Solved

DNS Server 2008

Posted on 2011-02-25
8
366 Views
Last Modified: 2012-05-11
Hello Gurus,
I have a Open recursive DNS resolver. How could I solve this issue? Cause if I disable recursion, the forwarders will no longer be in operation. Will root hints do the resolving at this time?
0
Comment
Question by:uscstevens
  • 5
  • 2
8 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 34983650
What is your setup?  Do you have authoritative zones that are externally accessible?
i.e. external servers need to connect to your dns server to obtain information.
0
 

Author Comment

by:uscstevens
ID: 34984091
I have forwarders configured, but it turns out to be a  Open recursive DNS resolver. If I were to disable recursion, could resolution still happen via Root Hints??
0
 
LVL 77

Expert Comment

by:arnold
ID: 34984450
Could you kindly answer the questions posed?

Must you expose your DNS server to the Internet at large?

Forwarders are configured on your server to send requests out?

Disable external access to your internal DNS server if you do not host public domains on your DNS server.
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:uscstevens
ID: 34984891
Yes, No, Yes.. I wish to disable recursion, could you help?
0
 
LVL 77

Expert Comment

by:arnold
ID: 34985121
There is no need to disable recursion, you need to disable external access to the DNS server.
Either by removing the port forward or if your system has two nics,enable the firewall rules on the external NIC.

I have no idea what your setup is so it is rather hard to suggest a course of action.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35240614
root hints are hints for the resolver on the dns server. if you disable recursion on your local dns, you will have issues on the LAN.  the use of forwarders means that your server forwards requests it can not answer to the forwarders which do the recursion and yours stores/caches the response.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 35269044
If disabling the external firewall to prevent access to the DNS server is not an option.
Open the DNS management interface.

NOTE that one you disable recursion on your DNS server and this server is used by your WORKSTATION in the LAN, they will generate errors because they will be expecting a complete answer and not a reference. i.e. if you disable recursion and using your browser to go to http://www.experts-exchange.com, your non-recursive DNS server instead of telling your workstation go here, it will tell it to consult a.root-servers.net.  Your workstation in turn will tell you that there is an error because it is incapable of recursive lookups which is the service an internal DNS server provides.

With that out of the way and you are now aware of the consequences of implementing the change you seek.
http://technet.microsoft.com/en-us/library/cc771738.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e117f600-4dea-4fcf-8827-eb2a34c49391/


If you have a test environment, make sure to test what you intend to do within it as a test so that you are fully aware of the consequences and the impact.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate 2008 DNS server to Windows 2012 RS 8 91
Clearing router cache 12 50
how to export this list 4 60
SharePoint 2013 to SharePoint Online migration:  (links) 2 52
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question