So far the solutions proposed are ineffective in the given situation. Disabling UDP53 at the router level will stop recursion completely from the server if emplaced at or above the network that the server resides on.
Configuring the forwarders is executed at the server level and at the zone level for individual domains. Thus, it does not provide the granular selectivity that you are looking for. At this point in time, the Microsoft implementation of DNS does not include specific settings for how to configure one set of client request sources in a different manner than any other request made to the server by the infrastructure. Thus, in order to setup this kind of partitioning, your solution is ultimately going to involve either using a different DNS implementation such as Bind (which I am not fully aware of all the capabilities that Bind offers along these lines) or in deploying a second, parallel instance of DNS in the environment. There are two levels that you can do this at depending on your network infrastructure implementation. The first is to deploy a DNS server with forwarders enabled on the given subnet that needs to be able to make the resolution. The general DNS server to which everyone else sends resolution requests is not forwarder enabled. The second (and the preferred for enterprise environments) is to deploy both DNS servers in the infrastructure space and then using routing rules to specify access to the DNS server of your choice, modifying DHCP and static DNS assignments as necessary to refer to the correct host. Wayne S. Anderson ------------------------------------ "Any sufficiently developed bug is indistinguishable from a feature." -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave L Sent: Wednesday, November 15, 2006 8:55 AM To: 'dubaisans dubai'; [email protected] Subject: RE: DNS recursive If you are talking about limiting the DNS server's ability to perform recursive queries, this might help: In the Windows 2000 DNS server, right click on the server and select properties. Once there select the "Forwarders" tab. Enable forwarders and key in the hosts you would like to use, and then put a check in the "Do not use recursion" box. > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > dubaisans dubai > > Sent: Monday, November 13, 2006 4:16 AM > > To: [email protected] > > Subject: DNS recursive > > > > > On Windows 200/2003 is it possible to restrict > DNS > > recursive queries > > > to only a specific subnet of IP addresses > > > > > > > > -------------------------------------------------------------- > > ------------- > > > -------------------------------------------------------------- > > ------------- > > > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > > ____________________________________________________________________________ ________ Sponsored Link $200,000 mortgage for $660/ mo - 30/15 yr fixed, reduce debt - http://yahoo.ratemarketplace.com --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
