Security Scan Result. DNS server is vulnerable to cache snooping attacks.


We have two external DNS and two internal DNS. All are MS DNS and as part of security assesment we got a comment on one of our external DNS that

DNS server is vulnerable to cache snooping attacks.

The remote DNS server answers to queries for third-party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.

How can i solve the isue?


Who is Participating?
"In the server properties on the dns server you need to disable
recursion so that all external queries other than for locally hosted records
are not answered."
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.