SecureSecondaries

HKLM\SYSTEM\CurrentControlSet\Services\DNS\Zones\<zone-name>

Data type Range Default value
REG_DWORD 0 | 1 | 2 | 3 Standard zones:  0
Active Directory–integrated zones:  3

Description

Determines which secondary servers can receive zone transfers for this zone from this master DNS server.

Secondary servers request zone transfers from master DNS servers. You can configure the DNS server to send zone transfers only to a group of servers you specify. If other servers request zone transfers, the DNS server rejects the requests.

Limiting the distribution of zone information is intended for security, but it also conserves processor time and prevents denial-of-service attacks (also known as SYN flooding).

Value Meaning
0 Disable secondary security. Send zone transfers to all secondary servers that request them.
1 Send zone transfers only to name servers that are authoritative for the zone. Authoritative name servers are specified by NS records at the root of the zone.
2 Send zone transfers only to servers you specify. To create a list of servers that receive zone transfer, use the Zone Properties Notify dialog box in the DNS console. the DNS console stores your list in the value of SecondaryServers. If SecondaryServers does not appear in the registry or its value is blank, this server does not send zone transfers.
3 Do not send zone transfers.

Change method

To change the value of this entry, use the DNS console. Right-click the name of a secondary zone, click Properties, and then click the Zone Transfer tab. Do not change this value by editing the registry.

Activation method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Image Note

This entry is effective only when it appears in the registry of a master DNS server. Otherwise, it is ignored.

Related Entries

Page Image

Page Image