Enable or disable fast DNS zone transfers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use the following procedure for optimizing zone transfers only between Windows-based Domain Name System (DNS) servers and other DNS server implementations. Zone transfers between Windows-based DNS servers always use the fast transfer format.

DNS servers running versions of the Berkeley Internet Name Domain (BIND) server implementation earlier than version 4.9.4 do not support the fast transfer format. Enable this option only if you are transferring zones to BIND servers running version 4.9.4 or later.

You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.

Administrative credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as command to perform this procedure.

Enabling or disabling fast DNS zone transfers

  • Using the Windows interface

  • Using the command line

To enable or disable fast DNS zone transfers using the Windows interface

  1. Open the DNS snap-in.

  2. In the console tree, click the applicable DNS server.

    Where?

    • DNS/applicable DNS server

  3. On the Action menu, click Properties.

  4. Click the Advanced tab.

  5. In Server options, select the BIND secondaries check box, and then click OK.

Note

To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.

To enable or disable fast DNS zone transfers using the command line

  • At a command prompt, type the following command, and then press ENTER:

    dnscmd ServerName /Config /BindSecondaries {1|0}

    Value Description

    ServerName

    Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.)

    /BindSecondaries

    Specifies use of the fast transfer format that is used by legacy BIND servers.

    {1|0}

    To enable fast transfer format when transferring a zone to legacy BIND DNS servers, type 1 (on). To disable fast transfer format, type 0 (off).