Vulnerability V-259365

If the DNS server hosts only AD-integrated zones and there are no non-AD-integrated DNS servers acting as secondary DNS servers for the zones, this check is not applicable. For a non-AD-integrated DNS server: Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server, and then expand "Forward Lookup Zones". From the expanded list, click to select and then right-click the zone name. From the displayed context menu, click the "Properties" option. On the opened zone's properties box, go to the "Zone Transfers" tab. On the displayed interface, determine if the "Allow zone transfers" check box is selected. If the "Allow zone transfers" check box is not selected, this is not a finding. If the "Allow zone transfers" check box is selected, determine if either the "Only to servers listed on the Name Servers tab" radio button is selected or the "Only to the following servers" radio button is selected. If the "To any server" radio button is selected, this is a finding.

Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. From the displayed context menu, click the "Properties" option. On the opened zone's properties box, go to the "Zone Transfers" tab. On the displayed interface, select the "Allow zone transfers" check box. Select the "Only to servers listed on the Name Servers tab" radio button OR select the "Only to the following servers" radio button. Click "Apply". Click "OK".