UBC’s myDNS Open-resolvers on the internet with IP addresses 137.82.1.1 and 142.103.1.1 will be disabled on March 22, 2024.
What is myDNS?
myDNS is the UBC system that manages domain names and IP addresses for DNS services.
The Evolution of myDNS
Originally developed when internet options were limited, myDNS has served UBC well over the years. However, as the internet has matured, the need for a UBC-provided recursive DNS service to the internet has diminished, while relying on myDNS for internet-based DNS resolution from off-campus has become a significant security risk for our organization. To mitigate this risk, on March 22, 2024, myDNS open resolvers on the internet with IP addresses 137.82.1.1 and 142.103.1.1 will be disabled.
Security Implications
Turning off recursive DNS resolution is a security measure to protect against various types of DNS-related attacks.
Here are some reasons why you should disable recursive DNS:
- DNS Amplification Attacks: Recursive DNS servers can be abused in DNS amplification attacks, where an attacker spoofs the source IP address and sends DNS queries to open recursive servers. These servers then respond to the spoofed IP address, amplifying the attack traffic towards the victim. Disabling recursion helps mitigate this risk by not allowing the server to respond to recursive queries from arbitrary sources.
- Cache Poisoning: Recursive DNS servers cache DNS responses to improve performance and reduce the load on upstream servers. However, if an attacker manages to poison the cache with malicious DNS data, they can redirect users to malicious websites or intercept sensitive data. Disabling recursion limits the potential for cache poisoning attacks.
- DNS-based DDoS Attacks: Recursive DNS servers can be targeted in DNS-based distributed denial-of-service (DDoS) attacks, overwhelming the server with a large volume of DNS queries and disrupting its normal operation. By disabling recursion, UBC can reduce the risk and mitigate the impact of DNS-based DDoS attacks.
- Malware Communication: Malware often relies on DNS for command-and-control (C2) communication. Disabling recursive DNS can help prevent infected devices from communicating with malicious domains or servers.
- Privacy and Data Leakage: Recursive DNS servers might log DNS queries, potentially exposing sensitive information about users' browsing habits or internal network infrastructure.
Impact
Off-Campus Users
Once the specified resolvers are disabled, users utilizing the myDNS service for internet-based DNS resolution from off-campus locations will experience disruptions in their internet connectivity if they do not update their DNS server settings.
On-Campus Users
On-campus users will not be impacted. Campus network configurations will automatically accommodate this change, ensuring uninterrupted internet access for users within the UBC network.
Action Required for Off-Campus Users
To ensure continuous internet service, off-campus users are advised to switch to alternative DNS servers before March 22, 2024. It is crucial to update your DNS server settings in your devices or network configurations to avoid any potential disruptions.
Steps to Switch DNS Servers:
- Identify and switch to alternative DNS Servers: Choose reliable DNS servers. Popular alternatives include Google Public DNS (8.8.8.8 and 8.8.4.4) and Cloudflare DNS: (1.1.1.1 and 1.0.0.1).
- If you need assistance modifying your network DNS settings, please contact your local Internet Service Provider.
Support
If you require assistance with any of the information shared in this article, including inquiries specific to on-campus connectivity, please contact the IT Service Centre.