Best practices securing DNS         (continued)...


Resolving name server 

A resolving name server would commonly be used to provide name resolution services to internal clients.  It may or may not be configured as authoritative for internal zones.

Since it must find DNS information requested by internal hosts (regardless of whether it is authoritative for that information or not), it should be configured as a recursive server.

However, it should only answer queries from trusted sources (internal hosts), not from the Internet. By adopting this strategy the external advertising name server is configured to provide little service other than answering queries for which it is authoritative.