Hi All, In striving to remove all red flags from our dns report, I have only one left: DNS recursion. The dnsreport site has this information on the subject:
http://www.dnsreport.com/info/opendns.htm If I am running web or mail servers that require DNS lookups (like looking up a domain in order to deliver mail to them...?) and I disable recursion altogether on my Windows 2003 DNS servers, what exactly will happen? Will my non-recursive DNS server simply tell the machine requesting the lookup to go somewhere else to get the info, or will the lookup fail altogether? What is everyone else doing to remove this particular red flag from their report? Second, the link above has the following text: "If anyone is aware of a way to get Microsoft DNS to allow recursion only to specific IP ranges, please let us know -- lots of people would like to do that." Couldn't this be done with the firewall/packet filter on the DNS machine(s), as a workaround? What if I use our Windows 2003 DNS servers just for the zones for which they are authoritative, and disable recursion, and then use a separate FreeBSD server just for lookups that need to be resolved for non-authoritative lookups... Would this be a good way to go? Welcoming your thoughts, towards a clean DNS Report... Thanks everyone! Marc To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
