DNS Zone Transfers
Posted on 2014-03-03
I have 3 Windows AD (2K8R2) Based DNS Servers that are the authoritative for our domain.local zone. Also in the environment we have a Linux DNS server as well that is the authoritative for our domain.com zone.
For the windows servers they have two zones, domain.com and domain.local. Domain.com is a secondary zone. For the domain.local zone, the zone transfers is set to any, to replicate to the linux dns server.
Here is the issue:
We recently started using Nessus for vulnerability and compliance scanning. Nessus is suggesting to limit zone transfers to only the servers that need the information.
So my options are: only servers listed on the Name Servers tab or only to the following servers.
When I try to add the linux server to the name servers tab I get a message, "the server with this IP address is not authoritative for the required zone." I get why I get the message since the linux server doesn't have authoritative over domain.local but what is the correct way to make nessus happy and still allow zone transfers from .local to the linux server?
Do I enter the linux dns server ip into the 'Only to the following Servers' and if that is the way do I need to include the other AD servers?
thanks in advance