Windows 2008 R2 DNS services, 'Restricting queries in a particular zone' RRS feed

  • Question

  • I have a question about security on Windows 2008r2 DNS services.

    Currently we have single forest, single domain configuration.

    2 ad integrated zones replicating to all DC.

    1 zone for the forest,,

    1 zone for lookups for servers in another domain,

    A request has come through to setup and host a 3rd zone,, however the security requirement is that all systems on this subnet /16 address should not be able to resolve any queries for the other zone hosted on the DNS servers.

    So in UNIX i understand that you can do this, its called 'IP address-based access control list to queries' & 'Restricting queries in a particular zone'

    described in section

    Can something similiar be done useing windows DNS?

    Thanks for your time.

    Wednesday, October 24, 2012 3:57 PM


  • In ISC BIND (what Linux and Unix uses), that's called "Views." Unfortunately, Windows DNS does not have that ability.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos:

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, October 24, 2012 5:08 PM