SecureSecondaries
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Zones\ zone-name
Data type |
Range |
Default value |
|---|---|---|
REG_DWORD |
0 | 1 | 2 | 3 |
Standard zones: 0 Active Directory–integrated zones: 3 |
Description
Determines which secondary servers can receive zone transfers for this zone from the master Domain Name System (DNS) server.
Secondary servers request zone transfers from master DNS servers. You can configure the DNS server to send zone transfers only to a group of servers you specify. If other servers request zone transfers, the DNS server rejects the requests.
Limiting the distribution of zone information is intended for security, but it also conserves processor time and prevents denial-of-service attacks (also known as SYN flooding ).
Value |
Meaning |
|---|---|
0 |
Disable secondary security. Send zone transfers to all secondary servers that request them. |
1 |
Send zone transfers only to name servers that are authoritative for the zone. Authoritative name servers are specified by NS (name server) records at the root of the zone. |
2 |
Send zone transfers only to servers you specify. To create a list of servers that receive zone transfers, use the Zone Transfers tab on a zone's property pages in the DNS console. The DNS console stores your list in the SecondaryServers entry. If SecondaryServers does not appear in the registry or its value is blank, this server does not send zone transfers. |
3 |
Do not send zone transfers. |
Change method
To change the value of this entry, use the DNS console. Right-click the name of a secondary zone, click Properties, and then click the Zone Transfer tab. You should not change this value by editing the registry directly.
Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.
.gif)
Note
This entry is effective only when it appears in the registry of a master DNS server. Otherwise, it is ignored.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Related Entries
.gif)