How to disable the whatever.yourhda.com dynamic DNS

Bozoputer
Posts: 3
Joined: Sat Feb 25, 2017 12:23 pm

How to disable the whatever.yourhda.com dynamic DNS

Postby Bozoputer » Sat Feb 25, 2017 12:27 pm

I would like to know how to disable the .yourhda.com entry.

User avatar
bigfoot65
Project Manager
Posts: 10173
Joined: Mon May 25, 2009 4:31 pm

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby bigfoot65 » Sat Feb 25, 2017 1:46 pm

I don't believe that is possible.

Is there a reason?
ßîgƒσστ65
Applications Manager

Bozoputer
Posts: 3
Joined: Sat Feb 25, 2017 12:23 pm

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby Bozoputer » Sat Feb 25, 2017 5:18 pm

A few reasons actually. 1. It is not a feature I need or want. 2. It creates a security exposure I don't want to have 3. It is not listed on your terms as required to have only as a possible benefit. 4. It is not strictly necessary for the DHCP, DNS, or other features to work on a local network.
If is it a question of monetizing some aspect of the system I would be open to paying to opt out. Or if it is an unresolved bug, again I would be open to compensating for this.

Thoughts?

User avatar
bigfoot65
Project Manager
Posts: 10173
Joined: Mon May 25, 2009 4:31 pm

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby bigfoot65 » Mon Feb 27, 2017 6:26 am

If is it a question of monetizing some aspect of the system I would be open to paying to opt out.

No there is currently no opt out for #Amahi features not wanted.
Or if it is an unresolved bug, again I would be open to compensating for this.

No there is no bug.

The Dynamic DNS is needed for VPN access to the HDA from outside the network. Not sure what else it's used for, but we have not heard of any users having problems, whether they use it or not.

I am not the expert on this, but I don't believe there is or will be an option to disable the functionality. Doing so will likely break #Amahi on your server.

Honestly if you don't use it, there is no real security risk that I am aware. I have been using Amahi for 8 years and use this feature often. I have NEVER had any issues!
ßîgƒσστ65
Applications Manager

Bozoputer
Posts: 3
Joined: Sat Feb 25, 2017 12:23 pm

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby Bozoputer » Sat Mar 04, 2017 7:00 pm

I am surprised, but I guess we will have to disagree on this. Unused or unneeded services should be available to disable. Having additional services broadcast without need only leads to greater exposure. If I am not using the VPN service then I should be able to disable it and the automatic pointer to it. If you check SANS, CERT, Microsoft, Redhat, Cisco, ISC2, and about any other organization like that and they are pretty clear on the risk of service exposure. My suggestion would be to look into this for this product.

User avatar
bigfoot65
Project Manager
Posts: 10173
Joined: Mon May 25, 2009 4:31 pm

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby bigfoot65 » Sat Mar 04, 2017 7:34 pm

I don't disagree. I can see your point. A firewall could be used to help with this as well.

Feel free to submit a bug report suggesting this as a feature request.
ßîgƒσστ65
Applications Manager

User avatar
cpg
Administrator
Posts: 2564
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: How to disable the whatever.yourhda.com dynamic DNS

Postby cpg » Sun Mar 05, 2017 5:00 am

There's a couple of things in this thread.

The security exposure is, in my opinion (I built the dynamic DNS system), is almost zero. There is no "broadcast" to speak of. Every web page, every web widget (and there are DOZENS in most even mildly-popular sites), records your IP address. Worse, they record cookies that let them track your browser.

You can use a VPN and diminish the IP part of it, but ultimately, IP addresses are well known by ISP providers and public for everything and anyone can, at any time, try to attack it. Many organizations routinely scan IP address rangs by providers. Your firewall (typically in the router), is your first line of defense.

This happens wether the DNS name is used or not. And the DNS updater is read only. It does not do any change in the Amahi HDA in your premises.

Nobody has ever asked for this, so making a special one-time case is just not feasible

I won't go into remotely extreme scenarios, but could you elaborate as to the security issues you had in mind?

Thanks.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

Who is online

Users browsing this forum: No registered users and 1 guest