none
DNS Sinkhole RRS feed

  • Question

  • Good Day

    I have a couple of DNS questions on Sinkholes.

    Running 2012 DSN Server. Want to set up a sinkhole. The configuration requires a boot from file. Since all zones have to be remove from active directory integrated. What affect does that have on your DNS servers since in my case they would be mixed. i would have 4 DNS Servers that would be the forwarders and 10 others that would resolve internal traffic and be AD integrated.

    Are there any links to newer sinkhole configs for new os versions? The newest ones seem to be windows 2003.

    Thank you

    Tuesday, October 3, 2017 12:22 PM

All replies

  • Hi JRRemillard,

    To create a boot file, all you need to do is reconfigure the MS DNS server to load it’s zones from the boot file instead of the registry. That will automagically create the boot file for all of the existing zones. (This is roughly equivalent to the named.conf file.)
    From the MS DNS console, right-click the local DNS server, select “Properties”, select the “Advanced” tab, and change the “Load zone data on startup:” setting to “From File”.
    This will create (or update) the existing sample boot file.

    According to this source, If you are using Active Directory, you may need to check the properties of each zone and change zones of type “Active Directory-integrated” to “Standard…”, and then repeat above.

    For your reference:

    http://networkstr.com/domain-dns-blacklisting-sinkhole/microsoft

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    >>Are there any links to newer sinkhole configs for new os versions?

    Based on my research, microsoft hasn't published the new arcticle for how to configure Sinkholes in new os versions.

    Best Regard,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by JRRemillard Wednesday, October 4, 2017 11:19 AM
    • Unmarked as answer by JRRemillard Wednesday, October 4, 2017 11:20 AM
    • Proposed as answer by Hello_2018 Monday, October 9, 2017 4:43 AM
    Wednesday, October 4, 2017 2:05 AM
  • hi

    thanks for the response.  

    was wondering

    Since all zones have to be remove from active directory integrated. What affect does that have on your DNS servers? What has to be done manually? what type of management changes are now manual?

    Thanks

    Wednesday, October 4, 2017 11:21 AM
  • Hi JRRemillard,

    Sorry for the delayed response.

    >>What affect does that have on your DNS servers? What has to be done manually? what type of management changes are now manual?

    When DNS server zone database transfer from AD integrated zone to standalone zone,  DNS dynamic updates can’t selected “Secure only” option. This option will be greyed out.

    Furthermore, your current DNS server zones will not take participate in AD replication as an domain application partition.

    Your new created DNS zone resource records will not be replicated to other DNS servers, only retain in current DNS server zones.

    That’s all what we can thought currently.

    Best Regards,

    Candy



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, October 9, 2017 5:23 AM
  • Hi JRRemillard,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 10, 2017 1:55 AM
  • Hi ,

    Did you have any updates?

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 11, 2017 7:10 AM
  • Hi ,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 16, 2017 8:44 AM