When you plan a DNS installation, be sure that you choose the most suitable type of zone. For instance, if your goal is to install a Windows Server 2003 domain, then investigate Active Directory Integrated
Zones.
Also decide how many zones to configure, it is easy to focus on the forward lookup zone, but overlook the reverse lookup zone.
Topics for DNS Zones in Windows 2003
One of the coincidence with DNS is how many of the components come in pairs. I find this provides a natural fork for decision making (and troubleshooting).
Active Directory-Integrated v
Primary Zone This pairing could be called Windows 200x v NT 4.0.
If the situation is that you are about to install Active Directory and have
complete charge of DNS (no Unix DNS in the background) then aim for Active Directory-Integrated Zones. The big advantage is efficient DNS record replication. Efficient in the sense of less network
traffic, fewer errors and easier configuration with low maintenance.
In a sense, Active Directory Integrated Zones are a special case of Primary Zones, where the all servers are required to be Domain Controllers.
Primary Zones
This is the NT 4.0 DNS model, with Windows 200x improved incremental replication (IXFR). Naturally there are also Secondary Zones, which hold read only copies of the
Primary Zones. There are two uses for this Primary / Secondary model : 1) The domain's main records are held on a Unix server 2) If your DNS servers are not Domain Controllers.
(There are
many ways of analyzing DNS zones, however, the advantage of looking at DNS from different angles is that you get a sense of perspective. Only by viewing the multiple sides of DNS will you be able to you judge how
to configure your servers. Be sure to research thoroughly, plan carefully and test to
destruction before you implement a production DNS network.)
Secondary Zone - Read only copies of records, gets updates from the primary server by zone transfer.
Stub Zone - New in Windows 2003, a tiny zone with just pointers to another domain. For
example NS and SOA and A record of the main server in that Stub domain. Think of Stub Domains like secondary zones, but with only 3 records. See more on Stub Zones here.
(Store the zone in Active Directory is available for Primary Zone)
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of SolarWinds' offer.
Starting with Windows 2000, DNS became Dynamic. This is a huge advantage over the old model where you had to update records manually. Secure Updates means that only machines with computer records in Active Directory can add or update their Host (A) records with DNS servers. With secure
updates you avoid lots of rogue records cluttering your DNS records. This can happen if you get a visiting laptop which picks up
an IP address from DHCP but does not release it because they do not disconnect gracefully from the network.
The default and recommended setting for Active Directory-Integrated is Secure only.
When you configure a DNS remember that there are 2 directions of DNS Zone. In particular, remember the reverse lookup otherwise utilities such as NSLookup or DNSLint fail.
Forward Lookup - You know the hostname, DNS tells you the IP address. Forward Lookup zones supply the main DNS mechanism for finding Hosts (A), Name Servers (NS) or Service (_gc).
Reverse Lookup - You know the IP, DNS gives you the hostname. I think of Reverse Lookup as a hackers tool, they can PING a server's IP address and then they use a Reverse Lookup query to discover the hostname. In
truth, Reverse Lookup is required by NSLookup, DNSLint and other utilities.
Let us end this section with a reminder that DNS is hierarchical, moreover you should check which level or levels you need to create zones.
Take as an example a company that has bought the domain name guybay.com from InterNIC. The first point to note is that they bought a .com rather than .net or .org. When it comes to configuring DNS servers, their
DNS zone
will be - guybay.com. Later they could have subzones such as, customers.guybay.com. The company server where guybay.com is installed will be a name server, and it will have authority to answer
queries for host records in the guybay.com zone.
Remember that DNS is hierarchical. Here is an example of the levels.
There are many ways of implementing DNS zones, but through looking at DNS from different angles you get a sense of perspective. Only by investigating forward, reverse and Active Directory zones will you be able to you
judge how to configure your servers. Be sure to research thoroughly, plan carefully and test to destruction before you implement a production DNS network.
If you like this page then please share it with your friends
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
