| 115 |
| Block DNS zone transfers |
| The primary and secondary DNS servers exchange data between them by performing zone |
| transfers, during which all data about the zone are transferred from the primary to the secondary |
| server. While zone transfer allows you to have several DNS servers holding the same information, |
| it can pose a certain threat to your network if not used wisely. |
| Because zone transfer transmits all information about a certain DNS zone, it could also help an |
| intruder get to know your network better. Tools like Nslookup allow you to easily perform zone |
| transfers with DNS servers. |
| If you don't want to allow zone transfers to everyone, specify a list of servers that you'll allow to |
| perform zone transfers with your DNS server. To do so, follow these steps: |
| Open the DNS console on your DNS server and expand the server and zone for which you want to |
| disable zone transfers. Right-click and select Properties. |
| On the Zone Transfers tab, you can either limit the zone transfers to the DNS servers on your |
| network and let DNS manage them, or you can manually specify the IP address of the computers |
| that will be allowed to perform zone transfers. |
First Previous Next Last |