You got calls that internet isn’t working
You jumped on the Network Management Systems, and everything looks great. Link status and devices are GREEN
You did your traceroute and all external nodes are reachable
You ping google.com. the names aren’t resolving. However, local resources are reachable via the domain names.
You called your provider accusing them of DNS failure. They frantically replied they had no issues at their end…Oops!
Calls kept coming and you really don’t know what to do….. Perhaps, you are considering changing your edge router or firewall. The regular suspicion of firmware upgrade. Kind of a sorry case!
Do you know that your Domain Controller can mess you up as well? Now let me explain.
What if there was a breach and the hacker’s intention was Denial of Service Attack (DoS). With a little tweak of your DNS service, your users can be denied internet access.
2 places to touch, forwarders, and root hints; The Forwarder IP will be pointed to the rogue IP address, and a new root zone (./root) is created to kill all the root hints on your server.
To avoid this, you need to protect your DC from both internal and external aggression. Be conscious of security when you enable remote connection.
I hope this helps!