More Efficient Zone Transfers

As long as we’re on the topic of zone transfers, we should mention another enhancement. A zone transfer comprises many DNS messages sent end-to-end over a TCP connection. Traditional zone transfers put only a single resource record in each DNS message. That’s a waste of space: you need a full header on each DNS message, even though you’re carrying only a single record. It’s like being the only person in a Chevy Suburban. A DNS message can carry many more records.

The Microsoft DNS Server understands a newer zone-transfer format that puts as many records as possible into a single DNS message. The resulting “many answers” zone transfer takes less bandwidth because there’s less overhead and less CPU time because less time is spent unmarshaling DNS messages.

The DNS server uses the “many answers” format by default, which is fine if all your secondaries can understand it. Older BIND name servers (prior to Version 4.9.4) can’t cope with this format and require the traditional one. Fortunately, you can tell the Microsoft DNS Server to use the traditional method with a server properties setting. Right-click on a server in the left pane of the DNS console and choose Properties, then select the Advanced tab. Click the box next to BIND secondaries. When this box is checked, the server sends traditional zone transfers to satisfy older BIND servers. The box is checked by default, but that doesn’t affect zone transfers between two Microsoft DNS Servers. They recognize ...

Get DNS on Windows Server 2003, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.