Active Directory–Integrated Zones
A
Windows Server 2008 or Windows 2012 DNS server can store zone
information in two distinct formats: Active Directory–integrated or
standard text file. An Active Directory–integrated zone is an available
option when the DNS server is installed on an Active Directory domain
controller. When a DNS zone is installed as an Active Directory zone,
the DNS information is automatically updated on other server AD domain
controllers with DNS by using Active Directory’s multimaster update
techniques. Zone information stored in the Active Directory allows DNS
zone transfers to be part of the Active Directory replication process
secured by Kerberos authentication.
Primary Zones
In
traditional (non–Active Directory–integrated) DNS, a single server
serves as the master DNS server for a zone, and all changes made to
that particular zone are done on that particular server. A single DNS
server can host multiple zones, and can be primary for one and
secondary for another. If a zone is primary, however, all requested
changes for that particular zone must be done on the server that holds
the master copy of the zone. As illustrated in Figure 1, companyabc.com is set up on DC1 as an Active Directory–integrated primary zone. However, DC1 also holds a secondary zone copy of the amaris.org zone.
Figure 1. DNS primary and secondary zones.
Creating
a new primary zone manually is a fairly straightforward process. The
following procedure outlines the creation of a standard zone for the companyabc.com DNS namespace:
1. Open the DNS Manager.
2. Navigate to DNS, <Servername>, Forward Lookup Zones.
3. Right-click Forward Lookup Zones, and choose New Zone.
4. Click Next on the Welcome screen.
5.
Select Primary Zone from the list of zone types available. Also,
determine if the zone will be stored in Active Directory. If not,
uncheck the Store the Zone in Active Directory check box. Click Next to
continue.
6. If the
zone is Active Directory–integrated, then the replication scope needs
to be selected. The replication can be to all DNS servers in the
forest, all DNS servers in the domain, or just to the domain
controllers in the domain for Windows 2000 Server compatibility.
7. Type the name of the primary zone to be created, and click Next.
8. If creating a primary zone, enter the zone filename or accept the default.
9.
Determine whether dynamic updates will be allowed in this zone. By
default, Allow Only Secure Dynamic Updates is selected if the zone is
Active Directory–integrated, or Do Not Allow Dynamic Updates if a
primary zone. Click Next to continue.
10. Click Finish on the Summary page to create the zone.
Secondary Zones
A
secondary zone is established to provide redundancy and load balancing
for the primary zone. Secondary zones are not necessary if the zone has
been set up as the Active Directory–integrated zone because the zone
will be replicated to all domain controllers in the domain. With
secondary zones, each copy of the DNS zone database is read-only;
however, because all record keeping is done on the primary zone copy. A
single DNS server can contain several zones that are primary and
several that are secondary. The zone creation process is similar to the
one outlined in the preceding section on primary zones, but with the difference being that the zone is transferred from an existing primary server.
Stub Zones (Delegated Zones)
A
stub zone is a zone that contains no information about the members in a
domain but simply serves to forward queries to a list of designated
name servers for different domains. A stub zone contains only Name
server (NS), Start of Authority (SOA), and glue records. Glue records
are A records that work in conjunction with a particular NS record to
resolve the IP address of a particular name server. A server that hosts
a stub zone for a namespace is not authoritative for that zone.
A
stub zone effectively serves as a placeholder for a zone that is
authoritative on another server. It allows a server to forward queries
that are made to a specific zone to the list of name servers in that
zone.
