DNS: Zone <zone name> secondary servers list should not be empty
Updated: October 15, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.
Operating System |
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 |
Product/Feature |
DNS |
Severity |
Warning |
Category |
Configuration |
Issue
Zone transfers are allowed for the primary zone but no secondary servers are configured.
Zone transfers have been specified to be allowed only to a specific list of IP addresses. However, this list is blank.
Impact
Zone transfers will be denied from this DNS server.
If the DNS server is a master server for the zone, secondary DNS servers will be unable to update information in the zone because they are denied permission to perform a zone transfer.
Resolution
Add secondary servers to the list of hosts that are allowed to receive zone transfers for the zone.
To repair this condition, add secondary servers to the list of IP addresses that are allowed to receive zone transfers. Alternatively, you can configure the Allow zone transfers setting to specify Only to servers listed on the Name Servers tab or To any server. Allowing zone transfers to any server is not recommended.
Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To configure the list of secondary servers
On the primary DNS server, click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
In the console tree, right-click the name of the secondary zone and then click Properties.
On the Zone Transfers tab, click Edit.
Note
This rule is only active if zone transfers are allowed and Only to the following servers is selected on the Zone Transfers tab and the list is empty.
To secondary servers to the list click under IP Address, type the IP address of the new secondary server, and then press ENTER.
Repeat the previous step for each secondary DNS server.
Click OK twice to exit.