Name Servers Tab
The Name Servers tab,
shown in Figure 10, allows you to configure NS resource
records for a zone. These records cannot be created elsewhere in the
DNS console.
You use NS resource
records to specify the authoritative name servers for a given zone. The
NS resource record of the first primary server of a zone is configured
automatically.
Note
Every zone
must contain at least one NS resource record at the zone root. |
The following line is an
example NS record taken from the database file for the
lucernepublishing.com zone:
@ NS dns1.lucernepublishing.com.
In this record,
the “@” symbol represents the zone defined by the SOA record in the
same zone file. The complete entry, then, effectively maps the
lucernepublishing.com domain to a DNS server hosted on a computer named
dns1.lucernepublishing.com.
Tip
In primary
zones, zone transfers by default are allowed only to servers specified
on the Name Servers tab. This restriction is new to Windows Server 2003. |
WINS Tab
You use the WINS tab, shown in Figure 11—or the WINS-R tab in reverse lookup zones—to
configure Windows Internet Name Service (WINS) servers to aid in name
resolution for a given zone after DNS servers have failed to resolve a
queried name.
Tip
When you
configure WINS lookup for a forward lookup zone, a WINS resource record
pointing to the WINS server you specify on the WINS tab is added to the
zone database. When you configure WINS-R lookup for a reverse lookup
zone, a corresponding WINS-R resource record is added to the zone
database. |
Zone Transfers
Tab
The
Zone Transfers tab, shown in Figure 12, allows you to restrict zone transfers from the local
master server. For primary zones, zone transfers to secondary servers by
default are either completely disabled or limited to name servers
configured on the Name Servers tab. The former restriction applies when
the DNS server has been added by using the Manage Your Server window;
the latter, when it has been added by using the Windows Components
Wizard. As an alternative to these default restrictions, you can
customize zone transfer restrictions by selecting the Only To The
Following Servers option and then specifying the IP addresses of allowed
secondary servers in the list below this option.
Secondary zones by default
do not allow zone transfers to other secondary zones, but you can
enable this feature simply by selecting the Allow Zone Transfers check
box.
Off the Record
In Windows
2000, the default setting on the Zone Transfers tab for primary zones
was to allow transfers to any server, but this feature created an
unnecessary security hole. Think about it: why would you want to enable
anyone who can access your DNS server to set up a secondary server and
peruse your network’s resource records? Restricting zone transfers by
default is a lot smarter—it allows you to prevent unauthorized copying
of zone data. |
Notification
The Zone Transfers tab
also allows you to configure notification to secondary servers. To
perform this task, click Notify on the Zone Transfers tab when zone
transfers are enabled. This action opens the Notify dialog box, as shown
in Figure 13, in which you can specify secondary
servers that should be notified whenever a zone update occurs at the
local master server. By default, when zone transfers are enabled, all
servers listed on the Name Servers tab are automatically notified of
zone changes.
Notification and
Zone Transfer Initiation
Zone transfers in standard zones can be triggered
by any of three events:
They can be
triggered when the refresh interval of the primary zone’s SOA resource
record expires.
They
can be triggered when a secondary server boots up.
In these first two cases, the
secondary server initiates an SOA query to find out whether any updates
in the zone have occurred. Transfers occur only if the zone database has
been revised.
They
are triggered when a change occurs in the configuration of the primary
server and this server has specified particular secondary DNS servers to
be notified of zone updates.
When a zone
transfer initiates, the secondary server performs either an incremental
zone transfer (IXFR) query or an all zone transfer (AXFR) query to the
master server. Computers running Windows 2000 Server and Windows Server
2003 perform IXFR queries by default. Through IXFR queries, only the
newly modified data is transferred across the network. Computers running
Windows NT Server do not support IXFR queries and can perform only AXFR
queries. Through AXFR queries, the entire zone database is transferred
to the secondary server.
Primary DNS
servers running Windows Server 2003 support both IXFR and AXFR zone
transfers.
Figure 14 illustrates the transfer query process between secondary
and master servers.
Note
You
do not need to configure zone transfers or notification among domain
controllers or DNS servers in Active Directory-integrated zones. For the
servers within these zones, transfers are conducted automatically. |
