Securing DNS resource records in Windows 2000

  • Thread starter Thread starter Gary Francisco
  • Start date Start date
G

Gary Francisco

Hi sirs,

Do you have any idea, how can secure my resource records. So that my users
wont be able to use the command

nslookup
ls -d <domain name>

Thanks a lot
 
In the "zone Transfer" tab, ensure that IF you check the "Allow transfer"
option, you do NOT select the "to any server" option. This should prevent
the ls.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
GF> So that my users wont be able to use the command
GF> nslookup
GF> ls -d <domain name>

That doesn't actually provide *security*. The data are still being
published. Denying "zone transfer" requests is mainly a weapon to minimize
the impact of trivial denial-of-service attacks against a content DNS server.
It is *not* a mechanism for hiding or for securing the data that that server
is publishing.

Content DNS service is a form of publication, and as with all forms of
publication either one doesn't publish what one doesn't want published, or one
accepts that the people to whom one is publishing will know the data that one
publishes.
 
Back
Top