FAQ 39: Prevent the DNS Redirector server from attack
Category: Initial setup | Updated: 12/16/2008 11:56:49 AM | Read: 1602 (Last: 9/3/2010 8:25:35 AM) On any public network there is the potential for hostile or abusive users.
Resolution
You should place a firewall (preferably hardware based, no NAT) between clients and the DNS Redirector server, allowing only UDP 53 (for DNS) and TCP 80 (for IIS) inbound to the server.
At the least, you should 'harden the machine' by disabling unnecessary Windows services such as... - Client for Microsoft Networks - QoS Packet Scheduler - File and Printer Sharing
This could also be achieved using TCP/IP filtering for Windows 2000 / 2003. Related articles FAQ 102 Allow DNS Redirector through any firewalls
Was this article helpful? Votes so far: 52% in 629
/12 