Stop Unauthorized DNS Zone Transfers from Microsoft’s DNS Server


Hacker’s gain tremendous insight during the discovery phase if they can perform
an unauthorized zone transfer from your DNS server. It reveals the network and
host names. A zone transfer eats up the processing power of the DNS server. If
you are using the Microsoft DNS server under NT, you can configure the server to
only respond to requests for zone transfers from authorized ip addresses.



  • Click Start | Programs | Administrative Tools | DNS
    Manager

  • Open the DNS server on which the zone is hosted.
  • Right-click on the zone and select Properties | Notify

  • Add the IP addresses for any systems that will be allowed to do zone
    transfers
  • Enable the Only Allow Access From Secondaries Included On
    Notify List
    check box.
  • Click OK.
The DNS server will now reject zone transfer requests
from any sources other than those listed in the Notify list. You can add IP
addresses to this list even if they’re not for MS DNS servers without causing
errors on the DNS server.

Leave a Comment

Your email address will not be published.

Scroll to Top