I have several servers which I joined to my Microsoft Active Directory (which uses also a custom DNS server which I set up from the Server Manager).
The Federal Office for Security in Information Technology of Germany informed my hoster (Hetzner) that my DNS server was publicly accessible because I had the option “Disable recursion” disabled in the DNS server's settings. They advised me because my DNS server could be possibly used for DDoS-Reflection-Attacks, so I enabled “Disable recursion” for my DNS server. Since I enabled this setting, I am not able to access my monitoring or other websites outside my network and I get this error code in my browser: DNS_PROBE_FINISHED_BAD_CONFIG.
Is there any way to enable “Disable recursion” with access to WAN, or is there a workaround so my DNS server cannot be used in DDoS-Reflection Attacks?
