This is a late response to this thread but there's an important point I wanted to add:
Since DNS servers listen and respond to UDP packets, they are highly vulnerable to spoofing attacks. Using the IP address to limit access to certain features certainly would not be effective. Since people often use recursive DNS queries in DDoS attacks, it would be best to make a DNS server that allows recursive queries only accessible to your trusted networks. Of course, ingress filtering on your router or firewall will limit your exposure and IP address restrictions certainly are better than placing an open recursive DNS server on the internet but the point here is that DNS servers cannot effectively rely on IP address restrictions on their own. To answer your original question, although the built-in Windows DNS server cannot do that, there is a product, Simple DNS Plus (http://www.simpledns.com) that allows you to restrict recursive queries by IP address. Just be careful how you use it. Mark Burnett -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Thursday, November 16, 2006 12:09 PM To: 'SHON, DAN'; 'Mailinglists Address'; 'dubaisans dubai' Cc: [email protected] Subject: RE: DNS recursive This could also be done with IPsec, but I'm curious as to what it is that the OP wants to accomplish... Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of SHON, DAN > Sent: Wednesday, November 15, 2006 12:34 PM > To: Mailinglists Address; dubaisans dubai > Cc: [email protected] > Subject: RE: DNS recursive > > You can always set up ACL's to block or allow UDP 53 on the router. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Mailinglists Address > Sent: Wednesday, November 15, 2006 8:18 AM > To: 'dubaisans dubai' > Cc: [email protected] > Subject: Re: DNS recursive > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai > >> Sent: Monday, November 13, 2006 4:16 AM > >> To: [email protected] > >> Subject: DNS recursive > >> > >> > >>> On Windows 200/2003 is it possible to restrict DNS > >>> > >> recursive queries > >> > >>> to only a specific subnet of IP addresses > >>> > >>> > Coming in late on this thread, but according to everything I > have read there is no way to restrict recursive lookups from > a specific network using Microsoft DNS. You will need to use > another DNS server software in order to accomplish this. > > I would recommend the win32 version of Bind9 as it has the > functionality you are looking for. > > Tom Walsh > Express Web Systems, Inc. > http://www.expresswebsystems.com/ > > -------------------------------------------------------------- > ---------- > --- > -------------------------------------------------------------- > ---------- > --- > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
