How to choose public DNS provider for an ISP
-
If one of the arguments is to increase security, why not simply do a separate management VLAN using private IP addressing? You can have the customer facing network, aka the Internet, on say VLAN A, and then have the private management network on VLAN B? Implement the appropriate firewalling/ACLs so the two VLANs cannot talk to each other.
-
@anthonyh said in How to choose public DNS provider for an ISP:
If one of the arguments is to increase security, why not simply do a separate management VLAN using private IP addressing? You can have the customer facing network, aka the Internet, on say VLAN A, and then have the private management network on VLAN B? Implement the appropriate firewalling/ACLs so the two VLANs cannot talk to each other.
That is the plan anyways. The question here really wasn't about public versus private IP addresses (though that is going to raise my overhead $500/year), but more about whether I should just hand the customer Google dns addresses via dhcp or should I give them something that is more privacy focused but might also restrict their access to the internet.
-
@nerdydad said in How to choose public DNS provider for an ISP:
@anthonyh said in How to choose public DNS provider for an ISP:
If one of the arguments is to increase security, why not simply do a separate management VLAN using private IP addressing? You can have the customer facing network, aka the Internet, on say VLAN A, and then have the private management network on VLAN B? Implement the appropriate firewalling/ACLs so the two VLANs cannot talk to each other.
That is the plan anyways. The question here really wasn't about public versus private IP addresses (though that is going to raise my overhead $500/year), but more about whether I should just hand the customer Google dns addresses via dhcp or should I give them something that is more privacy focused but might also restrict their access to the internet.
You are right. My bad.
-
@nerdydad said in How to choose public DNS provider for an ISP:
@anthonyh said in How to choose public DNS provider for an ISP:
If one of the arguments is to increase security, why not simply do a separate management VLAN using private IP addressing? You can have the customer facing network, aka the Internet, on say VLAN A, and then have the private management network on VLAN B? Implement the appropriate firewalling/ACLs so the two VLANs cannot talk to each other.
That is the plan anyways. The question here really wasn't about public versus private IP addresses (though that is going to raise my overhead $500/year), but more about whether I should just hand the customer Google dns addresses via dhcp or should I give them something that is more privacy focused but might also restrict their access to the internet.
I would not consider anything but Google for a default. If they want more privacy that is 100% up to them. If they are using anything that comes from their ISP blindly they aren't concerned with privacy anyway. Remember, this is only the DNS that you hand to their firewall, not the one that they should be using for anything.
-
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
-
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
-
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
-
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
I know at one point in time under strict NAT scenarios Xbox Live is unhappy. It's possible a double NAT may anger it. I don't know if that's true today though.
-
@anthonyh said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
I know at one point in time under strict NAT scenarios Xbox Live is unhappy. It's possible a double NAT may anger it. I don't know if that's true today though.
It's amazing that it could fail under NAT, when would it ever be used without NAT?
-
@scottalanmiller said in How to choose public DNS provider for an ISP:
@anthonyh said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
I know at one point in time under strict NAT scenarios Xbox Live is unhappy. It's possible a double NAT may anger it. I don't know if that's true today though.
It's amazing that it could fail under NAT, when would it ever be used without NAT?
I bet a while ago it really wanted to use UPNP to open ports, NAT be damned
-
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@anthonyh said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
I know at one point in time under strict NAT scenarios Xbox Live is unhappy. It's possible a double NAT may anger it. I don't know if that's true today though.
It's amazing that it could fail under NAT, when would it ever be used without NAT?
I bet a while ago it really wanted to use UPNP to open ports, NAT be damned
UPNP is specifically popular for NAT scenarios.
-
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@anthonyh said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@scottalanmiller said in How to choose public DNS provider for an ISP:
@dashrender said in How to choose public DNS provider for an ISP:
@travisdh1 said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
@nerdydad said in How to choose public DNS provider for an ISP:
@brianlittlejohn said in How to choose public DNS provider for an ISP:
You are going to use private IP addresses, so all of you subs will be double nat'ed ?
That's what I'm considering. What are the potential problems with this?
It will work for most things, but what if a sub wants incoming traffic?
I guess they can submit a request and I'll just forward it to their IP address only.
So long as your terms of service has the standard "You're not allowed to run a server" in it, who cares. Personally I'd like an online form I could fill out for any exceptions, even better to have it linked to in the TOS.
Most don't consider there using an Xbox as a server - not sure if it requires direct access or not? Just one consideration.
I don't know anyone opening ports for their XBox to work.
It was a stab in the dark.
I know at one point in time under strict NAT scenarios Xbox Live is unhappy. It's possible a double NAT may anger it. I don't know if that's true today though.
It's amazing that it could fail under NAT, when would it ever be used without NAT?
I bet a while ago it really wanted to use UPNP to open ports, NAT be damned
UPNP is specifically popular for NAT scenarios.
That was my point.
-
@nerdydad said in How to choose public DNS provider for an ISP:
or should I give them something that is more privacy focused but might also restrict their access to the internet.
But OpenDNS does nothing of the sort. It is a pubic open DNS service available for anyone to use.
