Security Enhancement to Campus DNS Servers

June 06, 2006

In order to enhance campus computer and network security, on June 22, 2006 Information and Educational Technology (IET) will make a change to the central campus DNS servers. UC Davis caching DNS servers-the servers that provide the Internet address when a URL is entered in a Web browser-will no longer respond to requests from computers that do not have a UC Davis IP address. As a result of this change, a small number of individuals will lose the ability to access the Internet until they change their DNS setting.

Individuals with computers meeting both of the following criteria will need to take action in order to prevent service interruption:

IP address is not a UC Davis IP address; UC Davis IP addresses begin with 169.237, 128.120 or 152.79
DNS server configuration is set to 169.237.250.250 or 169.237.1.250

Please note that individuals with computers that have UC Davis IP addresses will not be affected and do not need to take action.

To aid with this transition, additional information about DNS and detailed instructions are available at http://security.ucdavis.edu/dns.cfm. The IT Express Computing Help Desk is also prepared to respond to questions from technical support staff as well as users. Further, our expectation is that the system administrators will be able to work in their departments to announce and assist with the change.

This change will be made to protect against two serious security risks that occur when caching DNS servers allow anyone on the Internet to query them-cache poisoning and recursive DDoS attacks. Additional information about each of these attacks is available at http://security.ucdavis.edu/faq.cfm#dns.

If you have questions about this change, please contact the IT Express Computing Help Desk at ithelp@ucdavis.edu or 530-754-HELP (4357).

IT Help