[talk] public "private" dns resolver

N.J. Thomas njt at ayvali.org
Sun Sep 22 02:53:10 EDT 2019


* Pete Wright <pete at nomadlogic.org> [2019-09-20 17:09:22-0700]:
> so on a scale of meh to omg-kill-it-with-fire would running a random
> resolver with no ACL's on the public internet be?
[...]
> up my configuration.  i'd like to avoid setting restricting access as i 
> want to avoid a hassle if my home internet ip changes

Two quick/random ideas off the top of my head:

    - set your DNS server ACLs to allow the netblock(s) for your cable
      modem company, one could argue this is not as bad as opening it up
      to the public internet

    - I don't think you have one judging from your post...but you could
      setup a cheap pfsense box at home and use spiped or some similar
      setup to connect to your your public server; your name server
      would listen locally, and spiped would encrypt the connection and
      pipe it home to your pfsense box (you would have to do some work
      if the IP changes, but I think that's scriptable)

Thomas




More information about the talk mailing list