DNS Zone Configuration


DNS Zone Configuration

Be aware of the following when using Active Directory-integrated zones:

  • Only one server can hold the primary zone file. To place zone data on multiple servers, configure secondary servers.
  • Windows stores standard zone data in the %windir%\System32\Dns directory. The file is a text file with .dns added to the zone name.
  • Use the DNS snap-in or the dnscmd command to manage zones and records.

You can also edit the zone database file directly with a text editor. However, after making changes, you must reload the zone data. Using the snap-in or dnscmd prevents errors in the file and automatically reloads the database after each change.

   o You can only manage Active Directory-integrated zones with the DNS console or dnscmd. There is no text file that you can manually edit.

    Primary and Active Directory-integrated zones support dynamic updates. Use an Active Directory- integrated zone to use secure dynamic updates.

    Zone information is replicated automatically with Active Directory replication. Zone data is replicated based on the replication scope:

Replication

Scope

Description

All domain controllers in this domain

DNS zone data in Active Directory is replicated to all domain controllers, even those not running DNS. Use this option if you need to support Active Directory- integrated zones running on Windows 2000 domain controllers.

All DNS servers in this domain

DNS zone data in Active Directory is replicated to all DNS servers that are also domain controllers within the current domain. This is the default DNS zone replication setting for Server 2003 and 2008. It replicates zone data to the DomainDNSZones partition.

All DNS servers in this forest

DNS zone data in Active Directory is replicated to all DNS servers that are also domain controllers within the forest. This provides the broadest replication scope because it replicates zone data to the ForestDNSZones partition. Use this

option when you have very important records that need to be available throughout the forest.

Application partition

Using an application partition, you select the specific domain controllers to which Active Directory-integrated zone data is replicated. To use an application partition:

  1. Create the application partition using ntdsutil or dnscmd.
  2. Add domain controllers to the application partition scope.
  3. Configure the zone to use the configured application partition.

Use an application partition to customize which domain controllers receive the DNS data. For example, you can use this option to prevent DNS zone data from being replicated to a branch office domain controller that uses a slow WAN-link connection to the main office.

To change the replication scope for a zone using an application partition, use the dnscmd /zonechangedirectorypartition command with the following

Switches:

o /forest sets the replication scope to all of the DNS servers in the forest.

o /domain switch would change the replication scope to all of the DNS servers in the domain which is already the default setting.

Note: The broader the replication scope, the greater the network traffic created by replication.

  • You can configure a secondary server to replicate from an Active Directory-integrated zone. You cannot use a primary zone and an Active Directory-integrated zone together.
  • Reverse lookup zones hold PTR (pointer) records. The PTR record maps the IP address to an A record.
  • A reverse lookup zone can be a primary zone, a secondary zone, or an Active Directory integrated zone.
  • When you create the reverse lookup zone, you specify whether the zone is an IPv4 or IPv6 zone.

The zone name uses the network portion of the IP address as follows:

IP

version

Reverse Zone Name Format

IPv4

For an IPv4 zone:

o Reverse the order of the decimal octets in the network ID.

o Append in-addr.arpa to the zone name.

For example, the reverse lookup zone for network 216.222.14.0/24 would be:

14.222.216.in-addr.arpa

IPv6

For an IPv6 zone:

Reverse each hexadecimal number in the prefix, separating each digit with a period.

   o Append ip6.arpa to the zone name.

For example, the reverse lookup zone for network 1234:5678:ABCD:FF21::/64 becomes: 1.2.f.f.d.c.b.a.8.7.6.5.4.3.2.1.ip6.arpa

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s