Open DNS resolvers can become a target for attackers who use them for DDoS attacks or other cyber threats. Below is a step-by-step guide to closing open DNS resolvers on Windows Server 2022.

1. Check DNS Server Configuration

First, check if the server is configured to only process requests from trusted clients (e.g., from the local network):

1. Launch PowerShell as an administrator.
2. Run the command: Get-DnsServerRecursion
3. In the output, find the EnableRecursion parameter:
   • True — recursive queries are allowed (needed for the internal network).
   • False — recursive queries are disabled (recommended for external servers).

2. Restrict Access to the DNS Server

Allow access only from specific IP addresses:

Via DNS Manager:

1. Open DNS Manager (command: dnsmgmt.msc).
2. Right-click on the server name → Properties.
3. Go to the Interfaces tab.
4. Select the option Only the following IP addresses and add the IP addresses of trusted clients.

Via PowerShell:

Set-DnsServerSetting -ListenAddresses "127.0.0.1","192.168.1.1"

Replace 127.0.0.1 and 192.168.1.1 with your network's IP addresses.

3. Disable Recursive Queries

Recursive queries allow the server to look up answers from external DNS servers. If not needed:

Via DNS Manager:

1. Open the server properties.
2. On the Advanced tab, uncheck the Enable recursion box.

Via PowerShell:

Set-DnsServerRecursion -Enable $false

4. Configure the Firewall

Block access to port 53 from unknown IP addresses:

Via Windows Defender Firewall:

1. Open Windows Defender Firewall with Advanced Security.
2. Create a new inbound rule.
3. Specify Port → UDP and TCP → port 53.
4. Allow access only for trusted IP addresses.

Via PowerShell:

New-NetFirewallRule -DisplayName "Allow DNS from Trusted IPs" -Direction Inbound -Protocol UDP -LocalPort 53 -RemoteAddress 192.168.1.0/24 -Action Allow
New-NetFirewallRule -DisplayName "Block DNS from Untrusted IPs" -Direction Inbound -Protocol UDP -LocalPort 53 -RemoteAddress Any -Action Block

5. Verification

After configuration, test the server's availability:

• Use online tools, e.g., Open Resolver Test.
• Check locally via PowerShell: nslookup example.com

Requests from unknown IP addresses should be blocked.

By following these steps, you will close your DNS server to external threats and reduce the risk of abuse. This is a basic but important measure to protect your network.

You have the opportunity to increase the security of your server by changing the default RDP (Remote Desktop Protocol) port in Windows. Using the default port 3389 can make it easier for attackers to discover your server and become a target for unauthorized access attempts. In this article, we will look at how to change the default RDP port to a more secure one.

Step 1: Check the current RDP port

Before changing the port, make sure you have access to the server via RDP and that the current port is 3389. Open the command prompt and run the following command:

bash  

1. netstat -an | find "3389"

If the result shows that port 3389 is in use, it means that RDP is using the standard port.

Step 2: Open the Registry Editor

1. Press Win + R to open the "Run" dialog.
2. Type regedit and press Enter.

Step 3: Find the registry key for RDP

1. Navigate to the following path in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
2. Find the PortNumber parameter on the right. This parameter contains the current RDP port. Remember or write it down.

Step 4: Change the RDP port

1. Right-click on the PortNumber parameter and select "Modify".
2. Change the value to the new port (e.g., 5000 or 6000). Ensure "Decimal" is selected as the base.

Step 5: Restart the RDP service

1. Press Win + R.
2. Type services.msc and press Enter.
3. Find the "Remote Desktop Services" service and restart it.

Step 6: Check the new port

Now you can try connecting to the server using the new port. For example:

bash

mstsc.exe /v:your_server_ip:new_port 

Replace your_server_ip with your server's actual IP address, and new_port with the port you chose.

Important notes:

• Ensure the port you choose is not used by other services and is not blocked by the firewall.
• Remember the new port, as you will use it to connect to the server.

Follow these steps carefully, and always back up the registry before making changes. Changing the RDP port can improve server security but requires attention.

The Microsoft Windows Evaluation Center allows you to test Microsoft products for free before purchasing a license. Available products for review include Windows 11, Windows 10 Enterprise, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2.

These are full-featured versions of operating systems with a pre-installed evaluation key. The trial period is 90 days for Windows 10 Enterprise and 180 days for all Windows Server versions.

After the trial period ends, the user must either purchase a license or stop using it. If the trial period is insufficient, Microsoft allows extending it using a special command.

To extend the evaluation period in Windows 10 Enterprise, run the following command in the command line: slmgr.vbs -rearm.
For Windows Server, use the command: slmgr /rearm.

The evaluation period for Windows Server can be extended up to 5 times, allowing the Evaluation version to be used for a total of up to 3 years (180 days × 6).

It is important to remember that according to the terms of use, evaluation versions cannot be used for commercial purposes.