The primary
and secondary DNS servers exchange data between them by performing zone
transfers, during which all data about the zone are transferred from the
primary to the secondary server. While zone transfer allows you to have several
DNS servers holding the same information, it can pose a certain threat to your
network if not used wisely.
Because
zone transfer transmits all information about a certain DNS zone, it could also
help an intruder get to know your network better. Tools like Nslookup allow you
to easily perform zone transfers with DNS servers.
If you
don’t want to allow zone transfers to everyone, specify a list of servers that
you’ll allow to perform zone transfers with your DNS server. To do so, follow
these steps:
- Open the DNS console on your DNS
server and expand the server and zone for which you want to disable zone
transfers. Right-click and select Properties. - On the Zone Transfers tab, you can either limit the zone transfers to the DNS servers on your network
and let DNS manage them, or you can manually specify the IP address of
the computers that will be allowed to perform zone transfers. - Click OK.
Miss a column?
Check out the Windows 2000 Server archive, and catch up on the most recent editions of Jim Boyce’s column.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!
Daily Tech Insider Newsletter
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Delivered Weekdays
