[wyx2000]

I have two domain servers , have all my domains on them. It seems now the servers are misused and the bandwidth usage is very high. I guess it is because the forwarder, other people are using my servers for other purpose.
I have the forwarder because I think my internal servers need parse domains. So how can I set so my domain servers only do forwarding for my internal servers, not other outside users.

Thanks

[seack79]

DNS uses UDP port 53, so if you block incoming connections to that port on your firewall between your network and the internet, that should do the trick.

[wyx2000]

Originally Posted by seack79

DNS uses UDP port 53, so if you block incoming connections to that port on your firewall between your network and the internet, that should do the trick.

Maybe I didn't describe it right, the two domain servers need serve outside request too.

[wyx2000]

strange, just like what I see in the below post. Seems there is no way to solve the issue. In the post, it suggests to have two DNS servers, one for internal use with recursion enabled and one for external use with recursion disabled. But I am wonderring what about those commercial DNS servers, they need enable recursion, does that means they have to accept those DDos attack?


social.technet.microsoft.com
/Forums/en-US/winservermanager/thread/ef4d9acc-a931-456e-996d-643174ac38d7

[seack79]

The only way I know how to do it, is if you know the IP range of the network that you want to allow DNS requests to be sent from (i.e., I will let the network outside my LAN with the IP range 1.1.1.1/28). However, if you want everyone on the internet to be able to send DNS requests to your internal DNS servers, not sure there's a secure way to do that with Windows; sorry I haven't played around with doing this.