NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Securing DNS traffic

At Mon, 25 May 2020 19:51:52 -0400, "Aaron B." <> wrote:
Subject: Re: Securing DNS traffic
> Again, I'd prefer to run my own resolvers, but can't justify the
> expense.

I would recommend begging or borrowing _any_ old used computer that can
run any open-source OS (though ideally NetBSD, of course) and support at
least two Ethernet ports, and set it up as a firewall (with NAT) between
your home network and your ISP's router.  Hook the cable modem to it and
run all your own networking through it.

Then you can run your own DHCP server and resolver (e.g. unbound), your
own NTP server, and possibly even some other services, such as SSH
(perhaps on a non-standard port for the ISP-facing interface); as well
as of course using it as a proper firewall too.  With a WiFi card it can
also be your access point.

I currently use my Apple Time Capsule as the router/firewall/DHCP server
and run the resolver, etc. on a cheap old used server (actually on a VM
running on Xen on that cheap old used server).  The time capsule is
technically using NetBSD too.  (Though now that Apple has dumbed down
the AirPort Utility to basically cripple it, I'll soon have to migrate
to a newer machine for routing -- something with better gigabit-speed
throughput, as keeping the old laptop to run the old AirPort Utility is
not viable.)

					Greg A. Woods <>

Kelowna, BC     +1 250 762-7675           RoboHack <>
Planix, Inc. <>     Avoncote Farms <>

Attachment: pgplCj0YX4VXd.pgp
Description: OpenPGP Digital Signature

Home | Main Index | Thread Index | Old Index