Published on: 18 March, 2016

How to fix Open DNS Resolver issue on your windows server

Posted by andy | 854 views 1 likes 0 favourites 1 comments
Tumblr Digg Google Plus

If you have a VPS or a dedicated server and the DNS Server is available, you must take a precaution on protecting your DNS server from DOS(Denial of Service) or DDOS(Distributed Denial of Service) Attack. The attacks can be done by sending huge fake volume queries to your DNS server so it can cause performance degradation on your server. To overcome this problem, you can do the following actions on your server.

1. Disable the DNS Recursion on your server.

This can be easily done via command prompt. Just open a cmd command on your server and you can type in the following command. The 1 value means off and 0 value mean you want to turn on the recursion.

dnscmd /Config /NoRecursion 1

If you prefer windows interface, you can open the DNS Manager, right click the Properties and in the Advanced tab in the Servers option there is a check box option to disable the DNS recursion.

2. Block external DNS request using built in Windows Firewall.

Open Windows Firewall with Advanced Security in your Windows server and click the Inbound Rules. Look for the DNS TCP and right click the icon and click Properties. In the scope tab, go to the Remote IP Address section and enter the IP Address that are allowed to access. Usually it will be the local IP Address which is 127.0.0.1 and you will need to assign any public IP address that is assigned to your server. Note: this is important that you need to assign the public IP Address. If you have internal IP address, remember to add it as well. Once this is done, do for the DNS UDP as well.

Comments
Heather
Commented on: 03 Aug, 2016 10:12:42 AM
What are the steps if running Windows 10? These don't work. Thank you.
Write Comment
0 characters entered. Maximum characters allowed are 1000 characters.
Related Articles
Published on: 23 August, 2016
When you try to run MVC site or ASP.Net framework 4 website, if you receive the following error: HTTP Error 500.21 - Internal Server Error. Saying Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list. It means the ASP.Net has not been properly registered on your IIS.
Published on: 19 February, 2016
In order to allow loading and downloading json file on your site, you have to add json extension in mime type and handler mappings in IIS windows server. By default this extension is not view-able. Therefore you will need manually mapping json extension into your IIS. To do this, you must have to get an access to your IIS, if you do not have, please request your site administrator to add this extension for you. For users host their sites on GoDaddy or other web hosting providers will need to contact their hosting provider.