I have a question regarding DNS running on Windows 2003 server. If I disable recursion (from check box "Disable recursion (also disable forwarders" )) I cannot use my DNS server to resolve external IP. For example everyting works internally but if I want to go to yahoo.com the page cannot be displayed.
Now you probably ask yourself why I want to disable recursion. That's because we need to prevent DDoS
Anyways, I ticked off the check box and bingo! I am now protected. One little thing.. there is no INTERNET ! Which likes in any organization, this is a NO GO.
I think the solution is to implement split DNS, however I am not sure about it. For example if I had "Disable recursion (also disable forwarders)" enabled the forwarders will not work. Then I think that it does not matter what I add under Forwarders tab will not work (remember, forwarders are disabled)
Would appreciate if someone can point me in the right direction