Shaun said:
Can you help
How can I restrict global access to my DNS to the domains I am authoritative
for but allow my own internal address ranges to have full access
I am using W2K DNS not connected to active directories
Shaun
If you want to restrict Internet Resolution (don't allow them to go to the
Internet), create a Root zone: rt-click, Forward Lookup Zones, new-zone,
type in a period (.), and complete the wizard with the defaults. That will
restrict any lookups to just what you have on the machine and won't resolve
anything other than your own zones.
If you want to restrict you own internal addresses, at your firewall, just
don;t allow access to the server from the outside world. If access is
currently allowed, block UDP 53 and TCP 53 to the server.
You can also use TCP/IP filtering.
You can also install a 3rd party personal firewall on it, like BlackIce or
Zone Alarm.
BIND offers "views" to control this, but that feature is not available in
W2k DNS.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
