Link to home
Start Free TrialLog in
Avatar of jeffman5150
jeffman5150

asked on

Windows 2008 Server DNS and RODC prevent zone transfer

Hello,
Is there a way for DNS running on an RODC to NOT get a particular zone? For instance in the example below I want to prevent RODC03 from getting zoneb.com.

Thanks

DC01 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com

DC02 Running DNS (Active Directory-Integrated Primary)
Forward Lookup Zones
zonea.com
zoneb.com
zonec.com

RODC03 Running DNS (Active Directory-Integrated Primary Read-Only)
Forward Lookup Zones
zonea.com
zoneb.com <- Do not want this Zone
zonec.com
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

In the properties of the zone, you can "allow zone transfers"  - only to servers listed on the name servers tab.  Don't include the RODC from there.

Thanks

Mike
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As other suggested zoneb.com is AD intergated zone the same will be replicated ot RODC and cannot be excluded.Why do you want this zone to excluded any specific reason for the same?

The DNS on the RODC is read-only and should be replicated from a "writable"/ADI DNS zone.
More info http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_DDNS

You can make the zone primary but there are downsides which is already explaned by
Cliff.
Avatar of jeffman5150
jeffman5150

ASKER

Thank You. Changing it from AD Integrated to Primary and managing the Secondary Zones via the Zone Transfers Tab is what I needed. Problem Solved.
As for your other comments it would not be productive for me to justify my configuration. The reasons are valid, but thank you for the input and taking the time to respond.