How should zone transfers be configured for a new primary forward lookup zone?

Allowing zone transfers to any server is an effective configuration under certain circumstances, primarily for environments where redundancy and availability are key priorities. By permitting zone transfers to any server, you ensure that secondary DNS servers can easily replicate the primary zone data, which is critical for maintaining resolution continuity in cases of primary server failure or when load balancing is desired.

This approach is particularly useful for organizations with multiple locations or distributed services that require consistent DNS records across various servers. However, this method does require robust security measures to prevent unauthorized access or data leakage, as it makes your DNS zone data accessible to any server capable of connecting to it.

While there are benefits to restricting zone transfers to specific servers, allowing transfers generally lends itself to improved robustness and fault tolerance within a network. It's important to assess the specific needs and security policies of the organization when determining the most appropriate configuration.