4. To restrict transfers to designated servers, select the Allow Zone Transfers check box and then choose Only To The Following Servers. Then tap or click Edit as appropriate to display the Allow Zone Transfers dialog box. Tap or click in the IP Address list, enter the IP address of the secondary server for the zone, and then press Enter. Windows then attempts to validate the server. If an error occurs, make sure the server is connected to the network and that you’ve entered the correct IP address. If you want to copy zone data from other servers in case the first server isn’t available, you can add IP addresses for other servers as well. Tap or click OK.

5. Tap or click OK to save your changes.

You set properties for a zone with its SOA record. These properties control how DNS information is propagated on the network. You can also specify that the primary server should notify secondary name servers when changes are made to the zone database. To do this, follow these steps:

1. In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.

2. On the Zone Transfers tab, tap or click Notify. This displays the Notify dialog box shown in Figure 9-10.

FIGURE 9-10 In the Notify dialog box, notify all secondaries listed on the Name Servers tab of the Properties dialog box or specific servers that you designate.

3. To notify secondary servers listed on the Name Servers tab, select the Automatically Notify check box, and then choose Servers Listed On The Name Servers Tab.

4. If you want to designate specific servers to notify, select the Automatically Notify check box, and then choose The Following Servers. Tap or click in the IP Address list, enter the IP address of the secondary server for the zone, and then press Enter. Windows then attempts to validate the server. If an error occurs, make sure the server is connected to the network and that you entered the correct IP address. If you want to notify other servers, add IP addresses for those servers as well.

5. Tap or click OK twice.

When you create zones, they’re designated as having a specific zone type and an Active Directory integration mode. You can change the type and integration mode at any time by following these steps:

1. In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.

2. Under Type on the General tab, tap or click Change. In the Change Zone Type dialog box, select the new type for the zone.

3. To integrate the zone with Active Directory, select the Store The Zone In Active Directory check box.

4. To remove the zone from Active Directory, clear the Store The Zone In Active Directory check box.

5. Tap or click OK twice.

Dynamic updates enable DNS clients to register and maintain their own address and pointer records. This is useful for computers dynamically configured through DHCP. By enabling dynamic updates, you make it easier for dynamically configured computers to locate one another on the network. When a zone is integrated with Active Directory, you have the option of requiring secure updates. With secure updates, you use ACLs to control which computers and users can dynamically update DNS.

You can enable and disable dynamic updates by following these steps:

1. In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.

2. Use the following options in the Dynamic Updates list on the General tab to enable or disable dynamic updates:

■ None Disable dynamic updates.

■ Nonsecure And Secure Enable nonsecure and secure dynamic updates.

■ Secure Only Enable dynamic updates with Active Directory security. This is available only with Active Directory integration.

3. Tap or click OK.

NOTE DNS integration settings must also be configured for DHCP. See “Integrating DHCP and DNS” in Chapter 8.

You use the Server Properties dialog box to manage the general configuration of DNS servers. Through it, you can enable and disable IP addresses for the server and control access to DNS servers outside the organization. You can also configure monitoring, logging, and advanced options.

By default, multihomed DNS servers respond to DNS requests on all available network interfaces and the IP addresses they’re configured to use.

Through the DNS Manager console, you can specify that the server can answer requests only on specific IP addresses. Generally, you’ll want to ensure that a DNS server has at least one IPv4 interface and one IPv6 interface.

To specify which IP addresses are used for answering requests, follow these steps:

1. In the DNS Manager console, press and hold or right-click the server you want to configure, and then tap or click Properties.

2. On the Interfaces tab, select Only The Following IP Addresses. Select an IP address that should respond to DNS requests, or clear an IP address that should not respond to DNS requests. Only the selected IP addresses will be used for DNS. All other IP addresses on the server will be disabled for DNS.

3. Tap or click OK.

Restricting access to zone information enables you to specify which internal and external servers can access the primary server. For external servers, this controls which servers can get in from the outside world. You can also control which DNS servers within your organization can access servers outside of your organization. To do this, you need to set up DNS forwarding within the domain.

With DNS forwarding, you configure DNS servers within the domain as one of the following:

■ Nonforwarders Servers that must pass DNS queries they can’t resolve to designated forwarding servers. These servers essentially act like DNS clients to their forwarding servers.

■ Forwarding-only Servers that can only cache responses and pass requests to forwarders. These are also known as caching-only DNS servers.

■ Forwarders Servers that receive requests from nonforwarders and forwarding-only servers. Forwarders use standard DNS communication methods to resolve queries and to send responses back to other DNS servers.

■ Conditional forwarders Servers that forward requests based on the DNS domain. Conditional forwarding is useful if your organization has multiple internal domains.