DNS Server 2008

Hello Gurus,
I have a Open recursive DNS resolver. How could I solve this issue? Cause if I disable recursion, the forwarders will no longer be in operation. Will root hints do the resolving at this time?
uscstevensAsked:
Who is Participating?
 
arnoldCommented:
If disabling the external firewall to prevent access to the DNS server is not an option.
Open the DNS management interface.

NOTE that one you disable recursion on your DNS server and this server is used by your WORKSTATION in the LAN, they will generate errors because they will be expecting a complete answer and not a reference. i.e. if you disable recursion and using your browser to go to http://www.experts-exchange.com, your non-recursive DNS server instead of telling your workstation go here, it will tell it to consult a.root-servers.net.  Your workstation in turn will tell you that there is an error because it is incapable of recursive lookups which is the service an internal DNS server provides.

With that out of the way and you are now aware of the consequences of implementing the change you seek.
http://technet.microsoft.com/en-us/library/cc771738.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e117f600-4dea-4fcf-8827-eb2a34c49391/


If you have a test environment, make sure to test what you intend to do within it as a test so that you are fully aware of the consequences and the impact.
0
 
arnoldCommented:
What is your setup?  Do you have authoritative zones that are externally accessible?
i.e. external servers need to connect to your dns server to obtain information.
0
 
uscstevensAuthor Commented:
I have forwarders configured, but it turns out to be a  Open recursive DNS resolver. If I were to disable recursion, could resolution still happen via Root Hints??
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
arnoldCommented:
Could you kindly answer the questions posed?

Must you expose your DNS server to the Internet at large?

Forwarders are configured on your server to send requests out?

Disable external access to your internal DNS server if you do not host public domains on your DNS server.
0
 
uscstevensAuthor Commented:
Yes, No, Yes.. I wish to disable recursion, could you help?
0
 
arnoldCommented:
There is no need to disable recursion, you need to disable external access to the DNS server.
Either by removing the port forward or if your system has two nics,enable the firewall rules on the external NIC.

I have no idea what your setup is so it is rather hard to suggest a course of action.
0
 
arnoldCommented:
root hints are hints for the resolver on the dns server. if you disable recursion on your local dns, you will have issues on the LAN.  the use of forwarders means that your server forwards requests it can not answer to the forwarders which do the recursion and yours stores/caches the response.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.