Outdated DNS Zones Notes

Here are some of my old notes from my MCSE guide on planning a MS Windows Server 2003 network.  I have no idea how outdated this information is but I imagine there not a lot of changes going on in a forest.  Also if your in the DIY mood, check out BIND.

http://www.isc.org/software/bind

Terminology

DNS Zone:
Namespace for the authoritative DNS server

Forward Lookup Zone:
Desinated space used to hold forward lookup records, common records types are MX and SRV.

Forward Lookup:
Resolvin a domain name to an IP address.

Reverse Lookup Zone:
Designated space used to hold reverse lookup records, common record types are PTR.

Reverse Lookup:
Resolving an IP address to a domain name.

Recursive Lookup:
DNS query that searches through connected DNS servers for the requested infomation.

Root Hints:
List of root severs that is used by DNS servers to perform forward lookups

Start of Authority:
DNS record that defines which DNS server is authoriateive for that particular domain and defindes the characteristics for the zone.

Zone Transer:
Transerfing records from DNS server to another DNS server.

Unauthorized Zone Transer:
Zone transer requested and obtained by an unauthroized server or person.
* I always wondered where they come up with these names . . .

Smurf attack:
Ping request packets using a fake source IP address that are sent to a broadcast address. Connected hosts who recieve the request transmit a reply to the fake IP address. DOS via three way handshake.
* Not really DNS zone related, just forgot about this one and laughed. Besides, I hope this one shouldn’t be able to work in most environments.

Other Potential Outdated Server 2003 Information

Securing Zone Transfers
Step 1: Under Administrator Tools, open DNS.
Step 2; Open Forward Lookup Zones and open the properites of the primary zone.
Step 3: Click the Zone Transers tab and allow zone transfers.
Step 4: Click Only to the followin servers and create a white-list of acceptable IP addresses
Step 5: Click Add when white-list is finished.
Step 6: Close the DNS snap-in
Step 7: Use Nslookup server command to add white-list IP adddress.
-Note: If this is a large list, learn about iteration.
Step 8: Use ls on the zone your transfering too.
Step 9: Profit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s