Q

Windows 2003 DNS configuration tips

Expert Richard Brain reviews the best way to configure your server's DNS.

I have a Windows 2003 DNS as our main DNS server, which is the authoritative server for our domain. If I stop recursion on this server, no one can get to the Internet as it doesn't resolve anything. Can you please advise me on how to resolve these Windows 2003 DNS configuration issues?
I would advise instead that layered security is implemented, which allows no direct outbound client connections to the Internet. This arrangement prevents malware from spreading or communicating by opening arbitrary outbound ports to the Internet. The Web browsers are pointed to a Web proxy within a DMZ, and the proxy will handle the DNS server resolution separately to the Windows server.

Alternatively, you can configure your server's DNS to forward requests to your ISP's server, though you open yourself to cache poisoning attacks if your ISP's servers become subverted.

If no forwarders are configured, the DNS server will use root hints, which contain host information necessary to resolve names outside of the authoritative DNS domains. The process is slower, but safer.

This was last published in November 2009

Read more on Endpoint security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close