DNS Spoofing attack prevention

mikenus
mikenus used Ask the Experts™
on
Can any one explain to me on how to configure two things for Windows Server 2008 R2 DNS Server.

(1) .Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available. Note that additional configuration may be required after the installation of the MS12-006 security update in order to enable the split-record countermeasure.

(2) Server
Spoofed Request Amplification DDoS

For Item (2) is related to DNS Server. How to configure DNS Server to prevent spoofed attack?

Regards,
Zaw Tun Naing
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
RETIRED
Top Expert 2006
Commented:
For question 1, step by step is here:

http://www.adminhorror.com/2011/10/enable-tls-11-and-tls-12-on-windows_1853.html

For question 2, if you don't have recursion disabled, disable it!
For 2, you just have to limit the addresses that are allowed to access the DNS server.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial