Disable inverse query in Windows 2000 DNS
Posted on 2002-07-25
I ran ISS on my DNS server and got the following hit:
iquery: DNS server inverse queries
The Inverse Query(iquery) feature supported on some DNS servers could allow an attacker to obtain a zone transfer. Zone transfers identify every computer registered with your DNS server and can be used by an attacker to better understand your network. Even if you have disabled zone transfers on your DNS server, the iquery feature will still permit a zone transfer to occur.
Remedy: Configure your DNS server to disable inverse queries.
Does anybody know how to disable this?