US-CERT CIIN-09-023-01 (U//FOUO) describes a DNS amplification attack
due to misconfigured DNS Servers. Several attacks have been
orchestrated over the past weeks bringing this issue to light.
A DNS server that is vulnerable to this attack will respond to a root NS
query (".") by returning the list of root servers.
This vulnerable DNS server could then be used in a denial of service
attack against another entity.
1) disabling recursion
2) determining if "additional-from-cache no;" can be safely implemented
It has been determined that our external xauth1.ias.edu,
ns1-auth.sprintlink.net and ns3-auth.sprintlink.net are vulnerable to
assisting in this type of attack (ns2-auth is not responding at this time).
More tips on setting up secure DNS can be found here:
For more specifics about CIIN-09-023-01, please contact Brian Epstein