Zone Transfer Facts
Replication of zone data between primary and secondary zones takes place through zone transfers. You should know the following facts about zone transfers:
- Each secondary server is pointed to one or more master servers. A master server is the server from which the secondary copies the zone data. The master server can be the primary server or another secondary server.
- The zone serial number keeps track of changes to the zone. When you make changes to the zone, the serial number is incremented.
- Zone transfers can copy all records or only changed records:
- A full zone transfer (AXFR) copies all of the zone data with each zone transfer.
- A partial (or incremental) zone transfer (IXFR) copies only the changed records. This is the default method on Windows Server 2008.
- By default, zone transfer in Windows Server 2008 is disabled for security reasons. To use zone transfers, manually enable the feature in the DNS settings in Server Manager.
- You can restrict the servers to which zone transfers are allowed. There are two ways of doing this:
- Allow zone transfers only to servers that are listed as name servers.
- Allow zone transfers only to servers you specifically identify.
- Zone transfer is always initiated by a secondary server.
- The secondary server contacts the master server and compares the serial number on the master with the serial number in its copy.
- If the serial number on the master is greater, the secondary initiates zone transfer.
- If the serial number is the same (or lower) on the master, no zone transfer takes place.
- Windows DNS servers support the use of DNS Notify. With DNS Notify, master servers are configured with a list of slave DNS servers.
- When a change takes place, the master notifies the slave servers that the zone has changed.
- The secondary server then initiates zone transfer, first checking the serial number, then requesting changes.
You can allow notification for all name servers, or only for listed servers.
- You can improve DNS performance by placing multiple DNS servers on your network. For example, you can place a secondary server on the other side of a WAN link to reduce WAN traffic caused by name resolution. However, zone replication traffic must still cross the WAN link.
- A caching only server runs DNS but has no zones configured. Use a caching only server to improve performance while eliminating zone transfers.
- An Active Directory-integrated zone stores DNS information in Active Directory rather than in a zone file. Zone information is copied automatically when Active Directory replicates.
- If a zone is Active Directory-integrated and has no secondary servers, you can disable zone transfers. Zone data will continue to be replicated through Active Directory.
- Active Directory replication traffic is automatically secured. To secure zone transfers to secondary servers, use IPsec between servers.
Normally, zone transfers happen automatically at periodic intervals. You can force an update of zone data through the DNS console or by using the Dnscmd command. The following table lists some actions you can take to refresh zone data manually.
|DNS Console Action||Dnscmd Option||Result|
|Reload||Dnscmd /ReloadZone||The server reloads zone data from its local copy (it reads the data back in from the zone file on the hard disk).|
|Transfer from Master||Dnscmd /Refresh||Initiates a normal zone transfer. The DNS server compares its version number with the version of the zone master. If the version numbers are the same, no zone transfer takes place.|
|Reload from Master||N/A||The DNS server dumps its copy of the data and reloads the entire data from the master server.|