Jump to content

Own Nameserver?


h90

Recommended Posts

I have serveral domains and use networksolutions nameserver, but I can also set my own nameserver.

What is better. My thoughts were:

Own Nameserver:

- it takes resources

+ less downtime (because networksolutions seems to have problems sometimes)

whats your opinions?

Link to comment
Share on other sites

I run my own nameserver (primary DNS for my domain) and the additional resources are minimal compared to the other functions it performs. In my case it works as a nameserver, web server, e-mail server and firewall and the total load is quite small.

Downtime is all dependent upon you and the server (and the ISP you have to go through). The advantage of course is that you can correct the problems immediately rather then have to wait for someone else. Another advantage is not having to request a change such as adding aliases, etc and can do it yourself.

Link to comment
Share on other sites

I run my own nameserver (primary DNS for my domain) and the additional resources are minimal compared to the other functions it performs. In my case it works as a nameserver, web server, e-mail server and firewall and the total load is quite small.

Downtime is all dependent upon you and the server (and the ISP you have to go through). The advantage of course is that you can correct the problems immediately rather then have to wait for someone else. Another advantage is not having to request a change such as adding aliases, etc and can do it yourself.

sounds good, will do so, what I see most of the processor time is used from the spam filter and from a process called hald (no idea what hald is).

Link to comment
Share on other sites

sounds good, will do so, what I see most of the processor time is used from the spam filter and from a process called hald (no idea what hald is).

It stands for Hardware Abstraction Layer Daemon and is similar to the same function used in XP.

"With HAL, all the interesting information about certain classes of hardware is easily accessible in a well-defined format. When a new device is added to the system, an asynchronous signal is broadcast on the system message bus detailing what kind of device was added. Any desktop application can easily connect to the message bus to discover hardware. In addition, system-level scripts can be run to configure the device"

Source: http://www.redhat.com/magazine/003jan05/features/hal/

Link to comment
Share on other sites

sounds good, will do so, what I see most of the processor time is used from the spam filter and from a process called hald (no idea what hald is).

It stands for Hardware Abstraction Layer Daemon and is similar to the same function used in XP.

"With HAL, all the interesting information about certain classes of hardware is easily accessible in a well-defined format. When a new device is added to the system, an asynchronous signal is broadcast on the system message bus detailing what kind of device was added. Any desktop application can easily connect to the message bus to discover hardware. In addition, system-level scripts can be run to configure the device"

Source: http://www.redhat.com/magazine/003jan05/features/hal/

Yes I read that, too. But I did not understand it and I don't know if I need it.

I can simply try to kill it, than after paying 200 US$ for support and tons of angree customer I know if I need it or not :o:D

Link to comment
Share on other sites

Yes I read that, too. But I did not understand it and I don't know if I need it.

I can simply try to kill it, than after paying 200 US$ for support and tons of angree customer I know if I need it or not :o:D

Just think of it as the auto detect when a new device is put in your computer and loads all the right things. It may be a bad move to remove it. You can just kill the process and see the effect it has or you can 'nice' the process, that is set its priority lower. Recommend the 2nd first if you have customers attached. :D

Link to comment
Share on other sites

Can this bypass the IP blocking that goes on in Thailand?

...that was also my first thought... :o

It probably won't help because ultimately the traffic will route through CAT. As I mentioned in my previous post, I run a nameserver and some of the sites that were mentioned in other posts were also redirected to spamcop from my server.

Link to comment
Share on other sites

As I understand it CAT does not really block IP addresses.

They modify their DNS to map the name to their own "Don't Do It" page.

If you have the raw IP address then you can still access the server.

To my way of thinking if you have your own DNS server it will resolve the

IP address correctly for you?

The only thing I am not sure about is where your DNS server will source its tables?

If it is CAT you are f**ked.

Link to comment
Share on other sites

Yes I read that, too. But I did not understand it and I don't know if I need it.

I can simply try to kill it, than after paying 200 US$ for support and tons of angree customer I know if I need it or not :D:D

Just think of it as the auto detect when a new device is put in your computer and loads all the right things. It may be a bad move to remove it. You can just kill the process and see the effect it has or you can 'nice' the process, that is set its priority lower. Recommend the 2nd first if you have customers attached. :D

I think I'll not try it :D

the server is in Holland and I in BKK, if my telnet does not work anymore I am doomed....

I have the password from this server power-supply (can be controlled over internet :o ), so I can plug the computer out and in again, but that might be to much for a nervous person like me...

Link to comment
Share on other sites

I have doubts, they wouldn't need the transparent proxy.

But give me a blocked url and make a nslookup. I make via telnet a lookup in holland and than we check if it is the same IP.

But else of course some people can rent a cheap server together, maybe 100 US$ per month and VPN all the traffic thru it, as well they can have there emailadresses (encrypted POP3) there and a webpage.

For a few normal privat user it is impossible to overload the cheapest server on Linux.

I remember the first server was a Pentium 133 on Linux and everything disabled what is not necessary, it had 256 MB ram. With tons of emails thousands of people looking the webpages (30-40 GB traffic per month), the server was still half sleeping......

As I understand it CAT does not really block IP addresses.

They modify their DNS to map the name to their own "Don't Do It" page.

If you have the raw IP address then you can still access the server.

To my way of thinking if you have your own DNS server it will resolve the

IP address correctly for you?

The only thing I am not sure about is where your DNS server will source its tables?

If it is CAT you are f**ked.

Link to comment
Share on other sites

As I understand it CAT does not really block IP addresses.

They modify their DNS to map the name to their own "Don't Do It" page.

If you have the raw IP address then you can still access the server.

To my way of thinking if you have your own DNS server it will resolve the

IP address correctly for you?

The only thing I am not sure about is where your DNS server will source its tables?

If it is CAT you are f**ked.

I wish this was the case, then it would be easy to bypass all their blocks. Unfortunately, no one is simply modifying DNS lookups. For the last couple months, even using proxy servers is no longer effective. What they appear to be doing is sniffing all traffic and redirecting based on the packet's destination IP address, meaning even if a request is routed through a proxy server it still contains the destination domain name or IP address and so gets blocked.

If you want to prove this yourself, setup your primary and secondary DNS to 168.95.1.1 & 168.95.1.2 (Taiwan's major DNS servers) and go try to load up play boy dot com. Or try the PB.com IP address directly 216.163.137.3 , still blocked.

Link to comment
Share on other sites

As I understand it CAT does not really block IP addresses.

They modify their DNS to map the name to their own "Don't Do It" page.

If you have the raw IP address then you can still access the server.

To my way of thinking if you have your own DNS server it will resolve the

IP address correctly for you?

The only thing I am not sure about is where your DNS server will source its tables?

If it is CAT you are f**ked.

I wish this was the case, then it would be easy to bypass all their blocks. Unfortunately, no one is simply modifying DNS lookups. For the last couple months, even using proxy servers is no longer effective. What they appear to be doing is sniffing all traffic and redirecting based on the packet's destination IP address, meaning even if a request is routed through a proxy server it still contains the destination domain name or IP address and so gets blocked.

If you want to prove this yourself, setup your primary and secondary DNS to 168.95.1.1 & 168.95.1.2 (Taiwan's major DNS servers) and go try to load up play boy dot com. Or try the PB.com IP address directly 216.163.137.3 , still blocked.

yes thailand is taking care on my mental health, I can not see it.

I am sooooo gradefull that Thailand is taking care of me.

Link to comment
Share on other sites

What they appear to be doing is sniffing all traffic and redirecting based on the packet's destination IP address, meaning even if a request is routed through a proxy server it still contains the destination domain name or IP address and so gets blocked.

Perhaps this is why everybody is complaining about performance?

Sniffing every packet must inpose a load and bottleneck........... :o

Link to comment
Share on other sites

Can this bypass the IP blocking that goes on in Thailand?

yes. also allows to do lots of good things nobody wants you to do

DNServer in the right way should be set somewhere on very high speed connection like data center or so.. they shut down few of mine, btw...

Link to comment
Share on other sites

I think I'll not try it :D

the server is in Holland and I in BKK, if my telnet does not work anymore I am doomed....

I have the password from this server power-supply (can be controlled over internet :o ), so I can plug the computer out and in again, but that might be to much for a nervous person like me...

Setup your nameserver, check it with http://www.dnsreport.com/ and if you need a secondary nameserver, I'll run it for you.

Server is located at Redbus in Amsterdam.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...