brandenb
asked on
DNS Recursive Queries and Cache Snooping
We have 2 public facing DNS servers on our network - both are in the DMZ, natted behind the PIX. The company that does our vulnerability assessment says that there are security issues because they allow Recursive Queries, and DNS cache snooping.
From what I've read on these issues, the solution is to check the "Disable recursion" box in the advanced tab of the properties on the DNS servers.
When I do that, however, I am instantly unable to browse to most sites from inside the network.
What do I need to do to resolve these issues without affecting my internal network?
Thanks
From what I've read on these issues, the solution is to check the "Disable recursion" box in the advanced tab of the properties on the DNS servers.
When I do that, however, I am instantly unable to browse to most sites from inside the network.
What do I need to do to resolve these issues without affecting my internal network?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's why you have the ability to post comments in reply :-p
> What do I need to do to resolve these issues without affecting my internal network?
You need to maintain separate public and private DNS servers or you need to run BIND which will allow you to limit who is allowed to use recursive queries.
Chris
ASKER