As long as this is on the intranet and you restrict the IPs that can perform zone transfers, there should be no security problems. That's not to say your security team can't invent a problem :-)
Regards, Robbie Allen http://www.rallenhome.com/ http://www.rallenhome.com/blog/adcookbook/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, November 17, 2003 11:49 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Security Concerns With Creating a > Secondary DNS Zone > > > I would ask them there reasons and then post them here... > > I cant think of any real reasons as long as your servers are > sat internally and talk on your private WAN? > > Rob > > > > > > > <[EMAIL PROTECTED] > > > .com> To: > <[EMAIL PROTECTED]> > > Sent by: cc: > > > [EMAIL PROTECTED] Subject: > [ActiveDir] Security Concerns With Creating a Secondary DNS > Zone > tivedir.org > > > > > > > > > 17/11/2003 16:45 > > > Please respond to > > > ActiveDir > > > > > > > > > > > > > Hi, > > Are there any security concerns or issues with creating a > secondary DNS zone and doing Zone transfer? If you have a root Windows > 2000 domain in a different country and want to create a secondary zone for the > root domain in the US, what are the security issues > associated with the configuration? > If the security department is not allowing the creation of a > secondary zone because of "Security reasons," what would be > those reasons? > > Any input would be really appreciated. > > Thanks, > Santhosh > (See attached file: winmail.dat) > > > > ********************************************************************** > This E-mail and any files transmitted with it are in > commercial confidence and intended solely for the use of the > individual or entity to whom they are addressed. > If you have received this E-mail in error please notify the > Administrator by E-mail ([EMAIL PROTECTED]). > Any views or opinions expressed are solely those of the > author and do not necessarily represent those of DEK > International., or its affiliates. > ********************************************************************** > This footnote also confirms that this email message has been > swept by MIMEsweeper for the presence of computer viruses. > > www.dek.com > ********************************************************************** > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
