New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Alternative for torqhost
Hi!
I'm searching for an alternative for torqhost. I used the 512MB XEN-box for 25 EUR/year as 2nd MX and NS. Unfortunately, their provider blocks incoming DNS since April because of DNS ampliflication attacks, so I cannot use it as 2nd dns any more.
Maybe the small kimsufi roots from OVH would be an alternative, but they are sold out.
So the requirements are:
- 512MB RAM
- TUN/TAP possible
- XEN/KVM preferred
- IPv6 would be nice
- 2-4 EUR/month
Comments
BlueVM done this a little while ago: http://lowendbox.com/blog/bluevm-birthday-promotion-25year-512mb-kvm-in-buffalo-or-los-angeles/
Might be worth getting in touch and asking if they can provide a similar price for you.
@BlueVM
If you're looking for a European host with Xen, I recommend Inception Hosting or Prometeus, both should have specials that fit your budget.
Edit: The last Frankfurt offer from Inception fits your requirements - http://lowendbox.com/blog/inception-hosting-7-2gb-xen-in-miami-e16yr-128mb-in-uknlus/
Prometeus don't seem to have any running specials that meet your proice range, but I assure you they're worth the extra €1 per month.
Do you mean you were a victim of an amplification attack (incorrectly configured dns server on your vps), or do you mean they block all DNS servers running?
If it's a blanket ban on everyone I wonder why mine is still up and serving nameserver records...
You can still host NS there (I know I did), they only block outgoing DNS requests.
Maybe your problem is that you can no longer run your amplification attacks from there?
I was not a victim of it, they block all incoming DNS and told me that only requests to the Wavecom-NS are allowed. E.g. querying 8.8.8.8 from my VPS does not work. They answered my question if whitelists are possible as following:
Haha
Well, caused by the block the AXFR of new zones do not work.
What about querying 208.67.222.222 or 208.67.220.220
I use cPanel DNS-Only on my VPS there; I'm not sure how it pulls in the records from the servers but I've not had any problems.
edit: Oh I understand what you mean now.
1st DNS (running at netcup) sends a notify to 2nd DNS, 2nd DNS sends a query to 1st and gets blocked. Maybe a solution would be getting the AXFRs over VPN, but powerdns still has only a per-domain "also notify" setting, which would be quite annoying.
We have 512 MB KVM for $4/mo in Chicago (see signature link), not sure if you wanted Europe only though.
EDIS is 7 euros/month but they have many locations.
@bjo Yeah I didn't think you need AXFRs etc, my configuration just involves pushing out the zone files from a central location via rsync over ssh to all NSes, then rebuild/restart nsd3 and done. This worked without problems with their DNS block.
@rm_
Sounds like a solution. Maybe I'll switch to MySQL-replication, this should work even better than notify-axfr.
I can confirm they DO NOT block incoming DNS. I've got a DNS server running with them for a while now (4 months) and it's working perfectly fine.
Did you file a ticket with them to get this resolved? Maybe @torqhost can help you out.
The information related to the block quoted ealier are from a ticket. I have to correct my first post, outgoing DNS is blocked, not incoming.
@mpkossen, @bjo queries to external DNS resolvers is blocked. Hosting your own DNS servers is not a problem. This seems like the least intrusive way to solve the amplification problem that has become popular this year.
Blocking just misconfigured DNS servers is better solution, IMO.
AFAIS, you do not mention you block outgoing DNS requests in TOS. That could be a nasty surprise to those deciding to use your servers.
try liquidhost and shardhost
Got AXFRs working again:
Created a IPv6-Address with http://www.ipv4.data.ee/ and use IPv6 for NOTIFY/AXFR, my 1st NS has native IPv6. PTR can be set via http://6to4.nro.net/
the solution would be to force customers to disable open resolvers, not block dns servers across the network