Hello,
I have to change my server ip resolver as it is being used by malicious users to send UDP packets to others. You can login into my server and change the IP resolver so that:
1. To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in "allow-query"; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
2. To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in "allow-query" for the server overall but setting "allow-query" to "any" for each zone)
3. To rate-limit responses to individual source IP addresses (DNS Response Rate Limiting, or DNS RRL)
There are two servers to make changes.