Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Zone Transfers

Posted on 2014-03-03
5
Medium Priority
?
913 Views
Last Modified: 2014-04-17
I have 3 Windows AD (2K8R2) Based DNS Servers that are the authoritative for our domain.local zone.  Also in the environment we have a Linux DNS server as well that is the authoritative for our domain.com zone.  

For the windows servers they have two zones, domain.com and domain.local.  Domain.com is a secondary zone.  For the domain.local zone, the zone transfers is set to any, to replicate to the linux dns server.

Here is the issue:
We recently started using Nessus for vulnerability and compliance scanning.  Nessus is suggesting to limit zone transfers to only the servers that need the information.

So my options are: only servers listed on the Name Servers tab or only to the following servers.
When I try to add the linux server to the name servers tab I get a message, "the server with this IP address is not authoritative for the required zone."  I get why I get the message since the linux server doesn't have authoritative over domain.local but what is the correct way to make nessus happy and still allow zone transfers from .local to the linux server?

Do I enter the linux dns server ip into the 'Only to the following Servers' and if that is the way do I need to include the other AD servers?

thanks in advance
0
Comment
Question by:EA-170
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 39901101
Do I enter the linux dns server ip into the 'Only to the following Servers' and if that is the way do I need to include the other AD servers?

Yes and Yes. Once you have Zone transfers allowed, you can configure the domain.local zone as a secondary on the Linux server.
0
 

Author Comment

by:EA-170
ID: 39901112
so the message: the server with this IP address is not authoritative for the required zone.

can be ignored since the on the linux server the domain.local is just a secondary zone??
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 39901842
Yeah. That shouldn't pop up if you add it to the list of servers in the Zone Transfers tab. The Name Servers tab is there to assign Primary DNS Servers. The only servers that can be added there are Domain Controllers if the Zone is AD Integrated, which it probably is.
0
 

Author Comment

by:EA-170
ID: 39903858
I didn't think it would either but it does pop up on the zone transfer tab > only to the following servers.  Once I enter the Linux server IP I get the message, "the server with this IP address is not authoritative for the required zone"

You are correct the domain.local zone is AD integrated and the name servers tab has the 3 DCs listed.  Also the domain.local zone is setup as a secondary zone on the Linux DNS server.

I guess I want to make sure I am not missing anything since I am still getting that message
0
 

Author Closing Comment

by:EA-170
ID: 40007558
I would have preferred more details
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question