Solved

DNS Zone Transfers

Posted on 2014-03-03
5
885 Views
Last Modified: 2014-04-17
I have 3 Windows AD (2K8R2) Based DNS Servers that are the authoritative for our domain.local zone.  Also in the environment we have a Linux DNS server as well that is the authoritative for our domain.com zone.  

For the windows servers they have two zones, domain.com and domain.local.  Domain.com is a secondary zone.  For the domain.local zone, the zone transfers is set to any, to replicate to the linux dns server.

Here is the issue:
We recently started using Nessus for vulnerability and compliance scanning.  Nessus is suggesting to limit zone transfers to only the servers that need the information.

So my options are: only servers listed on the Name Servers tab or only to the following servers.
When I try to add the linux server to the name servers tab I get a message, "the server with this IP address is not authoritative for the required zone."  I get why I get the message since the linux server doesn't have authoritative over domain.local but what is the correct way to make nessus happy and still allow zone transfers from .local to the linux server?

Do I enter the linux dns server ip into the 'Only to the following Servers' and if that is the way do I need to include the other AD servers?

thanks in advance
0
Comment
Question by:EA-170
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39901101
Do I enter the linux dns server ip into the 'Only to the following Servers' and if that is the way do I need to include the other AD servers?

Yes and Yes. Once you have Zone transfers allowed, you can configure the domain.local zone as a secondary on the Linux server.
0
 

Author Comment

by:EA-170
ID: 39901112
so the message: the server with this IP address is not authoritative for the required zone.

can be ignored since the on the linux server the domain.local is just a secondary zone??
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 39901842
Yeah. That shouldn't pop up if you add it to the list of servers in the Zone Transfers tab. The Name Servers tab is there to assign Primary DNS Servers. The only servers that can be added there are Domain Controllers if the Zone is AD Integrated, which it probably is.
0
 

Author Comment

by:EA-170
ID: 39903858
I didn't think it would either but it does pop up on the zone transfer tab > only to the following servers.  Once I enter the Linux server IP I get the message, "the server with this IP address is not authoritative for the required zone"

You are correct the domain.local zone is AD integrated and the name servers tab has the 3 DCs listed.  Also the domain.local zone is setup as a secondary zone on the Linux DNS server.

I guess I want to make sure I am not missing anything since I am still getting that message
0
 

Author Closing Comment

by:EA-170
ID: 40007558
I would have preferred more details
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question