[dns-operations] Best Resources for Deep Dive Understanding of DNS

Franck Martin fmartin at linkedin.com
Tue Jan 6 22:53:12 UTC 2015 

On Jan 5, 2015, at 3:17 PM, Alexander Neilson <alexander at neilson.net.nz> wrote:

> 
> 
>> On 6/01/2015, at 11:59 am, Franck Martin <fmartin at linkedin.com> wrote:
>> 
>> 
>> On Jan 4, 2015, at 2:44 AM, Alexander Neilson <alexander at neilson.net.nz> wrote:
>> 
> 
>> 
>>> 
>>>> 
>>>>> * Resolved Fragmentation issues to allow full 4096 EDNS resolution
>>>> The best ;-). It seems like you already learned a lot and have taken the right decisions.
>>> 
>>> I am doing my best to try improve all aspects of our network. However the learning is what I really value out of it all as every change I make helps me to understand how it all works in the plumbing.
>> 
>> You may find some useful documentation here if you worry about your network and not DNS only: https://www.m3aawg.org/published-documents
>> 
> 
> Thank you, more resources on networks all over (DNS or otherwise) are always welcome. Trying to learn more to be a better network operator.
> 

The big rule, is block port 25 traffic outside your network for all dynamic IP customers or end customers by default (they can use the submission port). Monitor this traffic as it will help you locate infected machines from your customers.

Make sure that any of your IPs has an attached working abuse email address. It is set up via the APNIC interface, gets visible in the whois but is surfaced via free and easy to use services like https://abusix.com/contactdb.html

It makes reporting issues very easy (like DNS amplification attacks) and automatic, data you will want to have to keep your network cleaner, react to issues faster and contribute to world peace :P

Learn about spamhaus.org, surbl.org, uribl.org, spamcop.net, sorbs.net, shadowserver.org ….

Finally check:
https://dmarcian.com/spf-survey/neilson.net.nz
https://dmarcian.com/dmarc-inspector/neilson.net.nz


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150106/a424b235/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150106/a424b235/attachment.sig>

More information about the dns-operations mailing list