DNS Security Issues Recently I had a security audit and the report came back with the following issues. DNS Server Cache Snooping Remote Information Disclosure DNS Server Recursive Query Cache Poisoning Weakness From my understanding to correct these issues I need to adjust the DNS Recursive Query. I seem to have two settings for this. "Do not use recursive for this domain" and "Disable Recursive". I'm not sure what the difference between the two and how it will affect my internal domain users. I know one disables forwardards. If that is the case how will our clients be able to access the web without any forwarders? Should I close UPD 53 at the firewall level? I not excalty sure how to address this. We currently have SBS 2003 using Exchange. Any advice would be great!

Make sure the admin account has a strong password and that the guest account is off As for the DNS problem, Server 2008 is better than 2003 for security but it too has issues. My MVP is for the Windows Desktop Experience, i.e. Windows XP, Vista and Windows 7 IT Remote Assistance is available for a fee. I am best with C++ and I am learning C# using Visual Studio 2010 Developer | Windows IT | Chess | Economics | Hardcore Games | Vegan Advocate | PC Reviews

If you disable Recursion in the Advanced tab, your DNS server will no longer be able to resolve queries that it has no hosted zones for. I have never seen this option enabled on internal DNS servers. Generally, this option is enabled for external facing servers that are used by your organization for external name resolution of your resources. Your external DNs servers shouldnt be resolving queries for zones that you are not authoritative for. Now on "Do Not use REcursion for this domain"...If Do not use recursion for this domain is enabled, the DNS server will pass the query on to forwarders, but will not recursively query any other DNS servers if the forwarders cannot resolve the query.Visit: anITKB.com, an IT Knowledge Base.

I suggest using forwards to your ISP's DNS for normal use as this will speed up you server big time. My MVP is for the Windows Desktop Experience, i.e. Windows XP, Vista and Windows 7 IT Remote Assistance is available for a fee. I am best with C++ and I am learning C# using Visual Studio 2010 Developer | Windows IT | Chess | Economics | Hardcore Games | Vegan Advocate | PC Reviews