We have a number of W2003 servers and host our own DNS. I went to dnsreport.com and ran a report on it. It indicated a FAIL message:
ERROR: One or more of your name servers reports that is is an open DNS server. Blah, blah, blah.
To corrent this problem, it instructed me to go into the DNS server manager and check the advanced option "Disable Recursion" so I did.
The entire Exchange outbound queue stalled saying it couldn't resolve DNS for any of the domains it was trying to send to. I'm confused by this. The exchange server is also a secondary DNS server for the domain. The AD master roles and primary DNS are held by a server inside the firewall. The server's TCP/IP properties specify the master and another secondary (not itself) for its DNS servers.
Why would this Exchange server not be able to resolve DNS queries when recursion is disabled and why is this a good idea?