Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1390
Views
0
Helpful
2
Replies

PIX 515 and DNS Zone Transfers

davidpe
Level 1
Level 1

‎11-18-2001 05:42 PM - edited ‎02-20-2020 09:54 PM

I have two dns servers (win2k), one hosts primary zones (outside) and the other hosts secondary zones(dmz). I am unable to get them to transfer zones between the primary and secondary server. I get a "denied" error message in the event logs (NT) on the secondary server while trying to perform a transfer. I have port 53 (tcp/udp) defined on the PIX. Checking the logs on the local PIX, it looks like the high order ports are being used. Am i missing something?

David

0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎11-27-2001 06:49 AM

Check with Microsoft and see if you can lock down the zone transfer to the RFC1700 specified ports 53. Otherwise you’ll have to open >1024 to that outside host which seems unreasonable.

0 Helpful

gbbromley
Level 1
Level 1

‎11-28-2001 09:05 AM

DNS transfers zones by a number of means:

- Slave 'pulls' zones after expire period, or on restart

- Master notifies slaves that changes have been made, by DNS notify messages.

If the slave pulls it would be from port >1023 to TCP port 53 on master, this is from higher security to lower. If master notifies its from >1023 to TCP 53 I think, however this is from low security to high and would require static conduit/acls.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card