none
Windows 2008 R2 DNS services, 'Restricting queries in a particular zone' RRS feed

  • Question

  • I have a question about security on Windows 2008r2 DNS services.

    Currently we have single forest, single domain configuration.

    2 ad integrated zones replicating to all DC.

    1 zone for the forest, abc.corp.com,

    1 zone for lookups for servers in another domain, def.corp.com.

    A request has come through to setup and host a 3rd zone, ghi.corp.com, however the security requirement is that all systems on this subnet /16 address should not be able to resolve any queries for the other zone hosted on the DNS servers.

    So in UNIX i understand that you can do this, its called 'IP address-based access control list to queries' & 'Restricting queries in a particular zone'

    described in section 11.2.2.2

    http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch11_02.htm

    Can something similiar be done useing windows DNS?

    Thanks for your time.




    Wednesday, October 24, 2012 3:57 PM

Answers

  • In ISC BIND (what Linux and Unix uses), that's called "Views." Unfortunately, Windows DNS does not have that ability.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, October 24, 2012 5:08 PM