Posted: Fri Nov 12, 2010 2:06 pm Post subject: Windows DNS Server Open Recursive
I've recently had a request to look into our Windows 2003 DNS Servers as they are Open and Recursive.
The Open I'm not worried about as we host are own website and users need to be able to access this, It's the Recursive part that I'm worried about.
Any anonymous user can use are DNS Server to perform a look up, and I'm aware there is a tick box in the DNS console that will disable recursion, but it disables forwarders so I can't do this.
Is there any other way within Windows 2003 to disable recursive look ups without disabling forwarders?
If the first option is enabled; queries not found locally will be sent to your forwarders (just like normal). If they are not found there; the query will stop and not proceed further.
Thanks for your reply, but for the "All other DNS domains" option, "Do not use recursion for this domain" cannot be enabled and this is obviously allowing my DNS server to serve DNS requests.
Like I said in my previous post I cannot select the "Disable recursion (also disables forwarders)" because this would disable forwards for me, as I need my DNS servers when we send a request to domain "ourparentcompany.com"
Is there anyway to enabled the "Do not use recursion for this domain" for All other DNS domains" options as it will not stay on once selected
Posted: Mon Nov 15, 2010 1:02 pm Post subject: Windows DNS Server Open Recursive
I am not sure that I have understood your concern 100% but remember that with Forwarders you are increasing security while using conditional forwarding may help you achieve what you want. The article - Securing DNS for Windows (Part 2) may help.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum