Believe that on weekdays, many friends have encountered the DNS server did not respond to the problem, then what is the cause of this failure? And how should we solve it?
The DNS server supports multi-line parsing, especially for operators with multiple export lines. DNS servers for external DNS servers for external Internet access to the local site, can be resolved to different users to different IP addresses (such as from Netcom's visitors, the resolution to the Netcom's mirror server, from the Education Network visitors, the education network is resolved to the mirror server)
As a result, thefailure of the DNS server to respond is likely to be caused by 3 of the following reasons:
① the connection between the network failure and the master server is disconnected;
② the IP address configured for the main control server is incorrect;
There is a syntax error in the zone data file on the ③ master server.
So to better prevent the DNS server from responding to the failure, we should take the following measures:
Disabling zone transfers
Zone transfers occur between the primary DNS server and the DNS server. The primary DNS server authorizes a specific domain name and has a rewritable DNS zone file that can be updated when needed. Receives a read-only copy of these zone files from the DNS server from the main DNS server. From DNS servers are used to improve response performance from internal or Internet DNS queries.
However, zone transfers are not just for DNS servers. Any person who can make a request for a DNS query can cause DNS server configuration changes that allow zone transfers to dump their own zone database files. This information can be used by malicious users to detect naming schemes within your organization and to attack critical service architectures. You can configure your DNS server to prohibit zone transfer requests, or to allow zone transfers only for specific servers within your organization for security protection.
Establishing access control in the DNS registry
In a windows-based DNS server, you should set access control in the DNS server-related registry so that only those accounts that need to be accessed can read or modify these registry settings.
The Hklmcurrentcontrolsetservicesdns key should only allow administrator and system accounts to access, and these accounts should have full control rights.
Using firewalls to control DNS access
Firewalls can be used to control who can connect to your DNS server. For DNS servers that respond only to internal user query requests, you should set up the firewall configuration to prevent external hosts from connecting to these DNS servers. For DNS servers that are used as caching-only forwarders, the configuration of the firewall should be set up to allow only those query requests sent by DNS servers that use only a forwarder to cache. An important point in firewall policy settings is to prevent internal users from using the DNS protocol to connect to external DNS servers.