Event ID 6525 — DNS Server Zone Transfer
Applies To: Windows Server 2008
Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone's primary master server or another secondary server. This process is known as zone transfer.
|Product:||Windows Operating System|
|Message:||A zone transfer request for the secondary zone %1 was refused by the master DNS server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.|
Configure authoritative servers
Verify that the master server of the secondary zone is authoritative for the zone and that the master server is configured to transfer the zone to the secondary server.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To configure the master server to transfer the zone to the secondary server:
On the secondary DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.
In the console tree, double-click the server, and then double-click the folder that contains the zone.
Click the zone, click Action, and then click Properties.
On the General tab, note the IP address of the server that is listed in Master Servers.
In the console tree, right-click DNS, and then click Connect to DNS Server.
Click The following computer, type the IP address of the master DNS server, and then click OK.
In the console tree, expand the master DNS server, and then expand the folder that contains the zone.
Note: If the zone is not in the folder, the server is not authoritative for the zone. In this case, you must configure the secondary server to transfer the zone from the correct master server.
Right-click the zone, click Properties, and then click the Name Servers tab.
Confirm that the secondary server is listed with the correct IP address. To correct the list, do one of the following:
- If the secondary server is not in the list, click Add.
- If the IP address of the secondary server is incorrect, click the server in the list, and then click Edit.
Click the Zone Transfers tab.
Ensure that Allow zone transfers is selected.
If Only to the following servers is selected, confirm that the secondary server is listed with the correct IP address. To correct the list, click Edit, and then type the DNS name or IP address of the secondary server in IP addresses of the secondary servers.
Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone.
To view the serial number for a zone:
- On the DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.
- In the console tree, right-click DNS, and then click Connect to DNS Server.
- Click The following computer, type the DNS name or IP address of the authoritative DNS server, and then click OK.
- In the console tree, expand the DNS server, and then expand the folder that contains the zone.
- Right-click the zone, and then click Properties.
- Click the Start of Authority tab, and note the value in Serial number.
Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers.