After a successful zone transfer, the primary DNS server releases the write lock. This enables dynamic updates of the dynamic update zone of the DNS server to succeed. However, the primary DNS server maintains a zone transfer lock to prevent additional zone transfers. The primary DNS server maintains the zone transfer lock for a period of time that is equal to 10 times the amount of time that is spent transferring the zone, up to a maximum of 10 minutes. Zone transfer locking is used for each dynamic update zone of the primary DNS server.
For example, if a zone transfer requires 2 seconds, the primary DNS server refuses all zone transfer requests from the secondary DNS servers for the transferred zone for the next 20 seconds. If a zone transfer requires 2 minutes, the primary DNS server refuses all zone transfer requests from the secondary DNS servers for the transferred zone for the next 10 minutes.
When the primary DNS server refuses a zone transfer request from the secondary DNS servers, the secondary DNS servers may consider this behavior to be an unsuccessful zone transfer request. As a result, error messages may be logged on the secondary DNS servers. For example, a Microsoft Windows NT 4.0-based secondary DNS server may log Event ID 6525. This indicates that a zone transfer request from the secondary DNS server was refused by the primary DNS server.
A primary DNS server that uses the Notify feature and that has many secondary DNS servers may experience these types of errors more frequently. This is because the Notify feature can trigger all of the secondary DNS servers to request a zone transfer from the primary DNS server at approximately the same time.
How to configure the zone transfer lock time in Windows Server 2003Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To control the period of time that the zone transfer lock is maintained by using Registry Editor, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
- In the right pane, right-click the XfrThrottleMultiplier entry, and then click Modify.
- In the Value data box, type Multiplier, and then click OK.
- Exit Registry Editor.
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type dnscmd /Config /XfrThrottleMultiplier Multiplier, and then press ENTER.
For example, if you set the XfrThrottleMultiplier to a value of 10, and it took 5 seconds to transfer the zone to a secondary DNS server, all the zone transfers for that zone will be refused for the next 50 seconds.
- The default multiplier value is 10.
- The maximum lock time is 10 minutes.
- To disable zone transfer throttling, set the server registry key XfrThrottleMultiplier to DWORD zero.
Artikelnummer: 291016 – Letzte Überarbeitung: 07.01.2008 – Revision: 1