Recently I had a security audit and the report came back with the following issues.
DNS Server Cache Snooping Remote Information Disclosure
DNS Server Recursive Query Cache Poisoning Weakness
From my understanding to correct these issues I need to adjust the DNS Recursive Query. I seem to have two settings for this. “Do not use recursive for this domain” and “Disable Recursive”.
I’m not sure what the difference between the two and how it will affect my internal domain users. I know one disables forwardards. If that is the case how will our clients be able to access the web without any forwarders? Should I close UPD 53 at the firewall level? I not excalty sure how to address this.
We currently have SBS 2003 using Exchange. Any advice would be great!