locked
iis 7 2008r2. DNS amplification attacks, please correct your configuration RRS feed

  • Question

  • How can I configure my server not to allow DNS amplification attacks?
    openresolver dot com shows open recursive resolver on all my ip addresses

     i don't find any dns server installed on my server so how can my iis 7 be exploitable when there is no dns server installed?
    There is no DNS in my Start, Administrative Tools menu tree
    There is no DNS Manager in services.  There is only DNS client
    Add Roles Wizard Shows DNS server is not yet installed.  It says I could install it.
    there is no named.conf file on the hard drive
    so I can't make this entry when the named.conf file doesn't exist
    DNS service (named.conf):
    Options {
    allow-recursion {none;};
    recursion no;
     }
    from command prompt run dnsmgmt.msc
    [the result i got : not found]

    There are 2  winsxs~dnsmgmt.msc files on the hard drive
    When I open those I get a DNS manager GUI with an error message "MMC could not create the snap in"

    This is the closest thing I can find to any evidence of existence of DNS server on the system in addition to the openresolver  report

    help sources i followed:
    technet
    ~library/cc771738.~
    ~Forums~cant-find-dns-manager
    1and1 sources:
    ~secure-server-against-dns-amplification-attacks
    I'm not allowed to post full paths so I've written abbreviated paths above.




    • Edited by puuOhia Monday, July 28, 2014 12:04 PM
    Monday, July 28, 2014 11:52 AM

Answers