Configuring Zone Transfers using DNSCMD

by Mitch Tulloch [Published on 5 Nov. 2009 / Last Updated on 3 May 2009]

How to configure and force zone transfers using DNSCMD.

If your DNS server is running Windows Server Core, you can configure zone transfers on your DNS server from the command-line by using the DNSCMD command. AD DS–integrated zones store their DNS information in AD DS and replicate this information between domain controllers by using AD DS directory replication. Standard zones store their information in zone files and replicate this information between DNS servers by a process called a zone transfer. When a zone transfer occurs, a primary DNS server for the zone provides the zone information for the secondary DNS server. In this situation, the primary DNS server is called the master DNS server for the zone.

The master server is specified when you create a secondary zone. However, you can specify a different master server afterwards by using Dnscmd. For example, if you are changing the master DNS server for the hr.fabrikam.com zone from SEA-SC2 (172.16.11.31) to SEA-SC4 (172.16.11.33), then you can use the following command to configure the new master on SEA-SC1 (the secondary DNS server for the zone):

dnscmd SEA-SC1 /zoneresetmasters hr.fabrikam.com 172.16.11.33 

Before the secondary DNS server can load the zone information from the master DNS server for the zone, you must configure the master server to allow zone transfers with the secondary server. For example, to configure SEA-SC4 as the master server for the hr.fabrikam.com zone so that it allows zone transfers only to SEA-SC1 (the secondary server for the zone), do this:

dnscmd SEA-SC4 /zoneresetsecondaries hr.fabrikam.com /securelist 172.16.11.30

Zone transfers take place automatically according to their default schedule, but you can also use Dnscmd to force a secondary server to initiate a zone
transfer with its master server. For example, to force SEA-SC1 (the secondary server for the hr.fabrikam.com zone) to update its zone information from SEA-SC4 (the master server for the zone), do this:

dnscmd SEA-SC1 /zonerefresh hr.fabrikam.com

For more information on managing DNS servers running on Windows Server Core, see my book Windows Server 2008 Server Core Administrator's Pocket Consultant from Microsoft Press.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links