split the resolver from authoritative service, and use Linux for user-facing services. What else :)
On Mon, Nov 1, 2021 at 2:40 PM Benoît Panizzon <[email protected]> wrote: > > Dear Community > > We have a customer who operates hosting and uses a Windows Server 2019 > as DNS for his hosting customers and for which we occasionally receive > complaints about this being an open resolver prone to DNS amplification > attacks. > > Customers requirements: > > * DNS reachable from the Internet, for the domains he is authoritative > for. > * DNS recursion available for hosting customers in his IP range. > > He tells me, that he can only switch recursion on and off completely, > but not restrict the ip ranges for which is shall be available. > > My quick search via Google, also only revealed how to turn recursion > off completely on a Windows Server 2019. > > Hopefully some Microsoft Guru on this list, can tell, how to restrict > recursive access to certain IP ranges? > > -- > Mit freundlichen Grüssen > > -Benoît Panizzon- @ HomeOffice und normal erreichbar > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > > > _______________________________________________ > swinog mailing list > [email protected] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Stanislav Sinyagin Senior Consultant, CCIE #5478 [email protected] +41 79 407 0224 _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
