Article ID: 193837 - View products that this article applies to.
This article was previously published under Q193837
The default setting for Zone Security in the DNS server included with Microsoft Windows NT Server is to allow zone transfer request from any client. This allows easier configuration and setup of a new DNS server. The default settings may allow unauthorized or undesired read access to the DNS Zone information. A client may request a zone transfer with the Nslookup utility, or by configuring a secondary zone on a DNS server. To restrict access, you can configure the Microsoft DNS server to "Only allow access from secondaries included on the notify list." This setting will limit access to the DNS server's zone information to IP addresses specified in the notify list. This parameter is on a per-zone basis; therefore, zones must be individually configured.
To configure zone security, use the following procedure:
164017For more information on the notify feature, please see the following article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/164017/EN-US/ )Explanation of a DNS Zone Transfer
(https://support.microsoft.com/kb/163745/EN-US/ )Explanation of DNS Notify List "Secondary Notification" Behavior
Article ID: 193837 - Last Review: October 31, 2006 - Revision: 1.1