Solved

Windows 2003 Split DNS solution ?

Posted on 2014-07-23
3
58 Views
Last Modified: 2016-06-09
Hello everyone,

I have a question regarding DNS running on Windows 2003 server.  If I disable recursion  (from check box "Disable recursion (also disable forwarders" )) I cannot use my DNS server to resolve external IP.  For example everyting works internally but if I want to go to yahoo.com the page cannot be displayed.

Now you probably ask yourself why I want to disable recursion.  That's because we need to prevent DDoS
Anyways, I ticked off  the check box and bingo!  I am now protected.  One little thing.. there is no INTERNET !  Which likes in any organization, this is a NO GO.  

I think the solution is to implement split DNS, however I am not sure about it.  For example if I had "Disable recursion (also disable forwarders)" enabled the forwarders will not work.  Then I think that it does not matter what I add under Forwarders tab will not work (remember, forwarders are disabled)

Would appreciate if someone can point me in the right direction

Cheers
0
Comment
Question by:Bibecu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 40215358
This has nothing to do with split DNS from your description. You can disable recursion and forwarders and still have Internet name resolution as long as the root hints are enabled.  So, check the root hints tab and make sure they are all enabled.  

OTOH, you aren't vulnerable to a DNS-related DDoS attack unless you are allowing INCOMING traffic on your router on TCP port 53 (DNS).  The only reason to allow  this traffic would be if your internal DNS server is responding to requests from outside your internal LAN (other than through an IPSEC tunnel or other type of encrypted communication).
0
 

Author Comment

by:Bibecu
ID: 40229599
Very good idea, thank you!  Problem solved !
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
inactive users 13 89
Microsoft License Verification Process?? 12 878
Determine if SQL is installed in Server 2008 R2 4 115
Downgrade From Domain to WorkGroup 3 84
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question