This post explains how to restrict automatic NS resource record registration in Windows Server DNS using Dnscmd. This prevents Windows Server DNS to automatically create NS records for zones that it hosts on the server.
Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a translation of my Bash script to check an IP address blacklist status in Linux.
How to add DNS servers – or resolvers – to a Windows Server network adapter, or interface with WMI and the netsh command. This one is quite old but may come in handy sometimes. In this example we use Google’s Public DNS server addresses and localhost to add as DNS Servers on our server.
Close your open resolvers now! Open Recursive Resolvers pose a significant threat to the global network infrastructure. They are utilized in DNS Amplification attacks and pose a similar threat as those from Smurf attacks commonly seen in the late 1990’s. What can I do?