Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Windows DNS server configuration

Posted on 2012-09-14
Medium Priority
Last Modified: 2012-09-21
I have 3 publicly facing Windows DNS servers.  On the master DNS server, in the properties of a zone I have configured the 'Zone Transfers' tab to be set to 'Allow Zone transfers only to servers listed in the Name Servers tab'.  In the 'Name Servers' tab, I have the 3 servers listed with the corresponding public IPs.

When I am trying to initiate a 'Transfer from master' from one of the other DNS servers, I receive errors in the windows event log that says, 'the zone transfer was refused by the Master server'.  I'm wondering if it's being refused because the request is coming from the internal IP address of the DNS server and not the public IP?   Which IP (internal or external) is the correct one to enter in for the servers in the 'Name Servers' tab?
Question by:AManoux
  • 2

Expert Comment

ID: 38400627
Sounds like you have hit the nail on the head....

If all of your three servers are routable on your private LAN you may as well use the private addresses for transfers.

If it doesn't work post more info on your network setup.

Author Comment

ID: 38400670
But if I change the IP address in the 'Name Servers' tab from public to private, will that cause issues when one of the DNS servers tells the requestor to get the information from the other server. Won't it give out the private IP to the external requestor which won't work?

Accepted Solution

megs28 earned 1000 total points
ID: 38400680
Your name servers tab should have public IPs.

Instead of basing your zone transfers on what is in the name servers tab try specifying the IP addresses (third option).
LVL 16

Expert Comment

by:Dale Harris
ID: 38405021
It wouldn't hurt to add both the public and private and test to see which works would it?

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question