Possible Abuse due to Misconfigured DNS Servers

Priority: 2
Severity: 2

US-CERT CIIN-09-023-01 (U//FOUO) describes a DNS amplification attack
due to misconfigured DNS Servers. Several attacks have been
orchestrated over the past weeks bringing this issue to light.

A DNS server that is vulnerable to this attack will respond to a root NS
query (".") by returning the list of root servers.

This vulnerable DNS server could then be used in a denial of service
attack against another entity.

US-CERT recommends:

1) disabling recursion
2) determining if "additional-from-cache no;" can be safely implemented

It has been determined that our external xauth1.ias.edu,
ns1-auth.sprintlink.net and ns3-auth.sprintlink.net are vulnerable to
assisting in this type of attack (ns2-auth is not responding at this time).


More tips on setting up secure DNS can be found here:


For more specifics about CIIN-09-023-01, please contact Brian Epstein