000025690 - How Do I Disable Dynamic DNS Updates Under Windows 2003

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025690
Applies ToDynamic
DNS
Microsoft Windows 2003
IssueHow Do I Disable Dynamic DNS Updates Under Windows 2003
Cause

The Inverse Query (iquery) feature supported on some DNS servers could allow an attacker to obtain a zone transfer. Zone transfers identify every computer registered with your DNS server and can be used by an attacker to better understand your network. Even if you have disabled zone transfers on your DNS server, the iquery feature will still permit a zone transfer to occur.

For additional information, please see CVE-1999-0533

Resolution

This resolution is only needed if you are using a dynamic IP address. As enVision requires a static IP address, if your enVision appliance is configured correctly, this should not be an issue.

If you need to disable Dynamic DNS Updates on other Windows 2003 systems, please follow the article found here:

      http://www.caida.org/research/dns/disable_dns_updates.xml

Legacy Article IDa38215

Attachments

    Outcomes