DNS Notify is a tool that facilitates the zone transfer between the primary and secondary DNS servers. If your IT environment only uses a single DNS server, then it’s not necessary to have DNS notify. So you’re probably wondering what a zone transfer is by now. A zone transfer is more like a transaction between a slave machine and the master machine where in this case the slave machine represents the secondary server and the master machine is known as the primary server. Therefore the slave machine may request data from the master machine in what is known as a zone transfer (normally it’s the portion of the database that is replicated that is usually referred to as a zone).

DNS notify on the other hand only serves to inform the secondary server about any modifications that have been done on the resource’s records since the data was last transferred from the primary server.

Normally, most Windows don’t have it implemented by default because of the security measure that it requires.

Implementing DNS Notify In Windows Machine

In order for you to implement DNS notify in your environment, you must first ensure that you specify the IP address of the secondary DNS in the primary DNS server. This ensures that there are two points where a transfer can take place.

Enabling DNS Notify In Windows Machine

  1. Depending on the Windows operating system that you are using, you just head over to the search box and type administrator tools. Click Administrator Tools when it comes up.
  2. In the administrator tools window, click DNS in order to open the DNS manager console.
  3. Expand the Server icon then expand the Forward Lookup Zones.
  4. Right click on your desired zone
  5. Click the properties tab and in the emergent window click Zone Transfer.
  6. Select automatically notify.

At this point you will be faced with two options, select the;

  1. Servers listed on the name servers tab or
  2. Your own servers (‘the following servers’)

You should select the second option and then you’ll be prompted to enter the IP address of the secondary DNS server. You should then close and reopen it again, if correctly implemented a green sign will show up.

Benefits

  1. DNS notify increases security on your environment since it prevents unauthorised zone transfers.
  2. It’s also nifty as it enables the primary server to notify the secondary servers whenever its database has been updated. Usually, when the secondary server receives the notification from the primary server it can start an incremental zone transfer or a full zone transfer to pull the changes form the master server.

Note: incremental zone transfer refers to when a secondary server only requests those records that have since changed since the last zone transfer. A full zone transfer means that the slave machine will request a full zone transfer whenever there are any changes.

Conclusion

DNS notify only serves to ensure that transactions between the master and slave machines are efficient and secure. It’s a great solution if you want to secure your entire IT environment and ensure that all records are kept up to date.

Check out the advantages and disadvantages of using DNS servers here.