Hi all, I'm looking to set up a dedicated linux server on my dsl... It's going to do mail, web, ftp, the works. The thing is, I need a super reliable DNS. Are there any you can suggest that are super reliable? I don't mind paying.

Also, would you suggest I just host my own DNS? Is it possible to have 2 DNS servers running off the same machine (the linux box). I have 5 IPs, so that's not a problem.

Please feel free to just go off on a tangent about your thoughts on the matter.

Thanks all, I appreciate it.

Beernuts,

Only run your own DNS if your IPs are static. If not I'd stay away from that option completely; it's not reliable and even worse will probably let you down when you least expect/most need it.

If your IP is semi-static I'd recommend a subdomain with dhs.org. They're the newest incarnation of ml.org, a long-time provider of free DNS services that's probably the best and most reliable deal out there. (http://www.dhs.org)

Sincerely,

-Matt

Yes, it's possible to run two DNS servers on the same machine, but really you only need to run one DNS server that binds to all of the IP addresses. As RackNine said, only run your own DNS server if your IP addresses are static. You could also use a 3rd party DNS such as ZoneEdit which is free for the first 5 domains. They've been very reliable for me.

beernuts,

checkout zoneedit.com .. you can setup dns services for up to 5 domains for free, any more than 5 and then you will have to pay some. i have been using them for various things for close to a year probably, no problems at all.

Greetings:

How reliable is your DSL service?

Prior to going to cable at home, I've been with two DSL providers. Two members of our staff also have DSL at home through two different providers.

So our total experience is four providers.

All three of us have experiences as much as two to three days of down time per eight to twelve weeks (which is a lot).

Furthermore, with DSL your IP address is dynamic and can change upon reboot or reconnect.

Also, most DSL and cable is on a shared network. So speed will not be constant.

Furthermore, because of being on a shared network, security risks are very high.

I never tracked the number of attack attemps while I had DSL, but on cable (same consideration, though, as DSL), I average 20 to sometimes 50 attack attemps / scan attemps per night.

So please be very careful about doing any form of hosting based on DSL or even cable.

Thank you.

Originally posted by dynamicnet

Also, most DSL and cable is on a shared network. So spead will not be constant.

Furthermore, because of being on a shared network, security risks are very high.


While I certainly agree with your sentiments regarding hosting on a cable/DSL connection. A shared network is not really a valid reason. All networks are shared networks, and I have seen some data centers that have abysmal security within their facilities, to the point that it was easy to sniff traffic on other boxes.

Greetings:

"All networks are shared networks"

Correct. However, in a data center the sharing is within the data center itself and usually comprised of their target market.

A data center's target market is usually tighter than that of a DSL or cable target market.

% of business customers in a data center compared to residential is usually very high on the side of business. While on DSL and cable, residential is often higher (marginally so now a days as more businesses move to DSL and cable for office connectivity, but still higher in favor of residential).

From my understanding, most DSL and cable providers are licensed and have to go through government agencies. This may mean that increasing the capacity of the network cannot be done quickly; I'm not sure of this statement.

Most data center providers, even when pubicaly owned, do not have to report to any public agency (other than the S.E.C. if public US); and increasing capacity can generally be done quicker in the non-public realm than in the public realm.

Lastly, because DSL and cable are very inexpensive compared to dedicated connectivity, I would venture to state it would be easier to find more hackers using DSL / cable (even wanna be hackers) compared to those within a data center.

Also, most data centers that we work with build their data center in such a way that sniffing can only be accurately done within the data center itself.

Thank you.

Originally posted by dynamicnet

Also, most data centers that we work with build their data center in such a way that sniffing can only be accurately done within the data center itself.


Which is infinitely more dangerous. People can sniff my home machine all they want, I very rarely send anything from home that is private.

Being able to sniff my company server, and possibly gain access to customer information, or other proprietary technology is significantly more disturbing to me.

Greetings:

"Being able to sniff my company server, and possibly gain access to customer information, or other proprietary technology is significantly more disturbing to me."

Since most good data centers build their data center in such a way that sniffing can only be done in the data center itself. And such companies often employee 3rd party, armed, security guards and use biometrics and other security measures to ensure only authorized personnel have access to the network itself... then what's your point? ;-)

Thank you.

Originally posted by dynamicnet

Since most good data centers build their data center in such a way that sniffing can only be done in the data center itself. And such companies often employee 3rd party, armed, security guards and use biometrics and other security measures to ensure only authorized personnel have access to the network itself... then what's your point? ;-)


My point is that anyone with a server on the network would be able to sniff data from other servers on that network. To me it is not inconceivable that an attacker would lease a $99 RackShack server, install SNORT and start monitoring other servers on the network, gathering gigbytes of data to sift through.

I believe Rackshack uses switches for their network servers. You can't sniff off of a switch without having 'port mirroring' or some feature like that on it enabled for your port to mirror another.

While switches shouldn't be trusted for security, they do offer a good first defense.

But most importantly, you should never transmit sensitive information in cleartext.

Originally posted by sloop
I believe Rackshack uses switches for their network servers. You can't sniff off of a switch without having 'port mirroring' or some feature like that on it enabled for your port to mirror another.

While switches shouldn't be trusted for security, they do offer a good first defense.

But most importantly, you should never transmit sensitive information in cleartext.

That's a common misnomer. You are correct that switches provide significantly more protection than hubs by creating broadcast domains for each individual port....however, I can certainly sniff traffic on a switched network with the right tools:

http://www.monkey.org/~dugsong/dsniff/

And it doesn't require any sort of port mirroring.

You are also correct about clear text passwords...yet how many hosting providers still offer FTP, or even worse, FrontPage to their users? An FTP login is a good start to getting the rest of the information about the server :).

Furthermore, with DSL your IP address is dynamic and can change upon reboot or reconnect.
I have a DSL line at home and a cable line at another home (DSL by Bellsouth, Cable by AT&T). Both of them have 'dynamic' IPs, but even after rebooting/reconnecting/whatever the IPs remain the same. The IPs are bound to my NICs. The only way to change them is to install a new NIC or get a new dsl/cable router. Then another IP is 'dynamically' assigned to me.

Not all DSL and Cable providers issue IPs that change each time you connect.

Also, most DSL and cable is on a shared network. So speed will not be constant.

Furthermore, because of being on a shared network, security risks are very high.
This can be said for most networks out there, DSL/Cable or not. I experience near-capacity throughput on my DSL and Cable lines all the time (I run a personal server off of the DSL line -- never skips a beat).

I never tracked the number of attack attemps while I had DSL, but on cable (same consideration, though, as DSL), I average 20 to sometimes 50 attack attemps / scan attemps per night.
We see the same amount of scans on our company servers as well. Anyone can scan your servers, no matter if you're on a DSL, Cable, T1, or OC3 line. You've got an IP, they'll scan you.

So please be very careful about doing any form of hosting based on DSL or even cable.
Paid hosting? Don't do it. Mission-Critical hosting? Don't do it. Personal hosting of your own sites and your friends' sites, go for it if you have an IP that doesn't change on reboots/reconnects and the service is stable enough. There's nothing wrong with hosting off a DSL or Cable connection so long as it's reasonably stable.

Originally posted by uuallan


That's a common misnomer. You are correct that switches provide significantly more protection than hubs by creating broadcast domains for each individual port....however, I can certainly sniff traffic on a switched network with the right tools:

http://www.monkey.org/~dugsong/dsniff/

And it doesn't require any sort of port mirroring.



However dsniff cannot sniff through ALL switches. So if you are careful and buy the right switches and set them up correctly, dsniff is useless...

<side note> 200 Posts WooHoo! :D</side note>

Originally posted by mpope

However dsniff cannot sniff through ALL switches. So if you are careful and buy the right switches and set them up correctly, dsniff is useless...


More the second than the first. I haven't seen a switch yet that was not susceptible to dsniff (note: that does not mean that there are none, I just have not run across them), but with some security tightening, most managed switches can be made impervious to the dsniff tools.

Yes, that's probably a better description. I guess I should have said "Don't buy the wrong switch" (because some switches will always be susceptible to dsniff no matter what you do)