Top 10 tips for protecting DNS servers

Welcome to the Windows community forum, and interact with 3 million technical staff to access the DNS software, which is a target of cyberattacks and may cause security problems. This article provides 10 most effective methods to protect DNS servers. 1. Using a DNS forwarder is a DNS server that completes DNS query for other DNS servers. The main purpose of using a DNS forwarder is

Welcome to the Windows community forum and interact with 3 million technical staff> access to DNS software is the target of cyberattacks, which may cause security problems. This article provides 10 most effective methods to protect DNS servers. 1. Using a DNS forwarder is a DNS server that completes DNS query for other DNS servers. The main purpose of using a DNS forwarder is

Welcome to the Windows community forum and interact with 3 million technicians>

DNS software is a target that hackers are keen on and may cause security problems. This article provides 10 most effective methods to protect DNS servers.

　　1. Use a DNS Forwarder

A dns forwarder is a DNS server that completes DNS query for other DNS servers. The main purpose of using a DNS forwarder is to reduce the pressure on DNS processing, forward query requests from the DNS server to the forwarder, and benefit from the DNS Forwarder's potential for greater DNS cache.

Another advantage of using a DNS forwarder is that it prevents the DNS server from forwarding query requests from the Internet DNS server. This is important if your DNS server saves your internal domain DNS resource records. Instead of allowing the internal DNS server to perform recursive queries and directly contact the DNS server, the server uses a forwarder to process unauthorized requests.

　　2. Use a buffer-only DNS Server

Only the cached DNS server is for the authorized domain name. It is used for recursive query or repeater. When the DNS server only receives a feedback, it stores the result in the cache and sends the result to the system that sends a DNS query request to it. Over time, caching only the DNS server can collect a large amount of DNS feedback, which can greatly shorten the time it provides DNS response.

Using a buffer-only DNS server as a forwarder can improve organizational security under your management control. The internal DNS server can use the buffer DNS server as its own forwarder, and only buffer the DNS server to complete recursive queries instead of your internal DNS server. Using your own buffer DNS server as a forwarder can improve security, because you do not need to rely on your isp dns server as a forwarder, this is especially true if you cannot confirm the security of your ISP's DNS server.

　3. DNS advertisers)

The DNS advertiser is a DNS server responsible for DNS domain query. For example, if your host has public resources for domain.com and corp.com, your public DNS server should configure the DNS zone file for domain.com and corp.com.

DNS advertiser settings, except for DNS hosts in the DNS zone, are DNS advertiser that only responds to queries for its authorized domain names. Such DNS servers do not perform recursive queries on other DNS servers. This prevents users from using your public DNS server to resolve other domain names. Increased security by reducing risks related to running a public DNS parser, including cache poisoning.

　4. DNS Resolvers

A dns parser is a DNS server that can perform recursive queries. It can be resolved to an authorized domain name. For example, you may have a DNS server on the internal network and authorize the DNS server of the internal network domain name internalcorp.com. When a client on the network uses this DNS server to resolve techrepublic.com, this DNS server performs recursion by querying other DNS servers to obtain the answer.

The difference between a DNS server and a DNS server is that the DNS server only resolves the Internet host name. The DNS parser can be an unauthorized DNS domain name that only caches the DNS server. You can enable DNS resolution to be used only for internal users. You can also enable DNS resolution to only serve external users, so that you do not need to set up a DNS server outside of the control, this improves security. Of course, you can also enable DNS Resolvers to be used by both internal and external users.

[1] [2]