Hacker's gain tremendous insight during the discovery phase if they can perform an unauthorized zone transfer from your DNS server. It reveals the network and host names. A zone transfer eats up the processing power of the DNS server. If you are using the Microsoft DNS server under NT, you can configure the server to only respond to requests for zone transfers from authorized ip addresses.
Click Start | Programs | Administrative Tools | DNS Manager
Open the DNS server on which the zone is hosted.
Right-click on the zone and select Properties | Notify
Add the IP addresses for any systems that will be allowed to do zone transfers
Enable the Only Allow Access From Secondaries Included On Notify List check box.
Click OK.
The DNS server will now reject zone transfer requests from any sources other than those listed in the Notify list. You can add IP addresses to this list even if they're not for MS DNS servers without causing errors on the DNS server.
