Securing DNS Clients

Applies To: Windows Server 2008

The following Domain Name System (DNS) client considerations have security implications for DNS clients in a DNS infrastructure:

• For sensitive clients, specify static IP addresses for the preferred and alternate DNS servers that a DNS client uses. If a DNS client is configured to obtain its DNS server addresses automatically, it will obtain them from a Dynamic Host Configuration Protocol (DHCP) server. By configuring DNS clients with static IP addresses for the preferred and alternate DNS servers, you eliminate one possible avenue of attack.

• Control which DNS clients have access to the DNS server. If a DNS server is configured to listen only on specific IP addresses, only DNS clients that are configured to use these IP addresses as preferred and alternate DNS servers will contact the DNS server.

To complete this task, perform the following procedures:

• Configure a DNS Client for Static IP Address

• Restrict a DNS Server to Listen Only on Selected Addresses