WINDOWS 2000 SERVER

SPECIFY DNS ZONE TRANSFERS

Primary and secondary DNS servers exchange data by performing zone transfers during which they transfer all data about the zone from the primary to the secondary server. While zone transfer allows you to have several DNS servers holding the same information, it can pose a certain threat to your network if not used wisely.

Because zone transfer transmits all information about a certain DNS zone, it could also help an intruder get to know your network better. Tools such as Nslookup allow you to easily perform zone transfers with DNS servers.

If you don't want to allow zone transfers to everyone, you can specify a list of servers that you'll allow to perform zone transfers with your DNS server. Follow these steps:

1. Open the DNS console on your DNS server, and expand the server and zone for which you want to disable zone transfers.

2. Right-click it, and select Properties.

3. On the Zone Transfers tab, you can either limit the zone transfers to the DNS servers on your network and let DNS manage them, or you can manually specify the IP address of the computers allowed to perform zone transfers.

4. Click OK.