Back up a Zone File
Updated: October 7, 2009
Applies To: Windows Server 2008 R2
Tip
This topic applies to DNSSEC in Windows Server 2008 R2. DNSSEC support is greatly enhanced in Windows Server 2012. For more information, see DNSSEC in Windows Server 2012.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Backing up a zone file
Use the following procedures to export a zone file and transfer it to a secure backup computer in preparation for signing the zone. This must only be done on the server that hosts the primary copy of the zone. If the zone is Active Directory integrated, you must first export the zone to a file. For file-backed zones, update the server data file before copying.
To back up a file-backed zone
Click Start, click Run, type dnsmgmt.msc and then press ENTER.
In the DNS Manager console tree, right-click the name of the zone and then click Update Server Data File.
Copy the zone file located in %windir%\System32\DNS from the secure signing computer to the secure backup computer.
To back up an Active Directory integrated zone
Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd /ZoneExport <zone name> <zone file name>Copy the exported zone file from the %windir%\System32\DNS directory on the secure signing computer to the secure backup computer.
| Value | Description |
|---|---|
dnscmd |
The command-line tool for managing DNS servers. |
/ZoneExport |
Required. Used with <zone name> and <zone file name> to specify the zone and file name to use when storing zone data in a file. |
<zone name> |
Required. The FQDN of the zone. |
<zone file name> |
Required. The name of the file used to store zone data. |
See Also
Concepts
Checklist: Preparing to Deploy DNSSEC
Appendix C: DNSSEC PowerShell Scripts