<div>
Tells why we are having the problem without specifically answering the question
</div>


Tells why we are having the problem without specifically answering the question

<div>
<br />
That's why you have the ability to post comments in reply :-p<br />
<br />
&gt;&nbsp;What do I need to do to resolve these issues without affecting my internal network?<br />
<br />
You need to maintain separate public and private DNS servers or you need to run BIND which will allow you to limit who is allowed to use recursive queries.<br />
<br />
Chris
</div>



That's why you have the ability to post comments in reply :-p

> What do I need to do to resolve these issues without affecting my internal network?

You need to maintain separate public and private DNS servers or you need to run BIND which will allow you to limit who is allowed to use recursive queries.

Chris

<div>
<div class="content wysiwyg-content">
We have 2 public facing DNS servers on our network - both are in the DMZ, natted behind the PIX. &nbsp;The company that does our vulnerability assessment says that there are security issues because they allow Recursive Queries, and DNS cache snooping. &nbsp;<br />
From what I've read on these issues, the solution is to check the &quot;Disable recursion&quot; box in the advanced tab of the properties on the DNS servers.<br />
When I do that, however, I am instantly unable to browse to most sites from inside the network. &nbsp;<br />
What do I need to do to resolve these issues without affecting my internal network?<br />
<br />
Thanks
</div>
</div>


We have 2 public facing DNS servers on our network - both are in the DMZ, natted behind the PIX.  The company that does our vulnerability assessment says that there are security issues because they allow Recursive Queries, and DNS cache snooping.  
From what I've read on these issues, the solution is to check the "Disable recursion" box in the advanced tab of the properties on the DNS servers.
When I do that, however, I am instantly unable to browse to most sites from inside the network.  
What do I need to do to resolve these issues without affecting my internal network?

Thanks

DNS Recursive Queries and Cache Snooping

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.