Microsoft KB Archive/193837

= Windows NT 4.0 DNS Server Default Zone Security Settings =

Article ID: 193837

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q193837



SUMMARY
The default setting for Zone Security in the DNS server included with Microsoft Windows NT Server is to allow zone transfer request from any client. This allows easier configuration and setup of a new DNS server. The default settings may allow unauthorized or undesired read access to the DNS Zone information. A client may request a zone transfer with the Nslookup utility, or by configuring a secondary zone on a DNS server. To restrict access, you can configure the Microsoft DNS server to "Only allow access from secondaries included on the notify list." This setting will limit access to the DNS server's zone information to IP addresses specified in the notify list. This parameter is on a per-zone basis; therefore, zones must be individually configured.



MORE INFORMATION
To configure zone security, use the following procedure:


 * 1) Click Start, click Programs, click Administrative Tools (Common), and then click DNS Manager.
 * 2) In DNS Manager, from the Server list, right-click the primary zone icon.
 * 3) Click Properties.
 * 4) Click the Notify tab.
 * 5) In the Notify List, add the IP addresses of the secondaries that are allowed to access the primary.
 * 6) Click the "Only Allow Access From Secondaries Included on the Notify List" check box.

For additional information about DNS zone transfers, please see the following article in the Microsoft Knowledge Base:

164017 Explanation of a DNS Zone Transfer

For more information on the notify feature, please see the following article in the Microsoft Knowledge Base:

163745 Explanation of DNS Notify List "Secondary Notification" Behavior

Keywords: kbinfo KB193837

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.