![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
177 questions
Hi Marcosfds,
Thank you for posting in the Microsoft Community Forum.
In some cases, allowing domain name servers to process recursive queries from any system may increase the risk of being attacked, as it provides attackers with opportunities to exploit vulnerabilities for denial of service or cache poisoning attacks. In such scenarios, attackers can send a large number of malicious query requests, causing server overload and thus denying service to legitimate users.
Moreover, allowing recursive queries from any system can also lead to cache poisoning attacks. Attackers can send forged DNS queries, exploiting the server's recursive functionality to cache malicious responses in the server's cache. Consequently, legitimate users querying the same domain may be affected by malicious responses controlled by attackers, potentially leading to user redirection to malicious websites or other attacks.
Therefore, to enhance security, it is typically recommended to properly configure domain name servers, limiting the scope of recursive queries, such as allowing only trusted networks or hosts to perform recursive queries, and implementing other security measures such as enabling DNSSEC (Domain Name System Security Extensions) and using firewalls for traffic filtering to reduce the risk of being attacked.
Best regards
Neuvi Jiang