DNS supports zone transfers, which enable DNS servers to exchange information about the DNS zones they manage. For example, let's say you host your own DNS server but your ISP hosts a secondary copy of your zone.

Zone transfers enable the secondary server to pull the records from the primary server on a periodic basis, eliminating the need to synchronize two unlinked copies of the zone using other methods. In short, zone transfers provide that synchronization.

In most situations, the only reason to use zone transfers is to allow a secondary server to pull a copy of your zone from the primary server. For security reasons, you might want to restrict zone transfers to only those servers that host secondary copies of your zone.

You can configure zone transfers on a zone-by-zone basis in the Windows DNS service. Follow these steps:

1. Go to Start | Programs | Administrative Tools | DNS.

2. Expand the Forward Lookup Zones branch, select the zone you want to configure, and click the Properties button on the toolbar.

3. Select the Zone Transfers tab.

At this point, you have two options to secure zone transfers. The first restricts zone transfers to only those servers listed on the Name Servers tab. The second restricts zone transfers to only the servers whose IP addresses you specify on the Zone Transfers tab.

If you choose the former, make sure the Name Servers tab lists the secondary DNS servers, and add them if this isn't the case. Otherwise, enter the IP addresses of all secondary servers on the Zone Transfers tab. Click OK when you finish entering the necessary server information.