#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    0

    How do I setup forwarder to only serve my own servers?


    I have two domain servers , have all my domains on them. It seems now the servers are misused and the bandwidth usage is very high. I guess it is because the forwarder, other people are using my servers for other purpose.
    I have the forwarder because I think my internal servers need parse domains. So how can I set so my domain servers only do forwarding for my internal servers, not other outside users.

    Thanks
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    DNS uses UDP port 53, so if you block incoming connections to that port on your firewall between your network and the internet, that should do the trick.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    0
    Originally Posted by seack79
    DNS uses UDP port 53, so if you block incoming connections to that port on your firewall between your network and the internet, that should do the trick.
    Maybe I didn't describe it right, the two domain servers need serve outside request too.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    0
    strange, just like what I see in the below post. Seems there is no way to solve the issue. In the post, it suggests to have two DNS servers, one for internal use with recursion enabled and one for external use with recursion disabled. But I am wonderring what about those commercial DNS servers, they need enable recursion, does that means they have to accept those DDos attack?


    social.technet.microsoft.com
    /Forums/en-US/winservermanager/thread/ef4d9acc-a931-456e-996d-643174ac38d7
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    The only way I know how to do it, is if you know the IP range of the network that you want to allow DNS requests to be sent from (i.e., I will let the network outside my LAN with the IP range 1.1.1.1/28). However, if you want everyone on the internet to be able to send DNS requests to your internal DNS servers, not sure there's a secure way to do that with Windows; sorry I haven't played around with doing this.

IMN logo majestic logo threadwatch logo seochat tools logo