You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A new comer here. Thanks for sharing this great software with us. I have newly deployed Technitium DNS on two different sites, which I want to make a cluster with. I will be using Technitium for both authoritative DNS management and for recursive requests with the purpose of replacing AdGuard.
But the idea of employing two publicly open recursive DNS resolvers scare me. Right now, Technitium has the ability to deny recursive requests based on ACL or public IPs which are great; but these two options provide solutions which would be ineffective for my fright.
ACL has a limitation of 255 entries which is not illogical but is not suitable for all cases, and having to use private IPs for recursion is a luxury, for all the clients would need to have a VPN connection at all times to where Technitium is running, in the case of a remote deployment. And in my case, there are also mobile clients.
So I think having recursion limited to a country would be a good solution, instead of having it open to the whole world.
There are already GeoIP apps which help serve different DNS records for different regions. So why not use them like ACL too? This way for example Technitium would check if it is authoritative for the requested record and if so, it responds; but if it's a recursive request, then it would block (drop) the request coming from unwanted regions.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
A new comer here. Thanks for sharing this great software with us. I have newly deployed Technitium DNS on two different sites, which I want to make a cluster with. I will be using Technitium for both authoritative DNS management and for recursive requests with the purpose of replacing AdGuard.
But the idea of employing two publicly open recursive DNS resolvers scare me. Right now, Technitium has the ability to deny recursive requests based on ACL or public IPs which are great; but these two options provide solutions which would be ineffective for my fright.
ACL has a limitation of 255 entries which is not illogical but is not suitable for all cases, and having to use private IPs for recursion is a luxury, for all the clients would need to have a VPN connection at all times to where Technitium is running, in the case of a remote deployment. And in my case, there are also mobile clients.
So I think having recursion limited to a country would be a good solution, instead of having it open to the whole world.
There are already GeoIP apps which help serve different DNS records for different regions. So why not use them like ACL too? This way for example Technitium would check if it is authoritative for the requested record and if so, it responds; but if it's a recursive request, then it would block (drop) the request coming from unwanted regions.
What say you?
Beta Was this translation helpful? Give feedback.
All reactions