Security Basics mailing list archives
Re: DNS recursion Windows 2003
From: "Shreyas Zare" <shreyas () technitium com>
Date: Sat, 24 Feb 2007 21:41:33 +0530
Hi, You can always use an access control list or inbound filters configured through Routing and Remote Access in win2003. Regards, On 21 Feb 2007 17:37:47 -0000, jlehman () mailesignal com <jlehman () mailesignal com> wrote:
From a 3rd party scan - desc: This DNS server has query recursion enabled, allowing it to answer requests for DNS zones outside of your authority. This configuration may allow attackers to perform a cache poisoning attack on your server, corrupting then name-to-IP translation tables, potentially enabling man-in-the-middle attacks. remed: Check your DNS server documentation for instructions on either disabling recursion or limiting the hosts which may ask for recusrive queries. For example, in BIND 8, the 'allow-recursion' directive can be used for this purpose. From what I have read, windows server 2003 DNS does have the ability to restrict recrsive lookups to a specific IP range, (my local network). It's either on or off, and off is not an option. Given that, what are the recommendations for a non-authoritative forwarder, Bind, tinynds etc?
-- (This e-mail was composed and sent completely using recycled electrons) Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We belive in quality. Visit http://pc.technitium.com for details. --------------------------------------------------------------------------- This list is sponsored by: BigFixIf your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.
http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- DNS recursion Windows 2003 jlehman (Feb 21)
- Re: DNS recursion Windows 2003 MaddHatter (Feb 23)
- Re: DNS recursion Windows 2003 Shreyas Zare (Feb 26)
- Re: DNS recursion Windows 2003 Jason Muskat, GCFA, GCUX, de VE3TSJ (Feb 26)