DNS: Zone <zone name> secondary servers must respond to queries for the zone
Updated: October 15, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.
Operating System |
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 |
Product/Feature |
DNS |
Severity |
Warning |
Category |
Operation |
Issue
None of the secondary servers configured for zone are responding.
A list of secondary DNS servers has been specified on the zone transfers tab, but none of these servers are responding to a DNS query for the zone.
Impact
Secondary servers will fail DNS queries for the zone.
If secondary DNS servers are used for DNS resolution, clients might be unable to resolve host names in the zone.
Resolution
Validate secondary servers for zone.
Review the list of secondary DNS servers for the zone and verify that each DNS server listed hosts a secondary copy of the zone and is responding to DNS queries. Configure the list of secondary servers, removing or replacing secondary servers that are not valid. This rule checks the list of secondary servers if you have chosen to allow zone transfers Only to servers on the Name Servers tab or Only to the following servers on the Zone Transfers tab.
Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To configure the list of secondary servers
On the primary DNS server, click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
In the console tree, right-click the name of the zone that is hosted on secondary DNS servers and then click Properties.
On the Zone Transfers tab, click Edit.
Note
This rule is only active if zone transfers are allowed and Only to the following servers is selected on the Zone Transfers tab.
Use the following procedure to validate each server that is listed under IP addresses of the secondary servers.
To remove a server from the list, click the IP address and then click Delete.
To replace a server in the list, click the IP address you wish to replace, type the IP address of the new secondary server, and then press ENTER.
Click OK twice to exit.
To validate the list of secondary servers
On the primary DNS server, open an elevated command prompt.
Type nslookup and press ENTER to use the nslookup tool in interactive mode.
At the nslookup prompt, type the following commands, and after each one press ENTER:
server <secondary server> ls <zone name>Zone transfers must be allowed from the master to the secondary DNS server. If the secondary server hosts a copy of the zone and is responding, the contents of the zone will be displayed.
If contents of the zone are not displayed, remove the DNS server from the list of secondary DNS servers, or determine why the master DNS server is not responding.
Repeat this procedure for each DNS server in the list of secondary DNS servers.
When you have completed validating all secondary DNS servers for the zone, type exit and press ENTER.
| Value | Description |
|---|---|
nslookup |
The command-line tool for querying DNS servers. |
server |
Command to set the default server used for queries. |
<secondary server> |
Specifies the DNS host name or IP address of the DNS server to be queried. |
ls |
Command to list entries in a zone. The ls command attempts a zone transfer of the specified zone from the specified server, and then displays data in the zone. |
<zone name> |
Specifies the zone name to be queried. |