Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows 2003 Split DNS solution ?

Posted on 2014-07-23
3
Medium Priority
?
84 Views
Last Modified: 2016-06-09
Hello everyone,

I have a question regarding DNS running on Windows 2003 server.  If I disable recursion  (from check box "Disable recursion (also disable forwarders" )) I cannot use my DNS server to resolve external IP.  For example everyting works internally but if I want to go to yahoo.com the page cannot be displayed.

Now you probably ask yourself why I want to disable recursion.  That's because we need to prevent DDoS
Anyways, I ticked off  the check box and bingo!  I am now protected.  One little thing.. there is no INTERNET !  Which likes in any organization, this is a NO GO.  

I think the solution is to implement split DNS, however I am not sure about it.  For example if I had "Disable recursion (also disable forwarders)" enabled the forwarders will not work.  Then I think that it does not matter what I add under Forwarders tab will not work (remember, forwarders are disabled)

Would appreciate if someone can point me in the right direction

Cheers
0
Comment
Question by:Bibecu
2 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 40215358
This has nothing to do with split DNS from your description. You can disable recursion and forwarders and still have Internet name resolution as long as the root hints are enabled.  So, check the root hints tab and make sure they are all enabled.  

OTOH, you aren't vulnerable to a DNS-related DDoS attack unless you are allowing INCOMING traffic on your router on TCP port 53 (DNS).  The only reason to allow  this traffic would be if your internal DNS server is responding to requests from outside your internal LAN (other than through an IPSEC tunnel or other type of encrypted communication).
0
 

Author Comment

by:Bibecu
ID: 40229599
Very good idea, thank you!  Problem solved !
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question