Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Zone Transfer Compromise

Status
Not open for further replies.
EnemyAce

EnemyAce

IS-IT--Management
Jul 16, 2003
30
CA
Wondering if someone can help me do a little Detective work here. I suspect that a user on our network has been attempting to modify our DNS server, possibly by adding a URL to a site he created. I noticed a warning in Event Viewer, Event ID 6004.

The message stated; 'The DNS Server received a Zone Transfer Request from (Internal IP) for a non-existent or non-authoratative zone (URL).

The Internal IP is the address of one of our users. Was this person attempting to modify our DNS in some way? Any chance he was succesfull, or does this warning state as I believe that all is ok?

Dave
 
Sort by date Sort by votes
EnemyAce
That error doesn't necessarily mean that someone on purpose is trying to modify your DNS files. That internal IP (individual or device) might be running some kind of DNS deamon without even knowing. I'd suggest you traced it back if you can and HR allows and take a look into that system. I might be wrong though in the interpretation of the error message. Other input appreciated.

Jose Luis Martin Cenjor, CCNA, CCNP
HP Managed Services - WAN
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
6K
tbright
tbright
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
5K
Nick Ellson
Nick Ellson
dikidushi
  • Locked
  • Question
DC/DNS Zone
Replies
0
Views
73
dikidushi
dikidushi
EAdams2009
  • Locked
  • Question
Root URL Zone file question
Replies
0
Views
220
EAdams2009
EAdams2009
figunet
  • Locked
  • Question
How to remove a zone in bind
Replies
0
Views
43
figunet
figunet

Part and Inventory Search

Sponsor

Back
Top