Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS - Deny a single DNS-record on RODC

Posted on 2013-11-26
3
Medium Priority
?
485 Views
Last Modified: 2013-11-27
Hi,

We have a RODC in a remote site. Between our site and this remote site, there is established a VPN tunnel, but with only restricted access.

Because of this restricted access and one single DNS-record that Direct Access uses to see if it's  on our local network or outsite, Direct Access doesn't work when users from our primary site connects their computer in our remote site, because it sees this special dns records, that tells it that it's on our local network.

Is it possible to restrict access to this single DNS-record on our remote site or remove it, so when they connect their laptop in our remote site, it will establish an Direct Access connection to our primary network through the internet instead of our VPN tunnel.
0
Comment
Question by:Sum Wum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39677392
Since record is created in AD integrated Domain DNS zone, that can't be hide from RODC

Any records if you have in standard primary zone, that can be hide from other DCs

Mahesh
0
 
LVL 1

Author Comment

by:Sum Wum
ID: 39679923
MaheshPM: How do I hide it from other DC's?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39679957
i believe these records are IPV6 records
Correct me If wrong please

You can try below on RODC
Open registry on RODC and navigate to below registry path
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters and open "GlobalQueryBlocklist" REG Multi string value.
Add there host (AAAA) special DNS record which is used by Directaccess
Restart DNS service

Above modification should block name resolution of perticlular DNS record from RODC
Then You can try to resolve the record from RODC, it should fail.

same can be achieved through Dnscmd tool
http://technet.microsoft.com/en-us/library/ee649250(v=ws.10).aspx

Mahesh
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question