Guy Recommends
A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network.
Download FREE
trial
Types of DNS Zones in Windows Server 2003
When you plan a DNS installation, be sure that you choose the most suitable type of zone. For instance, if your goal is to install a Windows Server 2003 domain, then investigate Active Directory Integrated
Zones.
Also decide how many zones to configure, it is easy to focus on the forward lookup zone, but overlook the reverse lookup zone.
Topics for DNS Zones in Windows 2003
One of the coincidence with DNS is how many of the components come in pairs. I find this provides a natural fork for decision making (and troubleshooting).
- Active Directory-Integrated v
Primary Zone
This pairing could be called Windows 200x v NT 4.0.
- Scopes of DNS Zones
- Secure and Non Secure Dynamic Updates
- Forward and Reverse Lookup Zones
- DNS Level - Main Zone or Subzone
- Summary of DNS Types
If the situation is that you are about to install Active Directory and have
complete charge of DNS (no Unix DNS in the background) then aim for Active Directory-Integrated Zones. The big advantage is efficient DNS record replication. Efficient in the sense of less network
traffic, fewer errors and easier configuration with low maintenance. In a sense, Active Directory Integrated Zones are a special case of Primary Zones, where the all servers are required to be Domain Controllers.
Primary ZonesThis is the NT 4.0 DNS model, with Windows 200x improved incremental replication (IXFR). Naturally there are also Secondary Zones, which hold read only copies of the
Primary Zones. There are two uses for this Primary / Secondary model :
1) The domain's main records are held on a Unix server
2) If your DNS servers are not Domain Controllers. (There are
many ways of analyzing DNS zones, however, the advantage of looking at DNS from different angles is that you get a sense of perspective. Only by viewing the multiple sides of DNS will you be able to you judge how
to configure your servers. Be sure to research thoroughly, plan carefully and test to
destruction before you implement a production DNS network.)
 DNS is a huge topic, as an MCT trainer, I can thoroughly recommend TrainSignal
because they provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example DNS or go for
a combination of modules.
Learn more about DNS 2003 here
Primary Zone - Holds Read and Write copies of all resource records (A, NS, _SRV). See more on resource records
Secondary Zone - Read only copies of records, gets updates from the primary server by zone transfer.
Stub Zone - New in Windows 2003, a tiny zone with just pointers to another domain. For
example NS and SOA and A record of the main server in that Stub domain. Think of Stub Domains like secondary zones, but with only 3 records. See more on Stub Zones here.
(Store the zone in Active Directory is available for Primary Zone)
Starting with Windows 2000, DNS became Dynamic. This is a huge advantage over the old model where you had to update records manually. Secure Updates means that only machines with computer records in Active Directory can add or update their Host (A) records with DNS servers. With secure
updates you avoid lots of rogue records cluttering your DNS records. This can happen if you get a visiting laptop which picks up
an IP address from DHCP but does not release it because they do not disconnect gracefully from the network. The default and recommended setting for Active Directory-Integrated is Secure only.
When you configure a DNS remember that there are 2 directions of DNS Zone. In particular, remember the reverse lookup otherwise utilities such as NSLookup or DNSLint fail.
Forward Lookup - You know the hostname, DNS tells you the IP address. Forward Lookup zones supply the main DNS mechanism for finding Hosts (A), Name Servers (NS) or Service (_gc).
Reverse Lookup - You know the IP, DNS gives you the hostname. I think of Reverse Lookup as a hackers tool, they can PING a server's IP address and then they use a Reverse Lookup query to discover the hostname. In
truth, Reverse Lookup is required by NSLookup, DNSLint and other utilities.
Let us end this section with a reminder that DNS is hierarchical, moreover you should check which level or levels you need to create zones.
Take as an example a company that has bought the domain name guybay.com from InterNIC. The first point to note is that they bought a .com rather than .net or .org. When it comes to configuring DNS servers, their
DNS zone
will be - guybay.com. Later they could have subzones such as, customers.guybay.com. The company server where guybay.com is installed will be a name server, and it will have authority to answer
queries for host records in the guybay.com zone.
Remember that DNS is hierarchical. Here is an example of the levels.
- ' . ' ................ Root Zone
- com ............... Top Level Domain (TLD)
- guybay.com .... Guy's main zone
- customers.guybay.com auctions.guybay.com (2 subzones)
There are many ways of implementing DNS zones, but through looking at DNS from different angles you get a sense of perspective. Only by investigating forward, reverse and Active Directory zones will you be able to you
judge how to configure your servers. Be sure to research thoroughly, plan carefully and test to destruction before you implement a production DNS network.
Related DNS Server topics
|
