Home page logo

basics logo Security Basics mailing list archives

DNS recursion Windows 2003
From: jlehman () mailesignal com
Date: 21 Feb 2007 17:37:47 -0000

From a 3rd party scan -

desc:    This DNS server has query recursion enabled, allowing it to answer requests for DNS zones outside of your 
authority. This configuration may allow attackers to perform a cache poisoning attack on your server, corrupting then 
name-to-IP translation tables, potentially enabling man-in-the-middle attacks.
remed:  Check your DNS server documentation for instructions on either disabling recursion or limiting the hosts which 
may ask for recusrive queries. For example, in BIND 8, the 'allow-recursion' directive can be used for this purpose.

From what I have read, windows server 2003 DNS does have the ability to restrict recrsive lookups to a specific IP 
range, (my local network). It's either on or off, and off is not an option. Given that, what are the recommendations 
for a non-authoritative forwarder, Bind, tinynds etc?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]