DNS Server 2008

Hello Gurus,
I have a Open recursive DNS resolver. How could I solve this issue? Cause if I disable recursion, the forwarders will no longer be in operation. Will root hints do the resolving at this time?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

arnoldConnect With a Mentor Commented:
If disabling the external firewall to prevent access to the DNS server is not an option.
Open the DNS management interface.

NOTE that one you disable recursion on your DNS server and this server is used by your WORKSTATION in the LAN, they will generate errors because they will be expecting a complete answer and not a reference. i.e. if you disable recursion and using your browser to go to http://www.experts-exchange.com, your non-recursive DNS server instead of telling your workstation go here, it will tell it to consult a.root-servers.net.  Your workstation in turn will tell you that there is an error because it is incapable of recursive lookups which is the service an internal DNS server provides.

With that out of the way and you are now aware of the consequences of implementing the change you seek.

If you have a test environment, make sure to test what you intend to do within it as a test so that you are fully aware of the consequences and the impact.
What is your setup?  Do you have authoritative zones that are externally accessible?
i.e. external servers need to connect to your dns server to obtain information.
uscstevensAuthor Commented:
I have forwarders configured, but it turns out to be a  Open recursive DNS resolver. If I were to disable recursion, could resolution still happen via Root Hints??
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Could you kindly answer the questions posed?

Must you expose your DNS server to the Internet at large?

Forwarders are configured on your server to send requests out?

Disable external access to your internal DNS server if you do not host public domains on your DNS server.
uscstevensAuthor Commented:
Yes, No, Yes.. I wish to disable recursion, could you help?
There is no need to disable recursion, you need to disable external access to the DNS server.
Either by removing the port forward or if your system has two nics,enable the firewall rules on the external NIC.

I have no idea what your setup is so it is rather hard to suggest a course of action.
root hints are hints for the resolver on the dns server. if you disable recursion on your local dns, you will have issues on the LAN.  the use of forwarders means that your server forwards requests it can not answer to the forwarders which do the recursion and yours stores/caches the response.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.