IRL: 🐡 🥋 📸 🌱 🍻 🎸 All we are is dust in the wind. 🖖☺️ Opened to discussions. I will check your profile before accepting a follow request. 🔁 Retoot anything at will. 🕵️♂️ I don’t post things that should be kept secret. ♻️ Old messages are automatically deleted. 🗣️ 🇫🇷 🏴 # OpenBSD # RunBSD # Illumos # OmniOS # UNIX # Slackware # FOSS # MartialArt # Karate # Kobudo # ShindoMusoRyuJodo # Photography # Plant # Gardening # Music # Guitar
IRL: 🐡 🥋 📸 🌱 🍻 🎸 All we are is dust in the wind. 🖖☺️ Opened to discussions. I will check your profile before accepting a follow request. 🔁 Retoot anything at will. 🕵️♂️ I don’t post things that should be kept secret. ♻️ Old messages are automatically deleted. 🗣️ 🇫🇷 🏴 # OpenBSD # RunBSD # Illumos # OmniOS # UNIX # Slackware # FOSS # MartialArt # Karate # Kobudo # ShindoMusoRyuJodo # Photography # Plant # Gardening # Music # Guitar
I was working on providing public DNS resolvers for people who would not like to use Google or Quad9, for whatever reasons - and couldn’t / didn’t want to selfhost their own. So I build two of those, tested them on my computerS for months and opened them to the test for limited audience - like advertised it to a limited audience but service was not source-filtered.
It didn’t take long (like 2-3 days) before they got assaulted by bots and stuff. They survived this quite well so I was not that worried.
Then I received an abuse report from one of the provider saying they received an alert notification from XXX Security Company. The initial content was like "there’s a dumbass running an open relay service that can be used by others to participate a DDOS". The provider email was more like "We received this alert. You may discard it. Or you may do something to ensure security". After checking my logs, I noticed that my servers cached things pretty well and that they wouldn’t query external DNS more than a few times a day, at worse, for specific DNS entries. I also checked that I had enabled limitations in the conf to prevent rogue access - I also feared I was limiting too much TBH.
Still, got kinda scared of participating in enshitting the Internet so I switched back to source-filtering the access to only my computers. And notify the limited audience that I rolled back and closed the service.
Papers I found online were simply recommending QoS and implementing query rate limitation. Online checkers I found simply went "Danger! Danger! Anyone can make recursive queries there! Turn this off!"
All that to say I wonder… Is this just Big Tech & friends trying to keep their users or is the danger real. How do the 4-5 so called alternative-public-resolver manage DDOS protection. Did they register somewhere as "official providers" to not be bothered by shitty observers.
What do you, #DNS people, say on this?