Network Tech

Strange Extremeware behaviour

I was just reading Massive DDoS attack against anti-spam provider impacts millions of internet users and ended up at the Open Resolver project. Typing in a few IP address ranges I’m involved with, I noticed that there were some odd DNS servers. A few minutes of investigation shows that actually, an ancient Extreme BlackDiamond we have, running Extremeware (since replaced with ExtremeXOS in current kit), will answer DNS queries! It forwards them on to the DNS servers it knows about, using it’s own IP address on that network, effectively NATing DNS traffic from anywhere in the world.

That’s a Bad Thing. What’s more, I can’t find any mention of this behaviour in the manuals. The fix is simply to remove it’s dns-client configuration (which is supposed to be used for locally originated connections like telnet from the console) – it can’t forward requests if it doesn’t know any DNS servers, right?

configure dns-client delete x.x.x.x

at which point it stops accepting connections for DNS. But this is still somewhat alarming, especially for undocumented behaviour (so there’s no missing ACL or anything, or feature turned on, it’s just quietly been doing this).

Leave a Reply

Your email address will not be published. Required fields are marked *