Make sure to secure your recursive resolvers (including your RB450's
with "enable remote requests" set), or you'll be exploited for a DNS
reflection DOS.
The easiest way to do that is to configure either the firewall on your
DNS server, or the DNS server itself, to only allow requests from your
IP subnets.
On 11/13/2014 8:16 PM, Mike Hammett wrote:
Deploy your own DNS resolvers. Do not rely on other people, especially
Google.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
------------------------------------------------------------------------
*From: *"Jeremy Grip" <[email protected]>
*To: *"Mikrotik Users" <[email protected]>
*Sent: *Thursday, November 13, 2014 8:14:42 PM
*Subject: *[Mikrotik Users] DNS caching on PPPoE concentrator
I hand out IPs to client routers from 450G gateways via PPPoE. The
450s are configured for DNS caching with remote requests enabled, but
the PPPoE servers configured on the LAN interfaces specify my upstream
provider and Google DNS nameservers. Do DNS requests from PPPoE
clients use the cache, or do I need to specify the router itself as a
DNS server in the PPPoE server/s?
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users
--
-----------------------------------------------
- Nick Bright -
- Vice President of Technology -
- Valnet -=- We Connect You -=- -
- Tel 888-332-1616 x 315 / Fax 620-331-0789 -
- Web http://www.valnet.net/ -
-----------------------------------------------
- Are your files safe? -
- Valnet Vault - Secure Cloud Backup -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
-----------------------------------------------
This email message and any attachments are intended solely for the use of the
addressees hereof. This message and any attachments may contain information
that is confidential, privileged and exempt from disclosure under applicable
law. If you are not the intended recipient of this message, you are prohibited
from reading, disclosing, reproducing, distributing, disseminating or otherwise
using this transmission. If you have received this message in error, please
promptly notify the sender by reply E-mail and immediately delete this message
from your system.
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users
