DNS: Zone <zone name> secondary server <IP address> should respond to queries for the zone

Updated: October 15, 2010

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Issue

The secondary DNS server does not respond to queries for the zone.

The DNS server is configured in the list of secondary DNS servers on the zone transfers tab, but the specified server is not responding to a DNS query for the zone.

Impact

DNS queries for the zone might fail.

If the specified DNS server is used for DNS resolution, clients might be unable to resolve host names in the zone.

Resolution

Verify that the server is a secondary DNS server that hosts the zone.

Review the list of secondary DNS servers for the zone and verify that the specified DNS server hosts a secondary copy of the zone and is responding to DNS queries. If the DNS server is not a valid secondary server for the zone, remove it from the list. Alternatively, you can configure the DNS server to host a secondary copy of the zone. This rule checks the list of secondary servers if you have chosen to allow zone transfers Only to servers on the Name Servers tab or Only to the following servers on the Zone Transfers tab.

Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To configure the list of secondary servers

1. On the primary DNS server, click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

2. In the console tree, right-click the name of the secondary zone and then click Properties.

3. On the Zone Transfers tab, click Edit.

4. Use the following procedure to validate each server that is listed under IP addresses of the secondary servers.

5. To remove a server from the list, click the IP address and then click Delete.

6. To replace a server in the list, click the IP address you wish to replace, type the IP address of the new secondary server, and then press ENTER.

7. Click OK twice to exit.

To validate the list of secondary servers

1. On the primary DNS server, open an elevated command prompt.

2. Type nslookup and press ENTER to use the nslookup tool in interactive mode.

3. At the nslookup prompt, type the following commands, and after each one press ENTER:

   server <secondary server>
   
   ls <zone name>
   

4. Zone transfers must be allowed from the master to the secondary DNS server. If the secondary server hosts a copy of the zone and is responding, the contents of the zone will be displayed.

5. If contents of the zone are not displayed, remove the DNS server from the list of secondary DNS servers, or determine why the master DNS server is not responding.

6. Repeat this procedure for each DNS server in the list of secondary DNS servers.

7. When you have completed validating all secondary DNS servers for the zone, type exit and press ENTER.

See Also

Concepts

Adding a Secondary DNS Server to a Zone