Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

DNS - Deny a single DNS-record on RODC

Hi,

We have a RODC in a remote site. Between our site and this remote site, there is established a VPN tunnel, but with only restricted access.

Because of this restricted access and one single DNS-record that Direct Access uses to see if it's  on our local network or outsite, Direct Access doesn't work when users from our primary site connects their computer in our remote site, because it sees this special dns records, that tells it that it's on our local network.

Is it possible to restrict access to this single DNS-record on our remote site or remove it, so when they connect their laptop in our remote site, it will establish an Direct Access connection to our primary network through the internet instead of our VPN tunnel.
0
Sum Wum
Asked:
Sum Wum
  • 2
1 Solution
 
MaheshArchitectCommented:
Since record is created in AD integrated Domain DNS zone, that can't be hide from RODC

Any records if you have in standard primary zone, that can be hide from other DCs

Mahesh
0
 
Sum WumAuthor Commented:
MaheshPM: How do I hide it from other DC's?
0
 
MaheshArchitectCommented:
i believe these records are IPV6 records
Correct me If wrong please

You can try below on RODC
Open registry on RODC and navigate to below registry path
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters and open "GlobalQueryBlocklist" REG Multi string value.
Add there host (AAAA) special DNS record which is used by Directaccess
Restart DNS service

Above modification should block name resolution of perticlular DNS record from RODC
Then You can try to resolve the record from RODC, it should fail.

same can be achieved through Dnscmd tool
http://technet.microsoft.com/en-us/library/ee649250(v=ws.10).aspx

Mahesh
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now