[Dnsmasq-discuss] dnsmasq to provide public DNS service

T o n g mlist4suntong at yahoo.com
Thu Jul 7 03:55:17 BST 2016


On Wed, 06 Jul 2016 08:43:56 -0500, /dev/rob0 wrote:

>> > Nobody should do that indeed, because it is a very bad idea: your
>> > machine may then serve as an amplifier for DDoS attacks.
>> 
>> I'm more interested to know how to do that than actually provide the
>> DNS service. BTW, on to that thought, how the ISP or Google's DNS
>> server able to avoid being an amplifier for DDoS attacks?
> 
> Having some familiarity with this, I can address this question, while
> staying out of Albert's way as he valiantly tried to address the Big
> Picture. :)

Oh, thanks a lot for your detailed explanation. 

That's exactly the kind of info I need. We all know that "anything could 
happen". Once I asked how to use sendmail as the mail server so people 
can send me emails to me, to my account of my own domain, and the 
response was overwhelmingly: DON"T, then followed by "anything could 
happen", without explaining what actually could happen ---

Your detailed explanation really helped me understand the situation and 
complexity of the issue. 

> Dnsmasq is a wonderful piece of software which does a very nice job at
> meeting the needs of most small, simple sites.  I do not think it's well
> suited for ISP use, and especially not for use as an open resolver.

This is only for my personal use, and I'll turn it off once I'm done. 
I.e., I care more about *can* it be done part, not much on the part of 
"*should* it be done".

thanks again





More information about the Dnsmasq-discuss mailing list