none
how to update dns server RRS feed

  • Question

  • Hi, i made a scan for vulnerabilities, i see in a report that i must update the DNS server based on WS2008 R2. How to update DNS?
    Friday, February 17, 2017 8:39 AM

Answers

  • There is no such thing in Windows as updating the DNS service only. Share that part of the report with us, so we could offer you possible solutions.

    https://exchange12rocks.org/ | http://about.me/exchange12rocks

    • Marked as answer by alibek555 Tuesday, February 21, 2017 2:28 AM
    Sunday, February 19, 2017 1:37 AM
  • Actually, it is possible to update (patch) the DNS service. I'm assuming since you performed a vulnerability scan, you are referring to patching the service itself (not updating the root hints, forwarders, etc.)?

    If you need to update the service, you need to first determine what patch you are missing. There should be a corresponding Knowledge Base (KB) number for the patch. Once you figure out this information, you need to download the patch via Windows Update (or Microsoft Update) and install. 



    Cheers,

    Ryan

    Microsoft Server Engineer

    Blog:   Twitter:   LinkedIn:   

    Please remember to mark the replies as answers if they help.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by alibek555 Tuesday, February 21, 2017 2:28 AM
    Monday, February 20, 2017 2:40 AM

All replies

  • There is no such thing in Windows as updating the DNS service only. Share that part of the report with us, so we could offer you possible solutions.

    https://exchange12rocks.org/ | http://about.me/exchange12rocks

    • Marked as answer by alibek555 Tuesday, February 21, 2017 2:28 AM
    Sunday, February 19, 2017 1:37 AM
  • Does the report state the specific patches that you are missing?

    Cheers,

    Ryan

    Microsoft Server Engineer

    Blog:   Twitter:   LinkedIn:   

    Please remember to mark the replies as answers if they help.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, February 19, 2017 2:01 AM
  • Actually, it is possible to update (patch) the DNS service. I'm assuming since you performed a vulnerability scan, you are referring to patching the service itself (not updating the root hints, forwarders, etc.)?

    If you need to update the service, you need to first determine what patch you are missing. There should be a corresponding Knowledge Base (KB) number for the patch. Once you figure out this information, you need to download the patch via Windows Update (or Microsoft Update) and install. 



    Cheers,

    Ryan

    Microsoft Server Engineer

    Blog:   Twitter:   LinkedIn:   

    Please remember to mark the replies as answers if they help.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by alibek555 Tuesday, February 21, 2017 2:28 AM
    Monday, February 20, 2017 2:40 AM
  • There is no such thing in Windows as updating the DNS service only. Share that part of the report with us, so we could offer you possible solutions.

    https://exchange12rocks.org/ | http://about.me/exchange12rocks

    Actually, like any other service, it is possible to update the DNS service itself. For example, this security bulletin refers to installing KB3100465 to address a remote code execution vulnerability in the DNS service:

    https://technet.microsoft.com/library/security/ms15-127


    Cheers,

    Ryan

    Microsoft Server Engineer

    Blog:   Twitter:   LinkedIn:   

    Please remember to mark the replies as answers if they help.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 20, 2017 2:42 AM
  • There is no such thing in Windows as updating the DNS service only. Share that part of the report with us, so we could offer you possible solutions.

    https://exchange12rocks.org/ | http://about.me/exchange12rocks

    1) Vulnerability - DNS Server vulnerability to Cache snooping attacks

        Solution - Install the last version of DNS server

    2) Vulnerability - The DNS server which isn't supported any more is found

         Solution - Update the Windows operating system

    Monday, February 20, 2017 5:28 AM
  • Does the report state the specific patches that you are missing?

    Cheers,


    No, it doesn't state the specific patches

    Monday, February 20, 2017 5:29 AM
  • Actually, it is possible to update (patch) the DNS service. I'm assuming since you performed a vulnerability scan, you are referring to patching the service itself (not updating the root hints, forwarders, etc.)?

    If you need to update the service, you need to first determine what patch you are missing. There should be a corresponding Knowledge Base (KB) number for the patch. Once you figure out this information, you need to download the patch via Windows Update (or Microsoft Update) and install. 




    I want to do a scan with another scanner, maybe it will give me necessery updates.
    Monday, February 20, 2017 5:31 AM
  • Hi Aliek,

    As Ryan mentioned, please open control panel, and click System and security, and click Windows update, you could search and install update for windows.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 20, 2017 5:58 AM
  • Hi Aliek,

    As Ryan mentioned, please open control panel, and click System and security, and click Windows update, you could search and install update for windows.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    My servers are updated from wsus, i can distribute what i want)
    Monday, February 20, 2017 8:28 AM
  • I suggest scanning with a reputable vulnerability scanner such as Nessus or OpenVAS. These scanners will provide you with the specific patches that you are missing. Another good option from Microsoft is the MBSA (Microsoft Baseline Security Analyzer). This is a really good tool to have for a Windows-based network. Once you know what specific patches you are missing, you just need to approve them in WSUS and then install. 

    Let me know if I can help with anything else. 


    Cheers,

    Ryan

    Microsoft Server Engineer

    Blog:   Twitter:   LinkedIn:   

    Please remember to mark the replies as answers if they help.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 20, 2017 1:23 PM
  • I suggest scanning with a reputable vulnerability scanner such as Nessus or OpenVAS. These scanners will provide you with the specific patches that you are missing. Another good option from Microsoft is the MBSA (Microsoft Baseline Security Analyzer). This is a really good tool to have for a Windows-based network. Once you know what specific patches you are missing, you just need to approve them in WSUS and then install. 

    Let me know if I can help with anything else. 



    Ok, thanks, i will try the MBSA.
    Tuesday, February 21, 2017 2:27 AM
  • i have scanned the DNS server with MBSA, it found one update for DNS server
    • Edited by alibek555 Tuesday, February 21, 2017 9:37 AM
    Tuesday, February 21, 2017 6:19 AM