Consider the following scenario:

  • You install the Microsoft Remote Server Administration Tools on a computer that is running Windows Vista or Windows Server 2008.
  • From this computer, you use the Dnscmd.exe tool or the DNS Management Microsoft Management Console (MMC) snap-in. You use one of these tools to manage a DNS service instance that is hosted on a server that is running Windows 2000 or Windows Server 2003.
  • You try to add some secondary servers to the “allowed zone transfer server” list (securelist) of a primary DNS server zone.

In this scenario, the secondary servers are not added to the securelist as expected. Additionally, the symptoms that appear for this problem depend on the number of IP addresses that you try to add to the securelist. The following are the symptoms that may appear:

  • If you try to add more than one IP address, the operation fails.
  • If you try to add only one IP address of a secondary server, the operation seems to complete successfully. However, the operation adds an address of to the securelist, instead of the expected IP address.

For example, you try to add a “” server and a “” server to the securelist by using the following command:

dnscmd <server name> /zoneresetsecondaries <zone name> /securelist

In this case, you receive the following error message:


If you try to add only the “” server to the securelist by using the following command, an IP address of “” is incorrectly added to the securelist instead of the “” address:

dnscmd <server name> /zoneresetsecondaries <zone name> /securelist

However, in this case, you receive no error message.

Leave a Reply