We have a Windows 2003 server hosting box. It runs DNS for the domains we host and needs to do lookups to find remote domain IPs. This means the server can be used as a DNS by anyone who wants to access it.
How can I lock it down so only the local machine can do the wildcard lookup, and remote users only access the DNS of the domains we're hosting without stopping the server side apps being able to access what ever it needs to?
Thanks,
The DNS server is also a DNS client (but not neccessarily it's own DNS client).
To disable the DNS server component from performimng recursion for other DNS clients you need to disable recursion on the Advanced tab of the server's properties in the DNS management console.
To allow the DNS client component to resolve queries for itself, you can configure external DNS servers on the TCP\IP properties of the network card.
The DNS server and DNS client components are separate and unrelated components. The DNS client would exist even if the server were not a DNS server and the DNS client works the same as it would on any other Windows computer. This can be a tricky concept to grasp but just remember that one does not rely on the other and that the DNS server (if it's only a DNS server and not an AD server) does not need to use itself for DNS resolution.
If you use Simple DNS Plus as your DNS server, you can restrict recursion by sender IP address. This way you don't need two different DNS servers.