none
Can anyone help me below answer of DNS querries? RRS feed

  • Question

    1.        On a Windows DNS server, under Zone Transfers, if we allow a server by a specific list of IP addresses, does this server still receives and updates DNS information to the other servers in the AD forest? As the AD backend is LDAP based, my guess is yes, they keep their data in sync via LDAP database synchronizations, and DNS Zone Transfers are to be used with non-Microsoft products.
    1.        What is the exact impact of allowing unsecure dynamic DNS updates, if we have a list of IP addresses allowed for the Zone Transfers.
    Friday, November 10, 2017 7:25 AM

Answers

  • Hi,

     >>On a Windows DNS server, under Zone Transfers, if we allow a server by a specific list of IP addresses, does this server still receives and updates DNS information to the other servers in the AD forest? 

    Yes, if you have a Active Directory-Integrated DNS  or stub zone.

      >>What is the exact impact of allowing unsecure dynamic DNS updates, if we have a list of IP addresses allowed for the Zone Transfers.


    Unsecure dynamic updates allow one to update its own DNS record without authentification. This is a threat because DNS is a UDP based protocol and the source address can easily be spoofed on a LAN.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Mr. Raj Tuesday, November 14, 2017 2:42 PM
    Monday, November 13, 2017 7:12 AM