Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Securing a Zone

Updated: May 9, 2008

Applies To: Windows Server 2008

You can enhance the security of your Domain Name System (DNS) infrastructure by taking steps to secure the zones that your DNS servers host.

Zones can be compromised in one of two ways:

  • By unauthorized changes to the zone

  • By unauthorized access to zone data

Unauthorized changes to the zone can occur as a result of dynamic updates to the zone that an attacker might perform. You can help prevent this type of attack by ensuring that only secure dynamic updates can be performed.

Unauthorized access to zone data can occur when an attacker sets up a secondary server that can receive zone transfers from an improperly configured, primary DNS server. You can help prevent this type of attack by configuring zones to be transferred only to authorized DNS servers.

Finally, for zones that are stored in Active Directory Domain Services (AD DS), you can configure the access control list (ACL) to prevent the zone from being modified or accessed by unauthorized users.

To complete this task, you can perform the following procedures:

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.