Re: Security question on DNS zone transfers
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 07/08/04
- Next message: IBC: "Re: SB 2000 OWA Problem"
- Previous message: Dave Nickason [SBS MVP]: "Re: Replacing an old employees rights with a new employee username..."
- In reply to: Mark Holoweiko: "Re: Security question on DNS zone transfers"
- Next in thread: Mark Mancini: "Re: Security question on DNS zone transfers"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 8 Jul 2004 14:10:03 -0400
You may get a response to this from someone who knows more about it than I
do, but I don't know of any reason why the dns2go service would effect your
internal DNS settings. It seems to me that your DNS would be servicing only
local or outbound DNS requests, while dns2go deals with inbound requests.
If you set it up and it doesn't work, I'd post another question with a
subject relating to dns2go before experimenting with settings - a lot of
people in the SBS groups use that or similar services, so you should be able
to get a specific answer pretty easily.
As you probably know, there are security risks associated with hosting a web
site on your SBS, and it's not considered a "best practice" to say the
least. I hope you'll do a lot of reading about ISA, IIS, and other web site
security topics before hosting a publicly available web site.
"Mark Holoweiko" <mh@stonypoint-pr.com> wrote in message
news:xoOdnVeM_uGOFnDdRVn-tw@comcast.com...
> Thanks, Dave. Is this true even if we're using the dynamic DNS service I
> mentioned?
>
>
> "Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in
> message
> news:%23aiVxvQZEHA.2408@tk2msftngp13.phx.gbl...
>> Assuming you're referring to the Zone Transfer tab in the properties of
> the
>> Forward Lookup Zone, you want to allow zone transfers only to servers
> listed
>> on the Name Servers tab. On Name Servers, you'd have only your SBS and
> any
>> other DNS server in your local domain (generally none - SBS would be the
>> only one listed).
>>
>> FWIW, your DNS settings as configured in the SBS install process and by
> the
>> ICW should be correct. No manual intervention should be necessary.
>>
>> "Mark Holoweiko" <mh@stonypoint-pr.com> wrote in message
>> news:4vOdnRD0nceMw3DdRVn-hA@comcast.com...
>> > In DNS settings for Forwarders, should zone transfers be allowed "to
>> > any
>> > server" or be limted to named servers only?
>> >
>> > If the latter, which other servers should be listed?
>> >
>> > Situation: SBS2000, two NICs, and using a dynamic DNS service (DNS2GO)
> to
>> > host Exchange e-mail and (gulp) web site.
>> >
>> > Any assistance much appreciated.
>> >
>> >
>> >
>>
>>
>
>
- Next message: IBC: "Re: SB 2000 OWA Problem"
- Previous message: Dave Nickason [SBS MVP]: "Re: Replacing an old employees rights with a new employee username..."
- In reply to: Mark Holoweiko: "Re: Security question on DNS zone transfers"
- Next in thread: Mark Mancini: "Re: Security question on DNS zone transfers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
