The DNS Zone Transfer setting is not retained in Windows Server 2008

Applies to: Windows Server 2008 R2 DatacenterWindows Server 2008 R2 EnterpriseWindows Server 2008 R2 for Itanium-Based Systems More

Symptoms

Consider the following scenario:

You install Windows Server 2008 or Windows Server 2008 R2.
You install the DNS Server role.
You turn on the Allow Zone Transfers setting in the DNS Microsoft Management Console (MMC) snap-in.
You configure zone transfers to specific servers.
You turn off the Allow Zone Transfers setting.

In this scenario, the Allow Zone Transfers setting may not be retained when you restart the DNS Server service. After you restart the DNS Server service, the Allow Zone Transfers setting is unexpectedly turned on.

Cause

This issue occurs because the registry is not modified correctly when the Allow Zone Transfers setting is turned off.

Workaround

To work around this issue, use one of the following methods.

Method 1: Modify the registry

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

Delete the following registry value after you turn off the Allow Zone Transfers setting:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\SecondaryServers

Method 2: Use Dnscmd.exe

Use the following Dnscmd.exe command to disable zone transfers:

dnscmd server_name /ZoneResetSecondaries domain_name /NoXfr

Last Updated: Mar 4, 2011