<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">I am not sure with why they are being blocked but it looks like it’s a rate limiter eg after x amount it starts blocking. I have
sent an email to our noc team to look into the issue, meanwhile while you guys visit our website I am seeing more of them being blocked.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#34348D">Matthew Matters </span></b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#34348D">Managing Director / CEO of Aus Net Servers Australia
Pty Ltd</span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#691260"><br>
</span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Management Department | Small Business Hosting Sales & Services | Aus Net Servers Australia Pty Ltd</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">P 1300 933 038 | M 0428 028 091 | E </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><a href="mailto:mmatters@ausnetservers.net.au" target="_blank"><span style="font-size:10.0pt;color:black">mmatters@ausnetservers.net.au</span></a></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black"> |
W </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><a href="http://www.ausnetservers.net.au/" target="_blank"><span style="font-size:10.0pt;color:black">www.ausnetservers.net.au</span></a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated Hosting Solutions For Small Business Since 2007</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Nicholas Meredith [mailto:nicholas@udhaonline.net]
<br>
<b>Sent:</b> Tuesday, 15 July 2014 6:46 PM<br>
<b>To:</b> ANSA SERVERS<br>
<b>Cc:</b> ausnog@lists.ausnog.net<br>
<b>Subject:</b> Re: [AusNOG] SRV Records<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I have never heard of anyone blocking them before, don't block them unless you know exactly why you would want to do so.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Jul 15, 2014 at 6:41 PM, ANSA SERVERS <<a href="mailto:info@ausnetservers.net.au" target="_blank">info@ausnetservers.net.au</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hey Guys,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Quick question for all the network security buffs on the list….<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Are SRV dns records dangerous and should we continue to block them at our border router?<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I am asking this because we are seeing massive amounts of traffic being blocked (and ips hitting out blacklist) from our network because they are trying to query our dns cluster
for these records.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">These are the default options in the dns proxy policy for the firewall that where set when it was installed – but we already know the people that installed the firewall had no idea
what they were doing…<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">So what exactly are these SRV records and what are they used for. We have no reason to block them if they pose no risk to our network.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Regards,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;color:#34348D">Matthew Matters </span></b><span style="font-size:10.0pt;color:#34348D">Managing Director / CEO of Aus Net Servers Australia Pty
Ltd</span><span style="font-size:10.0pt;color:#691260"><br>
</span><span style="font-size:10.0pt;color:black">Management Department | Small Business Hosting Sales & Services | Aus Net Servers Australia Pty Ltd</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;color:black">P <a href="tel:1300%20933%20038" target="_blank">1300 933 038</a> | M <a href="tel:0428%20028%20091" target="_blank">0428 028 091</a>
| E </span><span style="color:black"><a href="mailto:mmatters@ausnetservers.net.au" target="_blank"><span style="font-size:10.0pt;color:black">mmatters@ausnetservers.net.au</span></a></span><span style="font-size:10.0pt;color:black"> | W </span><span style="color:black"><a href="http://www.ausnetservers.net.au/" target="_blank"><span style="font-size:10.0pt;color:black">www.ausnetservers.net.au</span></a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;color:black">ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated Hosting Solutions For Small Business Since 2007</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal"><a href="http://www.linkedin.com/company/aus-net-servers-australia" target="_blank"><span style="border:solid windowtext 1.0pt;padding:0cm;text-decoration:none"><img border="0" width="100" height="100" id="_x0000_i1025" src="cid:~WRD000.jpg" alt="Image removed by sender. LinkedIn"></span></a><a href="http://www.twitter.com/ansaservers" target="_blank"><span style="border:solid windowtext 1.0pt;padding:0cm;text-decoration:none"><img border="0" width="100" height="100" id="_x0000_i1026" src="cid:~WRD000.jpg" alt="Image removed by sender. Twitter"></span></a>The
information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this
information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. If you have been sent this email and it is not addressed to
you please forward the email as is to <a href="mailto:hostmaster@ausnetservers.net.au" target="_blank">
hostmaster@ausnetservers.net.au</a> and delete all local and inta-local copies including backups from your system. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment)
accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. This email has been scanned before transmission with business grade antivirus and antispam software but as mentioned above no warranties can be
given that the email has not been contaminated after transmission. <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<a href="http://www.linkedin.com/company/aus-net-servers-australia"><img alt="LinkedIn" src="http://cdn.ausnetservers.net.au/Exchange/image004.jpg">
</a><a href="http://www.twitter.com/ansaservers"><img alt="Twitter" src="http://cdn.ausnetservers.net.au/Exchange/image006.jpg">
</a>The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance
upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. If you have been sent this email and it is not addressed
to you please forward the email as is to hostmaster@ausnetservers.net.au and delete all local and inta-local copies including backups from your system. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully
check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. This email has been scanned before transmission with business grade antivirus and antispam software but
as mentioned above no warranties can be given that the email has not been contaminated after transmission.
</body>
</html>