my client is running a windows 2008 r2 server with dns and dhcp roles. it's not a domain controller, just a workgoup server.
got a notification from my client's isp:
"These attacks have been facilitated through DNS
amplification attacks. AT&T has detected these attacks and has confirmed
that the IP address x.x.x.x allocated to your Internet access account is
accessible from the Internet as an open DNS resolver. "
tried disabling recursion, but then there is no access to the internet.
tried disabling the firewall rule for dns udp, and no access to the internet.
does anyone have any idea how to correct this? do i need to add a public dns server to my dhcp scope for internet access? if i do, then what good is a dns server and it doesn't resolve internet addresses?
Gary