Share via


Event ID 6524 — DNS Server Zone Transfer

Applies To: Windows Server 2008

Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone's primary master server or another secondary server. This process is known as zone transfer.

Event Details

Product: Windows Operating System
ID: 6524
Source: Microsoft-Windows-DNS-Server-Service
Version: 6.0
Symbolic Name: DNS_EVENT_AXFR_BAD_RESPONSE
Message: Invalid response from master DNS server at %2 during attempted zone transfer of zone %1. Check the DNS server at %2 and ensure that it is authoritative for this zone. This can be done by viewing or updating the list of authoritative servers for the zone. When using the DNS console, select zone %1 Properties at server %2 and click the Name Servers tab. If needed, you can add or update this server in the list there. As an alternative solution, you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.

Resolve

Configure authoritative servers

Verify that the master server of the secondary zone is authoritative for the zone and that the master server is configured to transfer the zone to the secondary server.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To configure the master server to transfer the zone to the secondary server:

  1. On the secondary DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.

  2. In the console tree, double-click the server, and then double-click the folder that contains the zone.

  3. Click the zone, click Action, and then click Properties.

  4. On the General tab, note the IP address of the server that is listed in Master Servers.

  5. In the console tree, right-click DNS, and then click Connect to DNS Server.

  6. Click The following computer, type the IP address of the master DNS server, and then click OK.

  7. In the console tree, expand the master DNS server, and then expand the folder that contains the zone.

    Note: If the zone is not in the folder, the server is not authoritative for the zone. In this case, you must configure the secondary server to transfer the zone from the correct master server.

  8. Right-click the zone, click Properties, and then click the Name Servers tab.

  9. Confirm that the secondary server is listed with the correct IP address. To correct the list, do one of the following:

    • If the secondary server is not in the list, click Add.
    • If the IP address of the secondary server is incorrect, click the server in the list, and then click Edit.
  10. Click the Zone Transfers tab.

  11. Ensure that Allow zone transfers is selected.

  12. If Only to the following servers is selected, confirm that the secondary server is listed with the correct IP address. To correct the list, click Edit, and then type the DNS name or IP address of the secondary server in IP addresses of the secondary servers.

Verify

Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone.

To view the serial number for a zone:

  1. On the DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.
  2. In the console tree, right-click DNS, and then click Connect to DNS Server.
  3. Click The following computer, type the DNS name or IP address of the authoritative DNS server, and then click OK.
  4. In the console tree, expand the DNS server, and then expand the folder that contains the zone.
  5. Right-click the zone, and then click Properties.
  6. Click the Start of Authority tab, and note the value in Serial number.

Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers.

DNS Server Zone Transfer

DNS Infrastructure