We have learned so far that if you are using AD-integrated zones to store the DNS information, zone replication will be performed by Active Directory. When using standard primary and secondary zones, the AD replication mechanism cannot be used so DNS zone transfers must be implemented. DNS databases hosted on servers that use standard zone are stored locally so the zone transferring mechanism must be configured in order to copy the zone information to other DNS servers. This mechanism is applied when transferring data between primary or secondary zones. Zone transfers are triggered on secondary zones when one of the following conditions are met:
– Zone transfers can be triggered manually by System Administrators using the DNS console
– When the refresh interval on the SOA record from the primary zone expires, a zone transfer will be triggered
– By default, when a DNS server hosting a secondary zones is powered on, a request will be sent to receive the latest information from the primary zone.
– If changes occur in the primary zone and notifications are enabled, secondary zones will receive the latest data. We will see how to configure notifications on our DNS servers.
Let’s open up the DNS console and configure one primary and one secondary zone. Please read the previous articles to understand all the elements involved in the zone creation process. On my VM1 DNS server I’ve created a standard primary zone named ppscu.com. The zone data will be stored in the local ppscu.com.dns database. I’ll now create a secondary zone in my VM1 DNS server. This is how the two zones would look like:
The secondary zone has an X mark on it. Because zone transfer has not been configured yet, the server will not receive DNS updates. Right click the primary zone on the first server, select properties and navigate to the zone transfers tab:
To activate zone transfers check the allow zone transfers box. There are three options available in this section: Allow zone transfers to any server, only to servers listed on the Names Servers tab and only to the following servers. Select the last option and press edit to add the server hosting the secondary zone. Enter the IP address of the DNS server, wait for the validation confirmation and press OK:
To trigger a zone transfer from the master server, right click the secondary zone and select transfer from master. This method will transfer the data from the master zone only if the serial number is less than the one in the primary zone. The Reload option will load the zone data from the local storage but, since the server does not contain any information, triggering a reload would not have any result. The last option, transfer new copy of zone from master will force a pull operation from the secondary zone regardless of the serial number:
After a couple of seconds the secondary zone should receive the DNS information from the primary zone:
We need to add the secondary server to the Names Servers section on the primary zone. Open the Names Servers tab, press the Add button and add the FQDN of the server hosting the secondary zone:
Navigate to the Zone Transfers tab and select Notify from the bottom section. In this section we’ll add the servers that will be notified when changes occur on the primary zone. When you add/create or remove a record from the primary zone, a notification will be sent to the secondary zone. Remember that when the secondary zone receives the notification, it triggers a pull operation to get the latest data from the primary server. After a server is configured to receive notifications, no further configurations are needed because this operation is done automatically:
Try to create a new record on the primary zone. I’ve added a Host(A) record for a computer with 192.168.0.55 IP address:
The secondary server will receive a notification from the primary zone and will trigger a zone transfer. After a while, the new record will appear on the secondary server:
We have learned how to configure the zone transfer mechanism, hope you’ve understood the main principles behind this DNS feature. There are multiple configurations that needs to be done when implementing zone transfers but, if there are no Active Directory-integrated zones configured in the domain, this is the only method available to create a consistent DNS infrastructure that is spanned over a medium/large geographical area. Feel free to add any comment relevant on this topic. Have a great day!