Re: How to secure Windows 2000 DNS

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/28/04

Next message: Cypher: "Re: Local Domain name conflicts with web address"
Previous message: Roger Abell: "Re: dns vs website"
In reply to: Ronald Nutter: "Re: How to secure Windows 2000 DNS"
Next in thread: Jonathan de Boyne Pollard: "Re: How to secure Windows 2000 DNS"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 28 Oct 2004 07:58:46 -0700

> > Note that this is a server-wide setting, for all clients without
> > regard to inbound interface.

-- 
Roger
"Ronald Nutter" <rnutter@networkref.com> wrote in message
news:easWcV3uEHA.944@TK2MSFTNGP11.phx.gbl...
> Is there a way that I can get it to do recursion for my network users and
> not do recursion for anyone on the outside ?
>
> Ron
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:%23SNp$%23uuEHA.3200@TK2MSFTNGP14.phx.gbl...
> > To make an external use DNS server accept only interative
> > queries (ie. not do the recursive work to fully resolve queries
> > against unheld name), right click on the server node in the DNS
> > management UI into the service's properties, and therein, on the
> > advanced tab, check to disable recursion.
> > Note that this is a server-wide setting, for all clients without
> > regard to inbound interface.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows Server System: Security)
> > MCSE (W2k3,W2k,Nt4)  MCDBA
> > "Ronald Nutter" <rnutter@networkref.com> wrote in message
> > news:uXN87IpuEHA.1288@TK2MSFTNGP11.phx.gbl...
> > > I am replacing one of my external DNS servers where I work.  In doing
> some
> > > initial testing, I came across something that concerns me.  If I query
> the
> > > DNS server for information on a host in a domain I am not hosting, it
> will
> > > attempt to resolve the info.  While this is fine for users that are on
> my
> > > network, I dont want this to be the case for those who are not on my
> > > network.  I have been unable to find a way to secure W2K DNS like
this.
> > > Couldnt find anything on MS Support web site.  Is there a way to do
this
> ?
> > >
> > > Ron
> > >
> > >
> >
> >
>
>

Next message: Cypher: "Re: Local Domain name conflicts with web address"
Previous message: Roger Abell: "Re: dns vs website"
In reply to: Ronald Nutter: "Re: How to secure Windows 2000 DNS"
Next in thread: Jonathan de Boyne Pollard: "Re: How to secure Windows 2000 DNS"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Recursion
... Recursion is simply when a DNS server works it's ... DNS hierarchy (once primed by root hints, a cache file, ... a "recursive query" (or request.) ...
(microsoft.public.windows.server.dns)
Re: Disabling recursion
... recursion' on the forwarders tab. ... I should CLEAR the check box for 'disable recursion' on the advanced tab. ... I should enter a forwarder such as the ip of my ISP's dns server or my ...
(microsoft.public.windows.server.dns)
Re: Wrong IP for Domain name
... On the clients you are experiencing trouble is the dns server the clients ... header flags: response, auth. ... answer, want recursion, recursion avail. ... ttl = 3600 ...
(microsoft.public.windows.server.active_directory)
Re: How to configure a client for iterative query for name resolut
... "Do not use recursion for this domain". ... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
(microsoft.public.windows.server.general)
Re: How to configure a client for iterative query for name resolut
... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
(microsoft.public.windows.server.general)