DNS Flag Day, Friday, Feb 1st, 2019

• Previous message (by thread): DNS Flag Day, Friday, Feb 1st, 2019
• Next message (by thread): DNS Flag Day, Friday, Feb 1st, 2019
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/24/19 11:46 AM, Mark Andrews wrote:
>On 25 Jan 2019, at 2:14 am, Stephen Satchell <list at satchell.net> wrote:
>> My edge routers block *all* inbound DNS requests -- I was being hit by a
>> ton of them at one point.  Cavaet: I don't run a DNS server that is a
>> domain zone master -- I use a DNS service for that.  I do have a DNS
>> server inside, but only to handle recursive requests from inside my network.
>>
>> Outbound DNS requests?  Lets them through, and responses too.
>
> Well does your DNS service properly manage the firewall in front of their
> servers?  Does the anti DoS scrubbing service they are using also pass the
> well formed packets to the DNS server they are advertising?

I have domains on several DNS services.  Most of the services work
properly according to the ISC tests.  Two of the services show failures.
 So I called support on the pair.  One service says they are deploying
updates before the 1 Feb 19 deadline to all their DNS servers.  The
other one (starts with an "A") doesn't know when they will be fully
compliant "but your customers should have no difficulty with getting DNS
answers on your domains."

I had downloaded the tool, so I tested my inside DNS servers just for
grins.  Passed with flying colors -- I had used Centos 7 in those
servers, updated on a regularly scheduled basis, so of course it flew
with flying colors.  (Or do you prefer colours?)

• Previous message (by thread): DNS Flag Day, Friday, Feb 1st, 2019
• Next message (by thread): DNS Flag Day, Friday, Feb 1st, 2019
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]