Secondary DNS server does not work reliably in Windows Server 2012

Applies to: Windows Server 2012 DatacenterWindows Server 2012 StandardWindows Server 2012 Foundation

Symptoms


Assume that you deploy a Windows Server 2012-based or later version of Windows-based standard Domain Name System (DNS) server as a secondary server for a DNS zone. The primary server for the zone is an Active Directory integrated DNS server. In this scenario, the server does not work reliably. On the server, all zone transfers are AXFR (Full) instead of IXFR (Incremental). Depending on the size of the zone, this leads to increased network bandwidth consumption. Additionally, all records may not be sent to the secondary server. This results in the secondary server not having all records in the zone even if the serial numbers match.

Workaround


On the master server, turn off zone update notifications on the Zone Transfer tab of the zone properties, and then configure a scheduled task on the secondary server to manually transfer the zone by using the Start-DnsServerZoneTransfer cmdlet:

  • Configure the secondary zones to point to a primary DNS server that is an earlier version than Windows Server 2012.
  • Configure the zone as a conditional forward instead of a secondary.
  • Configure the zone as a stub zone instead of a secondary.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.