0

I'm trying to help someone configure a MS 2008 DNS Server, that it doesn't answer DNS queries from the root zone as well as only answers queries with the recursive bit set from the lan it's connected to. Those two measurements are meant to avoid using the server as DDoS-Bounce server as well as cache snooping.

I couldn't find anything to it so far (only to bind), but it might be also me using the wrong words while searching.

Looking forward to your answers!

user857990
  • 287
  • 3
  • 13

1 Answers1

0

You could consider to put 2 network cards in the machine, one internal and one external (behind a NAT router preferably), and let the dns server listen on the internal adapter only. If you do not forward port 53 in the router then the 'outside world' can't reach the DNS server. The (internal) clients can reach the DNS server and use the external adapter as a gateway to the internet.

Gerrie van Acht
  • 16
  • 2
  • hmm, I was more hoping for a configuration option than this. But I assume that if this is a suggestion, there probably is no easy way. Thanks. – user857990 Feb 20 '13 at 08:57