Secure zone transfers between standard primary and secondary

[RJ]

I would like to setup a Win2k secondary DNS server to be
a slave to my primary Win2k DNS server. I will setup
zone transfers only to the secondary. Is there anyway to
use DNSSEC or have encrypted zone tranfers with Win2k?

Thanks,
RJ

 

[Kevin D. Goodknecht]

In

I would like to setup a Win2k secondary DNS server to be
a slave to my primary Win2k DNS server. I will setup
zone transfers only to the secondary. Is there anyway to
use DNSSEC or have encrypted zone tranfers with Win2k?

Thanks,
RJ

Yes, If these are Win2k Domain Controllers, you can make the Zones Active
Directory Integrated and disable zone transfers all together.

 

[Michael Johnston [MSFT]]

Unfortunately there isn't any support specifically for secure DNS zone transfers. However, you could setup an IP sec policy that encrypted TCP port 53 traffic
between these two machines. This would encrypt the zone transfer via IPsec accomplishing the same thing.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[RJ]

-----Original Message-----
In

Yes, If these are Win2k Domain Controllers, you can make the Zones Active
Directory Integrated and disable zone transfers all together.



Unfortunately, these are standard primary and secondary

zones that are not being used for AD.

Thanks,
RJ