PDA

View Full Version : DNS Servers form other ISPs



KiwiTT_NZ
08-06-2005, 03:02 PM
I thought if you are with one ISP you can not use the DNS Servers of another.

It would appear that this is not the case. Can some one confirm this ?

Safari
08-06-2005, 03:21 PM
Incorrect
Correct

KiwiTT_NZ
08-06-2005, 03:41 PM
Thanks Safari.

I knew a policy applied to pop3, smtp and news servers, so assumed that DNS servers were also restricted.

Safari
08-06-2005, 04:00 PM
Thanks Safari.

I knew a policy applied to pop3, smtp and news servers, so assumed that DNS servers were also restricted.

It only applies to smtp servers
It does not usually apply to pop3 servers apart from some ISP's like Xtra who block access unless you are connected with them. Most ISP's allow pop3 access regardless which ISP their connection is with.

For instance you could be in the UK and connecting with a local ISP but still be able to connect to the pop3 server of your NZ ISP

Growly
08-06-2005, 09:38 PM
The difference is, my dear KiwiTT_NZ, that SMTP servers require authentication - for which you will need the username and password handed down to you by your ISP.

Most DNS server do not require this at all, so you are free to select whichever you like - you can even choose one of the primary DNS servers if you want.

/edit: I meant that nicely, not arrogantly.

Safari
08-06-2005, 10:48 PM
The difference is, my dear KiwiTT_NZ, that SMTP servers require authentication - for which you will need the username and password handed down to you by your ISP.

Most DNS server do not require this at all, so you are free to select whichever you like - you can even choose one of the primary DNS servers if you want.

/edit: I meant that nicely, not arrogantly.

You have got it all wrong.
SMTP servers don't require authentication normally which is why you can only send through them if you are connected to that ISP otherwise you get a relaying denied error.

It is the POP3 servers that require authentication with username and password.

KiwiTT_NZ
09-06-2005, 10:45 AM
Hmmm. If I was an ISP, I would want to control who accesses my critical servers, which the DNS servers are.

I am sure you can do packet filtering to block non-ISP client accessing it. However, if you think one page load can have 10-20 DNS requests in the browser and multiplying that by the number of users, that is a lot of requests per sec. Packet-filtering would slow this down.

dave_net_nz
09-06-2005, 11:21 AM
Filtering/restricting access to your DNS servers is not normally a good idea... You hold the DNS for your own hosts, meaning that anyone "outside" can't see it if you filter it out.

I'm sure that you can see how this would be bad.

Graham L
09-06-2005, 05:38 PM
Filtering/restricting access to your DNS servers is not normally a good idea... You hold the DNS for your own hosts, meaning that anyone "outside" can't see it if you filter it out.

I'm sure that you can see how this would be bad.

If you have a DNS server in your own, private, LAN, you don't want it available to the world. (Unless you have set it up to "divert" people's Internet banking transactions through one of your hosts ;)).

However, a DNS server provided by an ISP is usually just "a server on the Internet". There is no checking the source of requests in the standard software --- the whole idea is that requests are handled as quickly as possible. There is no write access (unless there is something seriously wrong with the server) and DNS is just a linking of publicly known information (host names) with publicly known information (IP addresses).

I suppose an ISP could give their DNS servers local (non-routable) IP addresses, but this would destroy the whole point of it. DNS is a cooperative system; ISPs have to provide a matching IP address for e.g. fred's web page fred.xtra.co.nz to the rest of the world. DNS does that. The ISP could "sort of" do that with something like NAT, but why bother? (All the entries in an ISPs address space have to be available on at least one DNS server not run by them, too, so it seems pointless to have "private" DNS servers).

personthingy
09-06-2005, 08:08 PM
Block DNS Servers form other ISPs customers????

Dont tell the countrys worst ISP that!

As is, Joe Blow sets up his email account, "jo-blow@bad.isp.co.nz", takes the lappy to work, and finds that Jo-Blows email wont pick up unless Joe connects via dial-up to Joes own ISP.... Bad form!

But if the countrys worst ISP can figure out a way to block end user customers from other ISPs from using their DNS servers, (for security reasons of course :p) The poor old Joe wont be able to surf the web unless Joe can connect via IP addresses only, or change more than a few setting on the lappy to get DNS working again.

The only server i can see that should be blocked from users outside of the ISPs customer base is the SMTP server, and thats just to close a door that evil spammers might use. Yay to Kmail that allows me to choose the most appropriate SMTP server for the network i am connected on at the time!

gibler
09-06-2005, 08:43 PM
Quite a few people I know who were/are with Xtra, never used their own DNS servers ;)