DNS Recursive Queries and Cache Snooping
Posted on 2008-10-16
We have 2 public facing DNS servers on our network - both are in the DMZ, natted behind the PIX. The company that does our vulnerability assessment says that there are security issues because they allow Recursive Queries, and DNS cache snooping.
From what I've read on these issues, the solution is to check the "Disable recursion" box in the advanced tab of the properties on the DNS servers.
When I do that, however, I am instantly unable to browse to most sites from inside the network.
What do I need to do to resolve these issues without affecting my internal network?