13.10. Configuring Zone Transfer

Problem

You want to enable zone transfers to specific secondary name servers.

Solution

Using a graphical user interface

  1. Open the DNS snap-in (dnsmgmt.msc).

  2. In the left pane, expand the server node and expand either Forward Lookup Zone or Reverse Lookup Zone depending on the type of zone you want to manage.

  3. Right-click on the zone and select Properties.

  4. Select the Zone Transfers tab.

  5. Select either the option to restrict zone transfers to those servers listed on the Name Servers tab, or the option to restrict zone transfers to specific IP addresses, as desired. See the Discussion section for more on these two options.

Using a command-line interface

The following command enables zone transfers for the test.local zone and specifies they can only occur with servers that have NS records in the zone (i.e., servers listed within the Name Servers tab of the DNS snap-in):

> dnscmd <ServerName> /ZoneResetSecondaries test.local /SecureNs

The next command enables zone transfers for same zone, but specifies they can only occur with hosts whose IP addresses are 172.16.11.33 and 172.16.11.34:

> dnscmd <ServerName> /ZoneResetSecondaries test.local /SecureList 172.16.11.33 172.16.11.34

Using VBScript

' This code creates a name server (NS) record on a DNS server.
   
strDNSServer = "<servername>"
strContainer = "<containername>"
strOwner = "<ownername>"
intRecordClass = 1
intTTL = 600 
strNSHost = "<nameservername>" strComputer = "." set objWMIService = GetObject _ ("winmgmts:\\" & ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.