[AusNOG] SRV Records
Nicholas Meredith
nicholas at udhaonline.net
Tue Jul 15 19:00:55 EST 2014
Ah I see, that looks good then, you would only want to allow your own slave
name servers to perform AXFR/IXFR zone transfer queries, so that is right
to block them. I would also expect any master dns servers to be configured
to also block zone transfer requests from all but the configured slave
servers.
On Tue, Jul 15, 2014 at 6:58 PM, ANSA SERVERS <info at ausnetservers.net.au>
wrote:
> Correct, this is as of now. I have edited the policy to allow it before
> taking the screen capture to make sure that if IXFR and AXFER records are
> not supposed to be blocked that you guys would point it out J
>
>
>
> Regards,
>
>
>
> *Matthew Matters *Managing Director / CEO of Aus Net Servers Australia
> Pty Ltd
> Management Department | Small Business Hosting Sales & Services | Aus
> Net Servers Australia Pty Ltd
>
> P 1300 933 038 | M 0428 028 091 | E mmatters at ausnetservers.net.au |
> W www.ausnetservers.net.au
>
> ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated
> Hosting Solutions For Small Business Since 2007
>
>
>
> *From:* Nicholas Meredith [mailto:nicholas at udhaonline.net]
> *Sent:* Tuesday, 15 July 2014 6:57 PM
>
> *To:* ANSA SERVERS
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] SRV Records
>
>
>
> That is showing that SRV queries are being permitted correct?
>
>
>
> On Tue, Jul 15, 2014 at 6:55 PM, ANSA SERVERS <info at ausnetservers.net.au>
> wrote:
>
> What sort of damage could blocking them be causing or there is no way to
> tell?
>
>
>
> I have no edited the policy so will monitor it.
>
>
>
> Here is a screenshot of what we currently block / allow as of now
>
>
>
> http://gyazo.com/503d935ba4b002ae7310ebd6557aaea6
>
>
>
> Regards,
>
>
>
> *Matthew Matters *Managing Director / CEO of Aus Net Servers Australia
> Pty Ltd
> Management Department | Small Business Hosting Sales & Services | Aus
> Net Servers Australia Pty Ltd
>
> P 1300 933 038 | M 0428 028 091 <0428%20028%20091> | E
> mmatters at ausnetservers.net.au | W www.ausnetservers.net.au
>
> ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated
> Hosting Solutions For Small Business Since 2007
>
>
>
> *From:* Nicholas Meredith [mailto:nicholas at udhaonline.net]
> *Sent:* Tuesday, 15 July 2014 6:51 PM
>
>
> *To:* ANSA SERVERS
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] SRV Records
>
>
>
> SRV records are like auto-discovery helpers, and are used legitimately by
> many services including exchange as Shannon pointed out. They are only
> growing in popularity to expect to see them increase over time.
>
>
>
> On Tue, Jul 15, 2014 at 6:48 PM, ANSA SERVERS <info at ausnetservers.net.au>
> wrote:
>
> I am not sure with why they are being blocked but it looks like it’s a
> rate limiter eg after x amount it starts blocking. I have sent an email to
> our noc team to look into the issue, meanwhile while you guys visit our
> website I am seeing more of them being blocked.
>
>
>
> Thanks
>
>
>
> Regards,
>
>
>
> *Matthew Matters *Managing Director / CEO of Aus Net Servers Australia
> Pty Ltd
> Management Department | Small Business Hosting Sales & Services | Aus
> Net Servers Australia Pty Ltd
>
> P 1300 933 038 | M 0428 028 091 <0428%20028%20091> | E
> mmatters at ausnetservers.net.au | W www.ausnetservers.net.au
>
> ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated
> Hosting Solutions For Small Business Since 2007
>
>
>
> *From:* Nicholas Meredith [mailto:nicholas at udhaonline.net]
> *Sent:* Tuesday, 15 July 2014 6:46 PM
> *To:* ANSA SERVERS
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] SRV Records
>
>
>
> I have never heard of anyone blocking them before, don't block them unless
> you know exactly why you would want to do so.
>
>
>
> On Tue, Jul 15, 2014 at 6:41 PM, ANSA SERVERS <info at ausnetservers.net.au>
> wrote:
>
> Hey Guys,
>
>
>
> Quick question for all the network security buffs on the list….
>
>
>
> Are SRV dns records dangerous and should we continue to block them at our
> border router?
>
>
>
> I am asking this because we are seeing massive amounts of traffic being
> blocked (and ips hitting out blacklist) from our network because they are
> trying to query our dns cluster for these records.
>
>
>
> These are the default options in the dns proxy policy for the firewall
> that where set when it was installed – but we already know the people that
> installed the firewall had no idea what they were doing…
>
>
>
> So what exactly are these SRV records and what are they used for. We have
> no reason to block them if they pose no risk to our network.
>
>
>
> Regards,
>
>
>
> *Matthew Matters *Managing Director / CEO of Aus Net Servers Australia
> Pty Ltd
> Management Department | Small Business Hosting Sales & Services | Aus
> Net Servers Australia Pty Ltd
>
> P 1300 933 038 | M 0428 028 091 | E mmatters at ausnetservers.net.au |
> W www.ausnetservers.net.au
>
> ABN 25 162 013 194 | ACN 162 013 194 | ARBN B2318 229M | #1 For Dedicated
> Hosting Solutions For Small Business Since 2007
>
>
>
> [image: Image removed by sender. LinkedIn]
> <http://www.linkedin.com/company/aus-net-servers-australia>[image: Image
> removed by sender. Twitter] <http://www.twitter.com/ansaservers>The
> information transmitted in this e-mail is for the exclusive use of the
> intended addressee and may contain confidential and/or privileged material.
> Any review, re-transmission, dissemination or other use of it, or the
> taking of any action in reliance upon this information by persons and/or
> entities other than the intended recipient is prohibited. If you received
> this in error, please inform the sender and/or addressee immediately and
> delete the material. If you have been sent this email and it is not
> addressed to you please forward the email as is to
> hostmaster at ausnetservers.net.au and delete all local and inta-local
> copies including backups from your system. E-mails may not be secure, may
> contain computer viruses and may be corrupted in transmission. Please
> carefully check this e-mail (and any attachment) accordingly. No warranties
> are given and no liability is accepted for any loss or damage caused by
> such matters. This email has been scanned before transmission with business
> grade antivirus and antispam software but as mentioned above no warranties
> can be given that the email has not been contaminated after transmission.
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> [image: LinkedIn]
> <http://www.linkedin.com/company/aus-net-servers-australia>[image:
> Twitter] <http://www.twitter.com/ansaservers>The information transmitted
> in this e-mail is for the exclusive use of the intended addressee and may
> contain confidential and/or privileged material. Any review,
> re-transmission, dissemination or other use of it, or the taking of any
> action in reliance upon this information by persons and/or entities other
> than the intended recipient is prohibited. If you received this in error,
> please inform the sender and/or addressee immediately and delete the
> material. If you have been sent this email and it is not addressed to you
> please forward the email as is to hostmaster at ausnetservers.net.au and
> delete all local and inta-local copies including backups from your system.
> E-mails may not be secure, may contain computer viruses and may be
> corrupted in transmission. Please carefully check this e-mail (and any
> attachment) accordingly. No warranties are given and no liability is
> accepted for any loss or damage caused by such matters. This email has been
> scanned before transmission with business grade antivirus and antispam
> software but as mentioned above no warranties can be given that the email
> has not been contaminated after transmission.
>
>
>
> [image: LinkedIn]
> <http://www.linkedin.com/company/aus-net-servers-australia>[image:
> Twitter] <http://www.twitter.com/ansaservers>The information transmitted
> in this e-mail is for the exclusive use of the intended addressee and may
> contain confidential and/or privileged material. Any review,
> re-transmission, dissemination or other use of it, or the taking of any
> action in reliance upon this information by persons and/or entities other
> than the intended recipient is prohibited. If you received this in error,
> please inform the sender and/or addressee immediately and delete the
> material. If you have been sent this email and it is not addressed to you
> please forward the email as is to hostmaster at ausnetservers.net.au and
> delete all local and inta-local copies including backups from your system.
> E-mails may not be secure, may contain computer viruses and may be
> corrupted in transmission. Please carefully check this e-mail (and any
> attachment) accordingly. No warranties are given and no liability is
> accepted for any loss or damage caused by such matters. This email has been
> scanned before transmission with business grade antivirus and antispam
> software but as mentioned above no warranties can be given that the email
> has not been contaminated after transmission.
>
>
> [image: LinkedIn]
> <http://www.linkedin.com/company/aus-net-servers-australia>[image:
> Twitter] <http://www.twitter.com/ansaservers>The information transmitted
> in this e-mail is for the exclusive use of the intended addressee and may
> contain confidential and/or privileged material. Any review,
> re-transmission, dissemination or other use of it, or the taking of any
> action in reliance upon this information by persons and/or entities other
> than the intended recipient is prohibited. If you received this in error,
> please inform the sender and/or addressee immediately and delete the
> material. If you have been sent this email and it is not addressed to you
> please forward the email as is to hostmaster at ausnetservers.net.au and
> delete all local and inta-local copies including backups from your system.
> E-mails may not be secure, may contain computer viruses and may be
> corrupted in transmission. Please carefully check this e-mail (and any
> attachment) accordingly. No warranties are given and no liability is
> accepted for any loss or damage caused by such matters. This email has been
> scanned before transmission with business grade antivirus and antispam
> software but as mentioned above no warranties can be given that the email
> has not been contaminated after transmission.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140715/56a52133/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140715/56a52133/attachment-0001.jpg>
More information about the AusNOG
mailing list