Windows NT 4.0 DNS Server Default Zone Security Settings (193837)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0
This article was previously published under Q193837

SUMMARY

The default setting for Zone Security in the DNS server included with Microsoft Windows NT Server is to allow zone transfer request from any client. This allows easier configuration and setup of a new DNS server. The default settings may allow unauthorized or undesired read access to the DNS Zone information. A client may request a zone transfer with the Nslookup utility, or by configuring a secondary zone on a DNS server. To restrict access, you can configure the Microsoft DNS server to "Only allow access from secondaries included on the notify list." This setting will limit access to the DNS server's zone information to IP addresses specified in the notify list. This parameter is on a per-zone basis; therefore, zones must be individually configured.

MORE INFORMATION

To configure zone security, use the following procedure:

  1. Click Start, click Programs, click Administrative Tools (Common), and then click DNS Manager.
  2. In DNS Manager, from the Server list, right-click the primary zone icon.
  3. Click Properties.
  4. Click the Notify tab.
  5. In the Notify List, add the IP addresses of the secondaries that are allowed to access the primary.
  6. Click the "Only Allow Access From Secondaries Included on the Notify List" check box.
For additional information about DNS zone transfers, please see the following article in the Microsoft Knowledge Base:

164017 Explanation of a DNS Zone Transfer

For more information on the notify feature, please see the following article in the Microsoft Knowledge Base:

163745 Explanation of DNS Notify List "Secondary Notification" Behavior

Modification Type:MajorLast Reviewed:10/24/2002
Keywords:kbinfo KB193837
©2002 Microsoft Corporation. All rights reserved.