybe just SSH and NTP - and protect those from unsolicted access.</p><p>You may not have a need for all their guidance, but see IETF RFCs 2870 ad 9199 for other ideas.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4419002#notice-8651358">In conversation</a><time datetime="2025-01-22T12:45:35+09:00" title="Wednesday, 22-Jan-2025 12:45:35 JST">about 6 months ago</time> <span>from <span><a href="https://infosec.exchange/@jtk/113867693771890360" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@jtk/113867693771890360">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: change.do</div><h5><a href="https://change.do/">CHANGE with us</a></h5><div></div></header><div>A fearless commitment to creativity and innovation, we strive to craft captivating visual and structurals narratives that evoke emotion and provoke thought.</div><footer></footer></article></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://zonemaster.fr/en/">Zonemaster</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
John Kristoff (jtk@infosec.exchange)'s status on Wednesday, 22-Jan-2025 12:45:35 JSTJohn Kristoff
in reply to
- sahilister
@sahil If you want to see details about who and what is issuing queries for your names, it's a good idea.
If your name(s) are prone to attack, it might be a bad idea unless you partner with a provider who can host and help mitigate large floods.
If your zone(s) don't change very often and have few records, it is relatively easy to setup and run a couple of authoritative name servers, ideally on at least a couple of diverse networks using bind, unbound, or whatever you're comfortable with.
Don't provide answers (recursion) you're not authoritative for.
Don't forget to update your SOA serial every time you make a zone change.
Do run your zone through various zone checking online tools (e.g., zonemaster.fr).
Do use a provider who won't arbitrarily block networks/addresses or source ports.
Don't run anything else on your name server, but maybe just SSH and NTP - and protect those from unsolicted access.
You may not have a need for all their guidance, but see IETF RFCs 2870 ad 9199 for other ideas.
In conversationabout 6 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: change.do
  CHANGE with us
  A fearless commitment to creativity and innovation, we strive to craft captivating visual and structurals narratives that evoke emotion and provoke thought.
2. No result found on File_thumbnail lookup.
  Zonemaster

Public

Embed Notice

HTML Code

Corresponding Notice