Solved

Windows 2003 Split DNS solution ?

Posted on 2014-07-23
3
67 Views
Last Modified: 2016-06-09
Hello everyone,

I have a question regarding DNS running on Windows 2003 server.  If I disable recursion  (from check box "Disable recursion (also disable forwarders" )) I cannot use my DNS server to resolve external IP.  For example everyting works internally but if I want to go to yahoo.com the page cannot be displayed.

Now you probably ask yourself why I want to disable recursion.  That's because we need to prevent DDoS
Anyways, I ticked off  the check box and bingo!  I am now protected.  One little thing.. there is no INTERNET !  Which likes in any organization, this is a NO GO.  

I think the solution is to implement split DNS, however I am not sure about it.  For example if I had "Disable recursion (also disable forwarders)" enabled the forwarders will not work.  Then I think that it does not matter what I add under Forwarders tab will not work (remember, forwarders are disabled)

Would appreciate if someone can point me in the right direction

Cheers
0
Comment
Question by:Bibecu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 40215358
This has nothing to do with split DNS from your description. You can disable recursion and forwarders and still have Internet name resolution as long as the root hints are enabled.  So, check the root hints tab and make sure they are all enabled.  

OTOH, you aren't vulnerable to a DNS-related DDoS attack unless you are allowing INCOMING traffic on your router on TCP port 53 (DNS).  The only reason to allow  this traffic would be if your internal DNS server is responding to requests from outside your internal LAN (other than through an IPSEC tunnel or other type of encrypted communication).
0
 

Author Comment

by:Bibecu
ID: 40229599
Very good idea, thank you!  Problem solved !
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question