How to restrict access to DNS Server

cjrcomputers
cjrcomputers used Ask the Experts™
on
We had a vulnerability assessment done to our network and one of the messages is "The remote DNS server answers to any request.  It is possible to query the name servers (NS) of the root zone and get an answer which is bigger than the original request.  Restrict access to your DNS server from public network or reconfigure it to reject such queries." How would I go about doing this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chris DentPowerShell Developer
Top Expert 2010

Commented:

You're running a public name server?

Which Name Server are you using? BIND? MS DNS? Something else?

Chris

Author

Commented:
Yes for the domains that we host for mail or websites. We are using MS DNS.
Chris DentPowerShell Developer
Top Expert 2010

Commented:

In the DNS MMC, open the Properties for the Server, select Advanced then tick Disable Recursion.

Do note that this means the server will only be able to answer requests for zones it hosts locally (as defined under Forward and Reverse Lookup Zones). MS DNS is, unfortunately, not able to selectively limit who can use it for Recursive queries.

Chris
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Author

Commented:
That has already been done.  That actually was a seperate item that was found stating to disable recursion, which I did.  I'm not sure if disabling that will cover this issue as well...
PowerShell Developer
Top Expert 2010
Commented:

Hmm maybe it wants to you get rid of Root Hints. Delete the contents of the Root Hints tab?

Chris

Author

Commented:
Ok, I can give that a try.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial