DNS is a computer domain name system consisting of a resolver and a domain name server. It is a very basic requirement to ensure the security of the domain name resolution system on a Windows Server 2003 domain. Active Directory (AD) uses DNS to locate the resources required by domain controllers and other domain services (such as files, printers, mail, etc.). Since DNS is an integral part of the Active Directory domain system, it should be secured from the start. So how do you ensure it is secure? If you want to know the answer, continue to look down.
When installing DNS on Windows Server 2003, do not modify the default settings of "Active Directory Integration DNS". Microsoft began offering this setting in 2000.
This means that the system only stores DNS data on the Dns server, and does not save or copy information about the domain controller and the global directory server. This not only improves the speed of operation, but also improves the operational efficiency of the three servers.
Encrypting the data transfer between the DNS server and the client (or other server) is also critical. DNS uses TCP/UDP port 53; by filtering this port at different points on your security perimeter, you can ensure that the Dns server only accepts authenticated connections.
In addition, this is also a good time to deploy IPSec to encrypt the data transmission between the DNS client and the server. Turning on IPSec ensures that communication between all clients and servers is confirmed and encrypted. This means that your client only communicates with authenticated servers and helps prevent requests from being spoofed or compromised.
After configuring the DNS server, continue to monitor the connection, just as you pay attention to other high-value targets in the enterprise. The Dns server requires the available bandwidth to serve the customer's request.
If you see a large number of network traffic on a source machine towards a DNS server, you may have suffered a "denial-of-service" (DoS). Cut the connection directly from the source, or disconnect the server's network connection until you investigate the problem. Remember that a successful DoS attack on the Dns server will directly cause the Active Directory to crash.
With the default settings (Dynamic Security Update), only authenticated clients can register and update portal information on the server. This can prevent an attacker from modifying your DNS portal information, thereby misleading customers into carefully crafted websites to steal important information such as financial information.
You can also use quotas to block client flood attacks on DNS. Clients can usually only register 10 records. By limiting the number of targets a single customer can register, you can prevent a client from doing DoS attacks on its own Dns server.
Note: Make sure you use different quotas for DHCP servers, domain controllers, and multi-homed servers. These servers may need to register hundreds of targets or users depending on the features they provide.
The DNS server will respond to any query request within an authorized zone. To hide your internal network architecture from the outside world, you usually need to set a separate namespace, which generally means that one DNS server is responsible for your internal DNS architecture, and the other DNS server is responsible for the external and Internet DNS architecture. By preventing external users from accessing the internal Dns server, you can prevent the disclosure of internal non-open resources.
Whether you're running a Windows network or a mixture of UNIX and Windows, DNS security should be at the heart of your network. Take steps to protect the DNS from external and internal attacks.
In simple terms, Exchange servers can be used to architect email systems for busine
Domain name change tool. When I hear this noun, many net names feel very strange. W
It is often said that win2003 is a parallel system of security and stability, but can not be said to
Configure the routing service under Windows 2003 to realize broadband sharing. It n
About the use of win2003 skills
Windows 2003 failure causes and solutions
The secret of creating win2003 personalized screensavers
Not only xp can have system restore, win2003 can also be!
Detailed explanation of Win2003 network server security Raiders
Quickly set the power supply to easily turn off the win2003 shutdown prompt
Maintain Win2003 system security? Then use the distribution function
Three initiatives to enable win2003 server to achieve efficient management
Master responds to win2003 terminal failure measures
Add your own video compression to Win 2003
Win10 lack of boot.wim file upgrade failure how to solve?
Win8 Made Easy: Using Win8 global search quickly and easily
Fujitsu P771 and Windows7 build professional PC
Windows8 can't uninstall Word manuscript paper add-on how to do
How to let 360 antivirus regularly kill virus under Windows10
Win10 system color title bar how to set
Win10 official version delete windows.old file method
How to use win7 system activation tool
Repair method for U disk drive letter not displayed under Win8 system