Advise with good practices with DNS zone transfer.
I have Windows Server 2008 R2 and they both are domain controller 2 Domain controller with 2008 R2 Domain Funtional Level and Forest Functional Level.. One of the is physical dc01 and dc02 is running on hyper-v. On the dc01 zone transfer is set to allow zone transfers and onlhy to servers listed on the Name Servers tab. Now on my dc02 that is turn off. Is good practices to have my dc02 allow zone transfers to only servers listed on Name Servers tab?
May 1st, 2012 4:09pm

Hello, Servers set in Name Servers tab are DNS servers in use for this zone. So, it assumes that it covers only DNS servers in use for your DNS zone. If you are using AD-Integrated DNS zones then updates will be replicated via AD replication. In this case, there is no need for DNS transfer and you can deny it if you want or just leave it. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 5:19pm

Because of the important role that zones play in DNS, it is intended that they be available from more than one DNS server on the network to provide availability and fault tolerance when resolving name queries. Otherwise, if a single server is used and that server is not responding, queries for names in the zone can fail. For additional servers to host a zone, zone transfers are required to replicate and synchronize all copies of the zone used at each server configured to host the zone, but if you have Active Directrory integruated DNS then you dont need to do anything leave it default More Understanding here http://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspxhttp://www.arabitpro.com
May 1st, 2012 5:31pm

Keep in mind that these settings only relate to zones that are not Active Directory-integrated. In other words, these settings do not relate to "zone transfers" between domain controllers, because that process isn't handled by DNS at all. Instead, the DNS information is stored in an Active Directory partition (hence the Active Directory-integrated zone checkbox) and transferred between one another via directory service replication. Each domain controller then periodically reloads the zone information from this AD partition - again, not via a DNS zone transfer. So, unless you're asking in the context of standard zones then you should just leave "Allow zone transfers" checkbox cleared. If you are asking in the context of standard zones, then the best two options are: Only to servers listed on the Name Servers tabOnly to the following servers, and then enter the servers manually Cheers, Lain
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 8:33pm

Yes, both of my DC01 and DC02 type: Active Directory-Intergrated. I see everyone advising that leave it alone since the replication is done thru AD. Once more thing - if I have a RODC can I set it the as a DNS server but only a zone type is a Secondary Zone or should be also a Primary Zone? Thanks for everyone help.
May 2nd, 2012 9:51am

Yes, both of my DC01 and DC02 type: Active Directory-Intergrated. I see everyone advising that leave it alone since the replication is done thru AD. Once more thing - if I have a RODC can I set it the as a DNS server but only a zone type is a Secondary Zone or should be also a Primary Zone? Thanks for everyone help. Simply install DNS on it and it will get the replicated copy through AD replication. Just note that here, on your RODC, you will have a primary zone which is for read-only. Updates should be done on an RWDC / DNS server and then get replicated to your RODC. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 10:34am

Thank you guys. This all make sense now to me. I am pretty new to Network Administrator world and I am learning all and taking notes.
May 2nd, 2012 2:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics