[AusNOG] SRV Records

Joshua Small JSmall at daraco.com.au
Wed Jul 16 08:41:38 EST 2014


Ø  What sort of damage could blocking them be causing or there is no way to tell?

The expected scenario is a user opens Outlook, only to receive a popup that “settings could not be detected” or similar. Email will still work, but the popup will continue to recur every few minutes, even when you hit “close” and expect it to stay that way. If anything changes at the server side, such as a an addressing change or DR failover, you won’t detect it and go offline.


Joshua Small

Daraco Services
IT Consulting and Support
Unit 17, 7 Anella Avenue Castle Hill 2154
Phone: 1300 327 226 Fax: +612 8588 1200
Email: jsmall at daraco.com.au<mailto:jsmall at daraco.com.au> www.daraco.com.au<http://www.daraco.com.au>
[NEW Daraco logo - low res]

This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message. If you do not wish to receive messages from this email account, then please reply with unsubscribe me in the subject line to: unsubscribe at daraco.com.au<mailto:unsubscribe at daraco.com.au>

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of ANSA SERVERS
Sent: Tuesday, 15 July 2014 6:55 PM
To: Nicholas Meredith; ANSA SERVERS
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] SRV Records

What sort of damage could blocking them be causing or there is no way to tell?

I have no edited the policy so will monitor it.

Here is a screenshot of what we currently block / allow as of now

http://gyazo.com/503d935ba4b002ae7310ebd6557aaea6

Regards,

Matthew Matters  Managing Director / CEO of Aus Net Servers Australia Pty Ltd
Management Department  |  Small Business Hosting Sales & Services  |  Aus Net Servers Australia Pty Ltd
P  1300 933 038  |  M  0428 028 091  |  E  mmatters at ausnetservers.net.au<mailto:mmatters at ausnetservers.net.au> |  W  www.ausnetservers.net.au<http://www.ausnetservers.net.au/>
ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated Hosting Solutions For Small Business Since 2007

From: Nicholas Meredith [mailto:nicholas at udhaonline.net]
Sent: Tuesday, 15 July 2014 6:51 PM
To: ANSA SERVERS
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] SRV Records

SRV records are like auto-discovery helpers, and are used legitimately by many services including exchange as Shannon pointed out. They are only growing in popularity to expect to see them increase over time.

On Tue, Jul 15, 2014 at 6:48 PM, ANSA SERVERS <info at ausnetservers.net.au<mailto:info at ausnetservers.net.au>> wrote:
I am not sure with why they are being blocked but it looks like it’s a rate limiter eg after x amount it starts blocking. I have sent an email to our noc team to look into the issue, meanwhile while you guys  visit our website I am seeing more of them being blocked.

Thanks

Regards,

Matthew Matters  Managing Director / CEO of Aus Net Servers Australia Pty Ltd
Management Department  |  Small Business Hosting Sales & Services  |  Aus Net Servers Australia Pty Ltd
P  1300 933 038<tel:1300%20933%20038>  |  M  0428 028 091<tel:0428%20028%20091>  |  E  mmatters at ausnetservers.net.au<mailto:mmatters at ausnetservers.net.au> |  W  www.ausnetservers.net.au<http://www.ausnetservers.net.au/>
ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated Hosting Solutions For Small Business Since 2007

From: Nicholas Meredith [mailto:nicholas at udhaonline.net<mailto:nicholas at udhaonline.net>]
Sent: Tuesday, 15 July 2014 6:46 PM
To: ANSA SERVERS
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] SRV Records

I have never heard of anyone blocking them before, don't block them unless you know exactly why you would want to do so.

On Tue, Jul 15, 2014 at 6:41 PM, ANSA SERVERS <info at ausnetservers.net.au<mailto:info at ausnetservers.net.au>> wrote:
Hey Guys,

Quick question for all the network security buffs on the list….

Are SRV dns records dangerous and should we continue to  block them at our border router?

I am asking this because we are seeing massive amounts of traffic being blocked (and ips hitting out blacklist) from our network because they are trying to query our dns cluster for these records.

These are the default options in the dns proxy policy for the firewall that where set when it was installed – but we already know the people that installed the firewall had no idea what they were doing…

So what exactly are these SRV records and what are they used for. We have no reason to block them if they pose no risk to our network.

Regards,

Matthew Matters  Managing Director / CEO of Aus Net Servers Australia Pty Ltd
Management Department  |  Small Business Hosting Sales & Services  |  Aus Net Servers Australia Pty Ltd
P  1300 933 038<tel:1300%20933%20038>  |  M  0428 028 091<tel:0428%20028%20091>  |  E  mmatters at ausnetservers.net.au<mailto:mmatters at ausnetservers.net.au> |  W  www.ausnetservers.net.au<http://www.ausnetservers.net.au/>
ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated Hosting Solutions For Small Business Since 2007

[Image removed by sender. LinkedIn]<http://www.linkedin.com/company/aus-net-servers-australia>[Image removed by sender. Twitter]<http://www.twitter.com/ansaservers>The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. If you have been sent this email and it is not addressed to you please forward the email as is to hostmaster at ausnetservers.net.au<mailto:hostmaster at ausnetservers.net.au> and delete all local and inta-local copies including backups from your system. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. This email has been scanned before transmission with business grade antivirus and antispam software but as mentioned above no warranties can be given that the email has not been contaminated after transmission.

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

[LinkedIn]<http://www.linkedin.com/company/aus-net-servers-australia>[Twitter]<http://www.twitter.com/ansaservers>The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. If you have been sent this email and it is not addressed to you please forward the email as is to hostmaster at ausnetservers.net.au<mailto:hostmaster at ausnetservers.net.au> and delete all local and inta-local copies including backups from your system. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. This email has been scanned before transmission with business grade antivirus and antispam software but as mentioned above no warranties can be given that the email has not been contaminated after transmission.

[LinkedIn]<http://www.linkedin.com/company/aus-net-servers-australia>[Twitter]<http://www.twitter.com/ansaservers>The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. If you have been sent this email and it is not addressed to you please forward the email as is to hostmaster at ausnetservers.net.au<mailto:hostmaster at ausnetservers.net.au> and delete all local and inta-local copies including backups from your system. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. This email has been scanned before transmission with business grade antivirus and antispam software but as mentioned above no warranties can be given that the email has not been contaminated after transmission.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140715/a28fdbe7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 10115 bytes
Desc: image002.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140715/a28fdbe7/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image003.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140715/a28fdbe7/attachment-0003.jpg>


More information about the AusNOG mailing list