• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Windows DNS Server Open Recursive

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking

View previous topic :: View next topic  
Author Message
cjoyce1980
Just Arrived
Just Arrived


Joined: 01 Sep 2008
Posts: 0


Offline

PostPosted: Fri Nov 12, 2010 2:06 pm    Post subject: Windows DNS Server Open Recursive Reply with quote

I've recently had a request to look into our Windows 2003 DNS Servers as they are Open and Recursive.

The Open I'm not worried about as we host are own website and users need to be able to access this, It's the Recursive part that I'm worried about.

Any anonymous user can use are DNS Server to perform a look up, and I'm aware there is a tick box in the DNS console that will disable recursion, but it disables forwarders so I can't do this.

Is there any other way within Windows 2003 to disable recursive look ups without disabling forwarders?

Many thanks for any help in advanced
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Mon Nov 15, 2010 3:50 am    Post subject: Reply with quote

There are two options:

Code:
Do not use recursion for this domain.


Then on the Advanced Tab:

Code:
Disable recursion (also disables forwarders).


If the first option is enabled; queries not found locally will be sent to your forwarders (just like normal). If they are not found there; the query will stop and not proceed further.
Back to top
View user's profile Send private message Visit poster's website
cjoyce1980
Just Arrived
Just Arrived


Joined: 01 Sep 2008
Posts: 0


Offline

PostPosted: Mon Nov 15, 2010 12:28 pm    Post subject: Reply with quote

Thanks for your reply, but for the "All other DNS domains" option, "Do not use recursion for this domain" cannot be enabled and this is obviously allowing my DNS server to serve DNS requests.

Like I said in my previous post I cannot select the "Disable recursion (also disables forwarders)" because this would disable forwards for me, as I need my DNS servers when we send a request to domain "ourparentcompany.com"

Is there anyway to enabled the "Do not use recursion for this domain" for All other DNS domains" options as it will not stay on once selected
Back to top
View user's profile Send private message
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Mon Nov 15, 2010 1:02 pm    Post subject: Windows DNS Server Open Recursive Reply with quote

I am not sure that I have understood your concern 100% but remember that with Forwarders you are increasing security while using conditional forwarding may help you achieve what you want. The article - Securing DNS for Windows (Part 2) may help.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register