Beginning Tuesday July 11, 2006, access to the EECS caching DNS (Domain Name Server or Domain Name System) servers cronus and rhea will be restricted to campus IP addresses.
If you have a system off-campus, you will not be able to use cronus and rhea for DNS service. Instead you will need to configure your off-campus system to utilize your ISP’s name servers.
This action (restricting access to the EECS caching DNS servers) is occuring following the campus IS&T’s lead of restricting access to the main campus caching DNS servers, ns1.berkeley.edu (18.104.22.168, 22.214.171.124) and ns2.berkeley.edu (126.96.36.199, 188.8.131.52) beginning July 1, 2006.
It is currently considered a “best practice” to restrict access to caching DNS servers. DNS service on cronus and rhea has been abused from off-campus IP addresses. Because of the security risks associated with allowing anyone to access the caching DNS servers, many groups are restricting access to their caching DNS servers including UCLA, the University of Oregon and the University of Virginia.
IS&T has documented details and reasons behind why it is necessary to restrict access to caching DNS servers:
Current cronus and rhea IP addresses include:
cronus interfaces rhea interfaces cronus-32 184.108.40.206 rhea-32 220.127.116.11 cronus-33 18.104.22.168 rhea-33 22.214.171.124 cronus-34 126.96.36.199 rhea-34 188.8.131.52 cronus-35 184.108.40.206 rhea-35 220.127.116.11 cronus-36 18.104.22.168 rhea-36 22.214.171.124 cronus-37 126.96.36.199 rhea-37 188.8.131.52 cronus-38 184.108.40.206 rhea-38 220.127.116.11 cronus-40 18.104.22.168 rhea-40 22.214.171.124 cronus-41 126.96.36.199 rhea-41 188.8.131.52 cronus-42 184.108.40.206 rhea-42 220.127.116.11 cronus-43 18.104.22.168 rhea-43 22.214.171.124 cronus-47 126.96.36.199 rhea-47 188.8.131.52 cronus-48 184.108.40.206 rhea-48 220.127.116.11 cronus-62 18.104.22.168 rhea-62 22.214.171.124 cronus-63 126.96.36.199 rhea-63 188.8.131.52 cronus-112 184.108.40.206 rhea-112 220.127.116.11 cronus-132 18.104.22.168 rhea-132 22.214.171.124 cronus-134 126.96.36.199 rhea-134 188.8.131.52 cronus-153 184.108.40.206 rhea-153 220.127.116.11 cronus-168 18.104.22.168 rhea-168 22.214.171.124 cronus-171 126.96.36.199 rhea-171 188.8.131.52 cronus-cusg 184.108.40.206 rhea-cusg 220.127.116.11 cronus-169-229-63 18.104.22.168 rhea-169-229-63 22.214.171.124
Caching DNS service will also end from IP address 126.96.36.199 on Tuesday July 11, 2006.
Please update your off-campus systems accordingly.