Create DNS zones in internal DNS servers to fight some obvious Web ads.
Use OpenDNS (www.opendns.com) DNS servers as forwarders, to add an extra layer of security.
Block the exact DNS protocols (UDP, TCP, or both) on the edgeâ€”the firewallâ€”and on the server. Also, lock down the DNS server. Iâ€™ve found Windows Server 2003 SP1â€™s security configuration wizard very useful for these two tasks.
Use Active Directory (AD)â€“integrated zones and secure dynamic updates.
Restrict DNS replication only to the necessary DNS servers.
Implement split DNS, if applicable.
Use DNSstuff (www.dnsstuff.com) to get useful additional informationâ€”also helpful for troubleshooting.
Get rid of NetBIOS over TCP and WINS. (Windows Server 2008 has a special DNS zone that eliminates the need for a WINS server.)
Join John Savill for 30 hours of training plus live Q&A and master the complete Microsoft solution stack! All sessions are available on demand the day after the live broadcast, and all sessions will be available on demand until March 2014. Two live classes remain for Semester 1 and Semester 2 begins in January 2014. Click to learn more.
Coming up next....
-- December 5: Hyper-V
-- December 12: System Center 2012 & 2012 R2
-- January 23: Implementing a Private Cloud for Your Organization
Windows Server 2012 R2 provides a huge number of changes and new capabilities to Windows Server 2012. These changes affect not only the datacenter with enhancements to virtualization, storage, and networking but also to the desktop environment and Bring Your Own Device scenarios. This event will dive into some of the more advanced Windows Server 2012 R2 features, help you understand their benefit, and show you how to start implementing.