Re: Primary/Secondary DNS ??

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Wed, 20 Apr 2005 18:39:32 -0500

---

"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AE87E8B4-8C90-4574-8EFE-F458230D8460@xxxxxxxxxxxxxxxx
> Hi All;
>
> Got 2 Win2k DNS INTERNAL servers running (1 pri and 1 sec).
>
> 1.) On the zone transfer tab should I only be adding each other's IP
address
> or is any server OK here?

On the Primary you must EITHER:

Allow transfers to all servers

Allow transfer to the specific Secondary (add the IP address)

Allow zone transfers to those on the DNS tab (similar to previous)

One the Secondary there is no reason to add ANY servers
UNLESS you later add another secondary AND it will transfer
from that Secondary instead of the Primary (perfectly legal.)

Oh, and if you wish to be able to do nslookup "list" of the zone
from a workstation, you must also allow zone transfers to the
WORKSTATION you will use, and do this on each server which
will allow it.

Primary's never do zone transfers (except if you use
that machine as a "workstation" for listing domains
at the command line.)

AD-Integrated DNS servers never do zone transfers
between themselves (other AD-Integrated).

AD integrated may (optionally) allow them to ordinary
secondaries.


> 2.) Same for the notify tab, should it be "server in the Name server tab"
or
> "the following servers"?

If you allow zone transfers to any or all DNS servers,
you may optionally specify the server(s) for notification.
(There is no point in notifying a server which cannot
transfer our zones.)

If your refresh times (periodic zone transfer frequency)
is set LONG it is a good idea in many cases to notify
other Secondary servers.

You would want to do this judiciously if you were
notifying a Secondary that is across a WAN but notice
that notification is strictly a performance/freshness
issue.


.

---

• References:
  • Primary/Secondary DNS ??
    • From: Steve

• Prev by Date: Primary/Secondary DNS ??
• Next by Date: Re: 1 domain 2 sites, what now?
• Previous by thread: Primary/Secondary DNS ??
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Zone Transfers w/ Active-Directory Integration ... NON-DC's with zone transfers to all servers on the name server table. ... the change was made to make it AD integrated the zone transfers tab was ... DC2 never had the zone removed, ... (microsoft.public.windows.server.dns) RE: DNS ACL ? ... and there should be no zone transfers coming in ... from the internet to these servers. ... Subject: DNS ACL? ... > Not all DNS clients automatically try to negotiate bigger UDP ... (Pen-Test) Re: Zone Transfer and Trust ... > local AD Integrated DNS servers at both locations? ... Herb Martin ... >>> Do we need to do Zone transfers from one DNS to another DNS to ... (microsoft.public.windows.server.dns) RE: Pubstro rash ... As far as I'm concerned DNS just uses 53/TCP to do zone transfers. ... Tipically zone transfers would only be used by secondary servers to update ... Cipher - Segurança da Informação ... (Incidents) Re: Zone Transfers w/ Active-Directory Integration ... NON-DC's with zone transfers to all servers on the name server table. ... the change was made to make it AD integrated the zone transfers tab was ... DC2 never had the zone removed, ... (microsoft.public.windows.server.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.dns  > 2005-04