4.Click on the Forwarders tab. Make sure there is not a checkmark in the Do not use recursion for this domain check box. If this option is selected, the caching-only DNS server cannot use the root hints list of the root Internet DNS server to resolve Internet host names. Select this option only if you decide to use a forwarder. In this case, we do not use a forwarder.

5.Click the Advanced tab. Confirm that there is a checkmark in the Secure cache against pollution check box. This prevents Internet DNS servers and attackers from inserting additional records in a DNS response. These additional records could be used as part of a co-coordinated DNS attack.

ISA Server 2004 Configuration Guide

57

Page 58 Page 60
Page 59
Image 59
Microsoft manual ISA Server 2004 Configuration Guide
Page 58 Page 60
Top Page Image Contents