Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 396
  • Last Modified:

DNS Server 2008

Hello Gurus,
I have a Open recursive DNS resolver. How could I solve this issue? Cause if I disable recursion, the forwarders will no longer be in operation. Will root hints do the resolving at this time?
0
uscstevens
Asked:
uscstevens
  • 5
  • 2
1 Solution
 
arnoldCommented:
What is your setup?  Do you have authoritative zones that are externally accessible?
i.e. external servers need to connect to your dns server to obtain information.
0
 
uscstevensAuthor Commented:
I have forwarders configured, but it turns out to be a  Open recursive DNS resolver. If I were to disable recursion, could resolution still happen via Root Hints??
0
 
arnoldCommented:
Could you kindly answer the questions posed?

Must you expose your DNS server to the Internet at large?

Forwarders are configured on your server to send requests out?

Disable external access to your internal DNS server if you do not host public domains on your DNS server.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
uscstevensAuthor Commented:
Yes, No, Yes.. I wish to disable recursion, could you help?
0
 
arnoldCommented:
There is no need to disable recursion, you need to disable external access to the DNS server.
Either by removing the port forward or if your system has two nics,enable the firewall rules on the external NIC.

I have no idea what your setup is so it is rather hard to suggest a course of action.
0
 
arnoldCommented:
root hints are hints for the resolver on the dns server. if you disable recursion on your local dns, you will have issues on the LAN.  the use of forwarders means that your server forwards requests it can not answer to the forwarders which do the recursion and yours stores/caches the response.
0
 
arnoldCommented:
If disabling the external firewall to prevent access to the DNS server is not an option.
Open the DNS management interface.

NOTE that one you disable recursion on your DNS server and this server is used by your WORKSTATION in the LAN, they will generate errors because they will be expecting a complete answer and not a reference. i.e. if you disable recursion and using your browser to go to http://www.experts-exchange.com, your non-recursive DNS server instead of telling your workstation go here, it will tell it to consult a.root-servers.net.  Your workstation in turn will tell you that there is an error because it is incapable of recursive lookups which is the service an internal DNS server provides.

With that out of the way and you are now aware of the consequences of implementing the change you seek.
http://technet.microsoft.com/en-us/library/cc771738.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e117f600-4dea-4fcf-8827-eb2a34c49391/


If you have a test environment, make sure to test what you intend to do within it as a test so that you are fully aware of the consequences and the impact.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now