Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
Allowing and restricting zone transfers
Allowing and restricting zone transfers
Zone transfers send a copy of zone information to other DNS servers. These servers can be in the same domain or in other domains. For security reasons, Windows Server 2012 R2 disables zone transfers. To enable zone transfers for secondaries you’ve configured internally or with ISPs, you need to permit zone transfers and then specify the types of servers to which zone transfers can be made.
Although you can allow zone transfers with any server, this opens the server to possible security problems. Instead of opening the floodgates, you should restrict access to zone information so that only servers you’ve identified can request updates from the zone’s primary server. This enables you to funnel requests through a select group of secondary servers, such as your ISP’s secondary name servers, and to hide the details of your internal network from the outside world.
To allow zone transfers and restrict access to the primary zone database, follow these steps:
1. In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.
2. Tap or click the Zone Transfers tab, as shown in Figure 9–9.
FIGURE 9–9 Use the Zone Transfers tab to allow zone transfers to any server or to designated servers.
3. To restrict transfers to name servers listed on the Name Servers tab, select the Allow Zone Transfers check box, and then choose Only To Servers Listed On The Name Servers Tab.
4. To restrict transfers to designated servers, select the Allow Zone Transfers check box and then choose Only To The Following Servers. Then tap or click Edit as appropriate to display the Allow Zone Transfers dialog box. Tap or click in the IP Address list, enter the IP address of the secondary server for the zone, and then press Enter. Windows then attempts to validate the server. If an error occurs, make sure the server is connected to the network and that you’ve entered the correct IP address. If you want to copy zone data from other servers in case the first server isn’t available, you can add IP addresses for other servers as well. Tap or click OK.
5. Tap or click OK to save your changes.
Оглавление книги
- Разработка приложений баз данных InterBase на Borland Delphi
- Open Source Insight and Discussion
- Introduction to Microprocessors and Microcontrollers
- Chapter 6. Traversing of tables and chains
- Chapter 8. Saving and restoring large rule-sets
- Chapter 11. Iptables targets and jumps
- Chapter 5 Installing and Configuring VirtualCenter 2.0
- Chapter 16. Commercial products based on Linux, iptables and netfilter
- Appendix A. Detailed explanations of special commands
- Appendix B. Common problems and questions
- Appendix E. Other resources and links
- IP filtering terms and expressions