How to configure DNS zone transfers


We have learned so far that if you are using AD-integrated zones to store the DNS information, zone replication will be performed by Active Directory. When using standard primary and secondary zones, the AD replication mechanism cannot be used so DNS zone transfers must be implemented. DNS databases hosted on servers that use standard zone are stored locally so the zone transferring mechanism must be configured in order to copy the zone information to other DNS servers. This mechanism is applied when transferring data between primary or secondary zones. Zone transfers are triggered on secondary zones when one of the following conditions are met:
– Zone transfers can be triggered manually by System Administrators using the DNS console
– When the refresh interval on  the SOA record from the primary zone expires, a zone transfer will be triggered
– By default, when a DNS server hosting a secondary zones is powered on, a request will be sent to receive the latest information from the primary zone.
– If changes occur in the primary zone and notifications are enabled, secondary zones will receive the latest data. We will see how to configure notifications on our DNS servers.
Let’s open up the DNS console and configure one primary and one secondary zone. Please read the previous articles to understand all the elements involved in the zone creation process. On my VM1 DNS server I’ve created a standard primary zone named ppscu.com. The zone data will be stored in the local ppscu.com.dns database. I’ll now create a secondary zone in my VM1 DNS server. This is how the two zones would look like:
Secondary DNS zone
The secondary zone has an X mark on it. Because zone transfer has not been configured yet, the server will not receive DNS updates. Right click the primary zone on the first server, select properties and navigate to the zone transfers tab:
Name Servers
To activate zone transfers check the allow zone transfers box. There are three options available in this section: Allow zone transfers to any server, only to servers listed on the Names Servers tab and only to the following servers. Select the last option and press edit to add the server hosting the secondary zone. Enter the IP address of the DNS server, wait for the validation confirmation and press OK:
Allow zone transfers
To trigger a zone transfer from the master server, right click the secondary zone and select transfer from master. This method will transfer the data from the master zone only if the serial number is less than the one in the primary zone. The Reload option will load the zone data from the local storage but, since the server does not contain any information, triggering a reload would not have any result. The last option, transfer new copy of zone from master will force a pull operation from the secondary zone regardless of the serial number:
Transfer from Master

 

After a couple of seconds the secondary zone should receive the DNS information from the primary zone:
Transfer from Master
We need to add the secondary server to the Names Servers section on the primary zone. Open the Names Servers tab, press the Add button and add the FQDN of the server hosting the secondary zone:
Name Servers
Navigate to the Zone Transfers tab and select Notify from the bottom section. In this section we’ll add the servers that will be notified when changes occur on the primary zone. When you add/create or remove a record from the primary zone, a notification will be sent to the secondary zone. Remember that when the secondary zone receives the notification, it triggers a pull operation to get the latest data from the primary server. After a server is configured to receive notifications, no further configurations are needed because this operation is done automatically:
DNS notify
Try to create a new record on the primary zone. I’ve added a Host(A) record for a computer with 192.168.0.55 IP address:
Adding a host record
The secondary server will receive a notification from the primary zone and will trigger a zone transfer. After a while, the new record will appear on the secondary server:
Zone transfer
We have learned how to configure the zone transfer mechanism, hope you’ve understood the main principles behind this DNS feature. There are multiple configurations that needs to be done when implementing zone transfers but, if there are no Active Directory-integrated zones configured in the domain, this is the only method available to create a consistent DNS infrastructure that is spanned over a medium/large geographical area. Feel free to add any comment relevant on this topic. Have a great day!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s