jeffman5150
asked on
Windows 2008 Server DNS and RODC prevent zone transfer
Hello,
Is there a way for DNS running on an RODC to NOT get a particular zone? For instance in the example below I want to prevent RODC03 from getting zoneb.com.
Thanks
DC01 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com
DC02 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com
RODC03 Running DNS (Active Directory-Integrated Primary Read-Only)
Forward Lookup Zones
zonea.com
zoneb.com <- Do not want this Zone
zonec.com
Is there a way for DNS running on an RODC to NOT get a particular zone? For instance in the example below I want to prevent RODC03 from getting zoneb.com.
Thanks
DC01 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com
DC02 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com
RODC03 Running DNS (Active Directory-Integrated Primary Read-Only)
Forward Lookup Zones
zonea.com
zoneb.com <- Do not want this Zone
zonec.com
Refer to here for zone transfers
https://www.experts-exchange.com/questions/27497440/DNS-Transfers-between-Trusted-domains-and-zone-questions.html
https://www.experts-exchange.com/questions/27497440/DNS-Transfers-between-Trusted-domains-and-zone-questions.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As other suggested zoneb.com is AD intergated zone the same will be replicated ot RODC and cannot be excluded.Why do you want this zone to excluded any specific reason for the same?
The DNS on the RODC is read-only and should be replicated from a "writable"/ADI DNS zone.
More info http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_DDNS
You can make the zone primary but there are downsides which is already explaned by
Cliff.
The DNS on the RODC is read-only and should be replicated from a "writable"/ADI DNS zone.
More info http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_DDNS
You can make the zone primary but there are downsides which is already explaned by
Cliff.
ASKER
Thank You. Changing it from AD Integrated to Primary and managing the Secondary Zones via the Zone Transfers Tab is what I needed. Problem Solved.
As for your other comments it would not be productive for me to justify my configuration. The reasons are valid, but thank you for the input and taking the time to respond.
As for your other comments it would not be productive for me to justify my configuration. The reasons are valid, but thank you for the input and taking the time to respond.
Thanks
Mike