DNS Zones

This video will look at the DNS zones that are available in DNS. Once you complete watching this video you will understand zones, what zones files are available, and how you can use the different zones.

Show lesson content
What is a DNS zone?
A zone file contains the data for a portion of the DNS Name space. For this reason, zones allow different administrators to have control over that part of the DNS name space. Depending on what type of zone file that you create, this will determine what types of DNS records can be stored in that zone and if the data in that zone can be modified.

In this video
This video will look at the following zone types: Primary zone, Secondary zone, Active Directory integrated zone, Stub zone and reverse look up zone. Depending on what the needs of the administrator are, this will determine which zone file is used. Different zone files are used in different scenarios and the administrator needs to decide the correct zone file to use for that scenario.

Primary zone
For any domain name, there needs to be at least one primary zone. If the primary zone is stored in a text file, rather than a database like Active Directory, then this means that the server holding the primary zone text file is the only location where changes can be made to the zone data. If another zone file is asked to make changes to the zone, these changes will be forwarded to a DNS server that is holding a primary zone. This does mean that if the DNS server holding the primary server is not available, changes cannot be made.

Active Directory Integrated Zone
An Active Directory Integrated Zone is essentially a primary zone that has been moved from a text file stored on the computer into the Active Directory database. The advantage of this is that any Domain Controller that has the DNS role installed on it can access the Active Directory Integrated zone. Changes can also be made on any Domain Controller running DNS unlike text based primary zones which are limited to one server.

Having the data stored in Active Directory means that the zone will use the same replication system that is used to replicate objects in Active Directory which is quite efficient. Active Directory Integrated Zones also allow the clients to use secure updates. Secure updates use the secure channel created when a computer is added to the domain and thus the computer must be a domain member. If you use a primary zone stored in a text file, and if you enable dynamic updates, you are also allowing none secure updates as well.

Secondary Zones
A secondary zone file is a copy of another zone that is read only. The copy can be any other zone stored on any other DNS server. For example, the zone file could be stored on Windows or a UNIX based system and copied from a primary or secondary zone. If you copy the data from a secondary zone, this would essentially be a copy of a copy so you may have delays waiting for the zone data to be copied from one server to the next server. Since the zone file is read only, changes cannot be made so these changes are passed onto a server holding a primary zone.

Stub Zone
A Stub Zone contains only the NS (Name Server) records from a zone. This NS records contain DNS servers that are considered to be authoritative for that zone. In other words, the DNS Servers are considered to be able to give the best answers for that zone. Since stub zones update the NS records, if there are changes to the NS records, these changes will updated automatically. If you use forwarding or conditional forwarding, and if changes are made, the DNS server would not be aware of these changes.

Stub Zone Example
If you have two networks that forward DNS requests to an ISP DNS server in order to be resolved, a problem would occur when either network wants to access the other network. Requests for the other network will be forwarded to the ISP DNS server which will not be able to resolve them. To solve this, a stub zone can be created which contains the NS records for the DNS servers that can resolve the requests. When the DNS server receives the request, it can look in the stub zone to find a DNS server that can resolve the request and send the request to that DNS server. The difference between conditional forwarding and stub zones is that the stub zone will update itself when changes are made to the NS records in the other zone. A conditional forwarder must be updated manually if the DNS servers were to change.

Reverse Lookup Zone
This zone contains pointer records which map an IP address to a host name. This is the opposite of a forward look up zone. This means that if you have an IP Address and want to find out if there is a matching hostname for that IP Address, a reverse lookup zone can be used to find out that information. Reverse look up zones are mostly used for troubleshooting and on most networks do not require reverse look up zones. For example, Active Directory will operate fine without a single reverse lookup zone.

“MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition” pg 455-456
“Reverse lookup” http://technet.microsoft.com/en-us/library/cc784493(v=ws.10).aspx
“Reverse DNS lookup” http://en.wikipedia.org/wiki/Reverse_DNS_lookup


Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > DNS

Active Directory is a system which offers centralized control of your computers.


Active Directory Infrastructure


Group Policy