Zone transfers from a secondary DNS server fail

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In the DNS management console, the secondary zone has a red X in the right pane, along with an error message that reads as follows:

The DNS server encountered a problem while attempting to load the zone. The transfer of zone data from the master server failed.
Correct the problem then either press F5, or on the Action menu, click Refresh.
For more information about troubleshooting DNS zone problems, see Help.

Cause

The primary DNS server might not be configured properly to allow zone transfers from the secondary DNS server.

Solution

Use the following procedure to verify that the primary DNS server is configured to allow zone transfers from the secondary DNS server.

To verify that the primary DNS server is configured to allow zone transfers from the secondary DNS server

1. On the primary DNS server, click Start, point to All Programs, click Administrative Tools, and then click DNS.

2. In the console tree, double-click the DNS server.

3. In the console tree, double-click Forward Lookup Zones or Reverse Lookup Zones, as applicable.

4. Right-click the zone, click Properties, and then click the Zone Transfers tab.

5. Ensure that the Allow zone transfers check box is selected.

If zone transfer fails with Event ID 6525 “Zone transfer for secondary zone <zone_name> refused by master server” and the master server allows dynamic updates for the zone, these failures are due to the zone transfer throttling mechanism, and they are expected. This mechanism limits the number of zone transfers to allow regular dynamic updates to take place.