DNS zone transfers outside internal network

[nickc]

Hi

I have 2 webservers in different locations, we have
always relied on a 3r party company to host our clients
dns but they have been letting us down so we have decided
to use our own 2 webservers for dns. My question is how
to set up the servers/firewalls for zone transfers
between the 2 servers as they are not local to eachother.
i have set up dns on out first webserver and created the
zones, i have also specified on the zone transfer tab
only the ip of my second webserver. Do i just need to
allow tcp port 53 on both my firewalls and restrict it to
just the 2 webservers ip addresses for the zone transfer
to take place,and allow UDP port 53 for everyone so
anybody can qery the server

Thanks

Nick

 

[Kevin D. Goodknecht [MVP]]

In

Hi

I have 2 webservers in different locations, we have
always relied on a 3r party company to host our clients
dns but they have been letting us down so we have decided
to use our own 2 webservers for dns. My question is how
to set up the servers/firewalls for zone transfers
between the 2 servers as they are not local to eachother.
i have set up dns on out first webserver and created the
zones, i have also specified on the zone transfer tab
only the ip of my second webserver. Do i just need to
allow tcp port 53 on both my firewalls and restrict it to
just the 2 webservers ip addresses for the zone transfer
to take place,and allow UDP port 53 for everyone so
anybody can qery the server

Thanks

Nick

You need to allow 53 TCP & UDP for everyone, many mail servers use TCP to
resolve MX records.

 

[Dave Baldridge]

Hi Nick,

DNS zone transfers are directed TCP traffic, so your firewall will need to
have TCP port 53 open to allow the transfer. When configuring DNS for the
zone transfer, use the "Only to the following servers" option and add the
appropriate IP addresses.

The firewall method you suggest is correct.

Thanks and have a great day.

Dave Baldridge MCSE 2000
MPS Protocols Support Professional