Event Id | 6525 |
Source | Microsoft-Windows-DNS-Server-Service |
Description | A zone transfer request for the secondary zone %1 was refused by the master DNS server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server. |
Event Information | According to Microsoft : Cause : This event is logged when zone transfer request for the secondary zone was refused by the master DNS server. Resolution : Configure authoritative servers Verify that the master server of the secondary zone is authoritative for the zone and that the master server is configured to transfer the zone to the secondary server. To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority. To configure the master server to transfer the zone to the secondary server: 1.On the secondary DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS. 2.In the console tree, expand the secondary DNS server, and then expand the folder that contains the zone. 3.Right-click the zone, and then click Properties. 4.On the General tab, note the IP address of the server that is listed in Master Servers. 5.In the console tree, right-click DNS, and then click Connect to DNS Server. 6.Click The following computer, type the IP address of the master DNS server, and then click OK. 7.In the console tree, expand the master DNS server, and then expand the folder that contains the zone. Note: If the zone is not in the folder, the server is not authoritative for the zone. In this case, you must configure the secondary server to transfer the zone from the correct master server. 8.Right-click the zone, click Properties, and then click the Name Servers tab. 9.Confirm that the secondary server is listed with the correct IP address. To correct the list, do one of the following: If the secondary server is not in the list, click Add. If the IP address of the secondary server is incorrect, click the server in the list, and then click Edit. 10.Click the Zone Transfers tab. 11.Ensure that Allow zone transfers is selected. 12.If Only to the following servers is selected, confirm that the secondary server is listed with the correct IP address. To correct the list, click Edit, and then type the DNS name or IP address of the secondary server in IP addresses of the secondary servers. Verify Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone. To view the serial number for a zone: 1.On the DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS. 2.In the console tree, right-click DNS, and then click Connect to DNS Server. 3.Click The following computer, type the DNS name or IP address of the secondary DNS server, and then click OK. 4.In the console tree, expand the secondary DNS server, and then expand the folder containing the zone. 5.Right-click the zone, and then click Properties. 6.Click the Start of Authority tab, and note the value in Serial number. Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers. |
Reference Links | Event ID 6525 from Microsoft-Windows-DNS-Server-Service |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.