DNS How to Secure your DNS server
For more detail click here.
Restrict Zone Transfers
Configure AD Integrated Zones
Configure the Discretionary Access Control List (DACL)
Allow Only Secure Dynamic Updates
Configure the Global Query Block List
Configure the Socket Pool
Configure Cache Locking
Restrict DNS servers to listen only on selected interfaces
Configure Internal Root Hints
Disable Recursion on the DNS Server
Secure the DNS Cache
Secure Zone Transfers with IPsec
Configure the DNS Socket Pool
1 In domain Server, open Windows PowerShell and type : Get-DNSServer
This command displays the current size of the DNS socket pool (on the fourth line in the ServerSetting section). Note that the current size is 2,500.
Please take note that the default DNS socket pool size is 2,500. When you configure the DNS socket pool, you can choose a size value from 0 to 10,000. The larger the value, the greater the protection you will have against DNS spoofing attacks.
To view the current value of the SocketPoolSize registry keyDnscmd /Info /SocketPoolSize
2 Now lets change the socket pool size to 3,000.
type : dnscmd /config /socketpoolsize 3000
3 Restart your DNS Server for the changes to take effect.
confirm that the new socket pool size now is 3000