Re: Security question on DNS zone transfers

From: Mark Holoweiko (mh_at_stonypoint-pr.com)
Date: 07/08/04

Next message: Dave Nickason [SBS MVP]: "Re: Replacing an old employees rights with a new employee username..."
Previous message: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
In reply to: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Next in thread: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Reply: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 8 Jul 2004 13:59:05 -0400

Thanks, Dave. Is this true even if we're using the dynamic DNS service I
mentioned?

"Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in message
news:%23aiVxvQZEHA.2408@tk2msftngp13.phx.gbl...
> Assuming you're referring to the Zone Transfer tab in the properties of
the
> Forward Lookup Zone, you want to allow zone transfers only to servers
listed
> on the Name Servers tab. On Name Servers, you'd have only your SBS and
any
> other DNS server in your local domain (generally none - SBS would be the
> only one listed).
>
> FWIW, your DNS settings as configured in the SBS install process and by
the
> ICW should be correct. No manual intervention should be necessary.
>
> "Mark Holoweiko" <mh@stonypoint-pr.com> wrote in message
> news:4vOdnRD0nceMw3DdRVn-hA@comcast.com...
> > In DNS settings for Forwarders, should zone transfers be allowed "to any
> > server" or be limted to named servers only?
> >
> > If the latter, which other servers should be listed?
> >
> > Situation: SBS2000, two NICs, and using a dynamic DNS service (DNS2GO)
to
> > host Exchange e-mail and (gulp) web site.
> >
> > Any assistance much appreciated.
> >
> >
> >
>
>

Next message: Dave Nickason [SBS MVP]: "Re: Replacing an old employees rights with a new employee username..."
Previous message: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
In reply to: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Next in thread: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Reply: Dave Nickason [SBS MVP]: "Re: Security question on DNS zone transfers"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Zone Transfers - Forcing
... > the master DNS server in Windows? ... > DNS servers as slave. ... > with our own nameservers, ... initiate a zone transfer from the master increment the zone serial and it ...
(microsoft.public.windows.server.dns)
Re: Windows 2003 Server domain issue
... dont wish to perform zone transfer, two dns servers at two ... >Microsoft MVP for Windows Server - Management ...
(microsoft.public.windows.server.general)
Re: Zone Transfer and Trust
... The customer location has similar internal subnet and ... There is a DNS server inbetween these two Natted Range. ... local AD Integrated DNS servers at both locations? ... >> Why do we need Zone transfer to take place? ...
(microsoft.public.windows.server.dns)
Re: DNS Mass Changes
... Then Kevin replied below: ... but secondary servers will use the refresh value to ... secondary will try a zone transfer. ... As close as you can come to a force zone transfer is to use notify, ...
(microsoft.public.windows.server.dns)
Re: query refused
... You have enabled and restricted zone transfer to SPECIFIC IP addresses. ... check the zone transfer tab. ... This is a good configuration, ... > i have several zone on my local dns, my problem is when i query one of the ...
(microsoft.public.win2000.dns)