Change to DNS Service

ICT has been requested by JANET to change the way the College DNS service processes address lookups

ICT has been requested by JANET to change the way the College DNS service processes address lookups, to limit recursive queries to JANET and affiliated sources only. Whilst this is primarily to prevent theft of a DNS based blacklist service purchased by JANET, it is also good security practice.

A query is recursive when the DNS server being asked the query is not authoritative for the network zone the query relates to. Thus asking the College DNS (e.g. ns0.ic.ac.uk) for the address of "<www.ic.ac.uk>" is non-recursive, whilst asking it for "<www.google.com>" is recursive.

ICT will modify College DNS services so that they restrict recursive DNS Queries to requests from Imperial or Sponsored Connection IP addresses. This will take effect on the morning of Tuesday 13th September. 

The change will have no effect on machines within College, nor on machines which access College facilities using VPN or the College Modem service. However, it is possible that some people may have configured their home machines to use the College DNS service. Such users will need to reconfigure their home machine to use the DNS service provided by their Internet Service provider (ISP) which should handle recursive calls.

If there are any problems please contact the ICT Service Desk (ext 49000).