Re: Query ACL
From: Ace Fekay [MVP] (firstnamelastname_at_hotmail.com)
Date: 03/24/04
- Next message: Kevin D. Goodknecht [MVP]: "Re: add one domain name to our dns server"
- Previous message: Santhosh Sivarajan: "Re: Where in AD is DNS kept?"
- In reply to: nonbindguy: "Re: Query ACL"
- Next in thread: the confused: "Re: Query ACL"
- Reply: the confused: "Re: Query ACL"
- Reply: the confused: "Re: Query ACL"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 14:18:44 -0500
"nonbindguy" <anonymous@discussions.microsoft.com> wrote in message
news:12b5301c411bf$70b62ef0$a401280a@phx.gbl...
>
> It doesn't have to be to the view feature, the "allow
> query" statement available since bind 8...
>
> the question may boil down to whether you can create a
> security group based on IP segment, but not necessarily
> site based, as some networks may not belong to an AD
> domain but still need to query the zone.
>
> can machines outside a AD domian query the AD integrated
> DNS? is the everybody group for that? by the way I think
> Read is for both admin and query.
There's no way I'm aware of creating a security group base on IP subnet in
MS DNS. However there's a netmask feature ... but this more applies to an
alternative to Round Robin then what you're trying to do. Here's a snipet
below from the help files (chec the DNS help files for examples to see what
I mean):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enable netmask ordering:
Determines whether the DNS server reorders A resource records within the
same resource record set in its response to a query based on the IP address
of the source of the query.
By default, the DNS Server service uses local subnet priority.
Prioritizing local subnets.:
This feature requires that the client application attempt to connect to the
host using its closest (and typically fastest) IP address available for
connection.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As for the security tab, its only available with AD INtegrated zones and is
just for administration... here's another snipet:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manage the discretionary access control list (DACL) on DNS servers running
on domain controllers. In addition to the default DNS Server service
settings that affect security described above, DNS servers configured as
domain controllers use a DACL. The DACL allows you to control the
permissions for the Active Directory users and groups that control the DNS
Server service.
The following table lists the default group or user names and permissions
for the DNS Server service when it is running on a domain controller... etc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- Ace Please direct all replies to the newsgroup so all can benefit. This posting is provided "AS-IS" with no warranties and confers no rights. Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory -- =================================
- Next message: Kevin D. Goodknecht [MVP]: "Re: add one domain name to our dns server"
- Previous message: Santhosh Sivarajan: "Re: Where in AD is DNS kept?"
- In reply to: nonbindguy: "Re: Query ACL"
- Next in thread: the confused: "Re: Query ACL"
- Reply: the confused: "Re: Query ACL"
- Reply: the confused: "Re: Query ACL"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
