Setting up DNS Server Security
By default Windows Server 2008 R2 DNS has an “open relay”, which means that anyone can use your server to make DNS lookups. This is dangerous because it allows something called a “DNS Amplification Attack”.
This is a process where your open relay is used to send bogus data to another server, aiding the hackers process to take it offline.
You don’t want this to happen as not only is it illegal, it can use a lot of bandwidth and it will end up in bandwidth overage invoices.
To prevent this, we need to disable “recursion”. To do this:
Open the DNS Manager again.
Right click on your server name in the tree and select “Properties“.
This is a process where your open relay is used to send bogus data to another server, aiding the hackers process to take it offline.
You don’t want this to happen as not only is it illegal, it can use a lot of bandwidth and it will end up in bandwidth overage invoices.
To prevent this, we need to disable “recursion”. To do this:
Open the DNS Manager again.
Right click on your server name in the tree and select “Properties“.
Select the “Advanced” tab.
Check the “Disable recursion (also disables forwarders)” checkbox.
- Click “OK”.
Note: There are some instances where recursion is necessary and you may need to leave this enabled. If you have problems, re-enable recursion. This may happen in an Active Directory environment.
That’s it, your domain should now be fully functional! You should ask someone to check it for you that hasn’t accessed it recently. Keep checking it for the next couple of days to make sure it carries on working.
Once confirmed working you can continue to add more domains and/or records in the same fashion as explained on this tutorial. Just remember that should your server go down, your domains do too. For most people this won’t matter too much as sites tend to be hosted on the same server, but just remember this hould you off-load your sites elsewhere but continue to host your name servers.
No comments:
Post a Comment