The primary
and secondary DNS servers exchange data between them by performing zone
transfers, during which all data about the zone are transferred from the
primary to the secondary server. While zone transfer allows you to have several
DNS servers holding the same information, it can pose a certain threat to your
network if not used wisely.

zone transfer transmits all information about a certain DNS zone, it could also
help an intruder get to know your network better. Tools like Nslookup allow you
to easily perform zone transfers with DNS servers.

If you
don’t want to allow zone transfers to everyone, specify a list of servers that
you’ll allow to perform zone transfers with your DNS server. To do so, follow
these steps:

  1. Open the DNS console on your DNS
    server and expand the server and zone for which you want to disable zone
    transfers. Right-click and select Properties.
  2. On the Zone Transfers tab, you can either limit the zone transfers to the DNS servers on your network
    and let DNS manage them, or you can manually specify the IP address of
    the computers that will be allowed to perform zone transfers.
  3. Click OK.

Miss a column?

Check out the Windows 2000 Server archive, and catch up on the most recent editions of Jim Boyce’s column.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!