DNS 安全性管理

1.Open DNS servers

指 Caching recursive DNS 伺服器對外公開提供名稱遞迴解析 (recursive name resolution)服務，可能產生以下問題：

暴露於外界，容易被攻擊或平白損耗系統及網路資源
發生暫存中毒(cache poison)問題
容易被外界利用，成為發動 DDoS 網路攻擊的一員

Some or all nameservers responded to recursive queries. This should be addressed as soon as possible. Open DNS servers (i.e. externally facing DNS servers that answer recursively) increase the chances of cache poisoning, can degrade performance of your DNS, and can cause your DNS servers to be used in an attack.

由「開始」/「控制台」/「系統管理工具」/「伺服器管理員」視窗，選擇「DNS伺服器」，選擇「DNS」、主機名，選擇「內容」。
由「內容」視窗，選擇「進階」，勾選「停用遞迴(同時停用轉寄站)」。

2.Hide DNS Software Version

Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning.

Microsoft DNS

請在命令列輸入：dnscmd /config /EnableVersionQuery 0

參考：http://www.dnsinspect.com/articles/hide-version.html

3.DNSSEC

請參考：http://www.lijyyh.com/2013/09/windows-server-2012-r2-dnssec.html