DNS: Zone <zone name> transfers from the primary to the secondary DNS server must be successful

  • Article

Updated: October 15, 2010

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Product/Feature

DNS

Severity

Warning

Category

Configuration

Issue

The results of the last zone transfer were <zone transfer status> for the zone.

The secondary zone on this DNS server did not transfer properly from the primary DNS server.

Impact

Contents of the zone on this DNS server are out of date.

DNS client computers might fail to correctly resolve DNS information in the zone.

Resolution

Verify that zone transfers are allowed to this DNS server.

In order to host a secondary zone, the DNS server must be allowed to initiate a zone transfer from the master DNS server. Confirm that the master DNS server is configured to allow zone transfers to the IP addresses of all secondary DNS servers.

Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To configure the list of secondary servers

  1. On the primary DNS server, click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. In the console tree, right-click the name of the zone that is hosted on secondary DNS servers and then click Properties.

  3. On the Zone Transfers tab, verify that Allow zone transfers is selected.

  4. Choose Only to servers listed on the Name Servers tab or Only to the following servers.

  5. If you chose Only to the following servers, click Edit and verify that the IP address of the secondary DNS server is listed under IP addresses of the secondary servers.

  6. To add a server to the list, click below IP Address, type the IP address of the secondary DNS server, and then press ENTER.

  7. To remove a server from the list, click the IP address and then click Delete.

  8. To replace a server in the list, click the IP address you wish to replace, type the IP address of the new secondary server, and then press ENTER.

  9. Click OK twice to exit.

  10. If you chose Only to servers listed on the Name Servers tab, click the Name Servers tab and verify that the secondary DNS server is listed under Name servers.

  11. Click Add, Edit, and Remove to add, change, or delete name servers from the list, respectively.

  12. Click OK to finish.

See Also

Concepts

Adding a Secondary DNS Server to a Zone