+ Reply to Thread
Results 1 to 5 of 5
  1. Member
    Join Date
    Mar 2008
    Posts
    39

    Certifications
    MCP 70-290, 70-291
    #1

    Default Zone transfer info via NSLOOKUP

    Hey again!

    A) dnscmd /zoneresetsecondaries xyz.com /nonsecure (when you wish to retrieve zone info)
    B) dnscmd /zoneresetsecondaries xyz.com /securens (when you're finished retrieving zone info)

    Now, I understand that to display zone info for any given domain, you must use the above commands. Please could someone answer me the following:

    1) What is meant by the term 'Secondaries?'
    2) When using command A, does this allow everyone outside the company network to retrieve important zone info?
    3) Is there any other way (either by GUI or other means) to view zone info?

    I just dont understand why even when the allow zone transfers box for listed name servers is ticked, and the the host entry for the computer im running the lookup from is listed in the Name servers tab.. why must I carry out this further task?

    Thanks in advance!
    Reply With Quote Quote  

  2. SS -->
  3. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #2
    nslookup>

    ls -d your.zone.information.com

    1) Zone transfers are meant to update DNS servers hosting secondary zones
    2) You have to make sure you have disabled the ability to zone transfers to anyone and only add the workstations that need to use that information
    Reply With Quote Quote  

  4. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #3
    This will help explain a bit more what is going on: http://technet2.microsoft.com/window....mspx?mfr=true

    Also there should be a need to run that because if the computer you're on is listed in the allow zone transfers then it should be a-ok for running the nslookup zone transfer.
    Reply With Quote Quote  

  5. Member
    Join Date
    Mar 2008
    Posts
    39

    Certifications
    MCP 70-290, 70-291
    #4
    Mishra - Thanks for that, I forgot that requesting zone transfer info through nslook is basicly simulating a secondary zone server environment.

    Undomiel - Thanks for your reply and the link! I initially thought this too, I didnt understand why the query was refused.. so if anyone else has any ideas on that please let me know!

    So, if you wanted to reset zone secondaries to 'non secure' manually (through DNS management) how would you do it? Which property/field is within DNS management console thats being modified exactly, because i thought it was the enable zone transfer check box to start with.

    Thanks again!
    Reply With Quote Quote  

  6. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #5
    It is the same as setting on the Zone Transfers tab to "To any server" or "Only servers listed on the Name Servers tab" for /nonsecure and /securens. /securelist would be like setting on the list instead of the Name Servers tab. You could try adding your computer to the list on the Zone Transfers tab and set it to that and see if it works. Don't forget when you use nslookup that you make sure you set your server to the server that you're wanting to do the zone transfer from.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks