Hi, There is an option, for disabling recursion, but nothing for restrict IP Range. (Server Properties / Advanced / Disable Recursion).
Globally we recommend to disable recursion on authoritative servers. Which is a good practice in term of security. Best regards, Rémy DUCHET Founder & CEO Chemin du Curé-Desclouds 2, CH-1226 THONEX +41 (0)22 869 04 40 www.csti.ch -----Original Message----- From: swinog-boun...@lists.swinog.ch <swinog-boun...@lists.swinog.ch> On Behalf Of Benoît Panizzon Sent: Monday, 1 November 2021 14:37 To: swinog@lists.swinog.ch Subject: [swinog] Disable Recursion on Windows Server 2019 Dear Community We have a customer who operates hosting and uses a Windows Server 2019 as DNS for his hosting customers and for which we occasionally receive complaints about this being an open resolver prone to DNS amplification attacks. Customers requirements: * DNS reachable from the Internet, for the domains he is authoritative for. * DNS recursion available for hosting customers in his IP range. He tells me, that he can only switch recursion on and off completely, but not restrict the ip ranges for which is shall be available. My quick search via Google, also only revealed how to turn recursion off completely on a Windows Server 2019. Hopefully some Microsoft Guru on this list, can tell, how to restrict recursive access to certain IP ranges? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog