Configure DNS recursion for internal clients only
April 17, 2017
Q. How can I enable DNS recursion only for clients on my internal network?
A. DNS recursion is an important feature that enables DNS servers to find resolutions for requests passed to it by clients however it can also be abused as possible denial of service attack. A new feature in Windows Server 2016 is the ability to create a recursion scope to enable recursion only for certain clients, for example users on the internal network while blocking recursion from external clients.
This is actually very simple to do with PowerShell
This means that any request coming to 10.7.173.10 interface will be treated as internal and then the recursive request honored. You could also use a policy based on the client subnet instead of the servers interface IP.
John Savill
https://savilltech.net
You May Also Like
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
About The Author
More Stories
Community-Centered Connectivity Initiatives Earn Viddy Awards Recognition
Zombie IXPs: The Four Types of Exchanges That Refuse to Die, but Fail to Live
The Shift in Peering Threatening the Internet’s Foundations