[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2474
  • Last Modified:

Security Scan Result. DNS server is vulnerable to cache snooping attacks.


We have two external DNS and two internal DNS. All are MS DNS and as part of security assesment we got a comment on one of our external DNS that

DNS server is vulnerable to cache snooping attacks.

The remote DNS server answers to queries for third-party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.

How can i solve the isue?


1 Solution
"In the server properties on the dns server you need to disable
recursion so that all external queries other than for locally hosted records
are not answered."

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now