This article was previously published under Q193837
The default setting for Zone Security in the DNS server included withMicrosoft Windows NT Server is to allow zone transfer request from anyclient. This allows easier configuration and setup of a new DNS server. Thedefault settings may allow unauthorized or undesired read access to the DNSZone information. A client may request a zone transfer with the Nslookuputility, or by configuring a secondary zone on a DNS server. To restrictaccess, you can configure the Microsoft DNS server to "Only allow accessfrom secondaries included on the notify list." This setting will limitaccess to the DNS server's zone information to IP addresses specified inthe notify list. This parameter is on a per-zone basis; therefore, zonesmust be individually configured.
To configure zone security, use the following procedure:
Click Start, click Programs, click Administrative Tools (Common), and then click DNS Manager.
In DNS Manager, from the Server list, right-click the primary zone icon.
Click the Notify tab.
In the Notify List, add the IP addresses of the secondaries that are allowed to access the primary.
Click the "Only Allow Access From Secondaries Included on the Notify List" check box.
For additional information about DNS zone transfers, please see thefollowing article in the Microsoft Knowledge Base: