In this guide, I’ll provide a quick overview of the different DNS Zone types for Windows Server and Active Directory.
This will help you better understand and manage DNS and Active Directory.
DNS Zones store DNS resource record information. Some common DNS records include:
- A Record: Name to IP address mapping
- CNAME: Maps an alias to the canonical name
- MX Record: Used to identify mail servers
- NS Record: Identifies the name servers for a particular zone
- SOA: Start of Authority records
- TXT: Allows any text to be inserted into a DNS record
There are many more record types, and without these records, everything would be accessed by an IP address.
DNS Zones provide us a way to maintain these records on one or more servers.
Let’s take a look at the different zone types.
Active Directory Integrated Zones
Active Directory Integrated Zones stores its zone data in Active Directory. Integrated zones can be replicated to all domain controllers in the domain and forest. Active Directory integrated zones use multi-master replication, this means any domain controller running the DNS server service can write updates to the zone for which they are authoritative.
Advantages of Active Directory integrated Zones
- Replication is faster, more secure and efficient.
- Better redundancy due to zone data being copied to all Domain Controllers
- Improved Security if secure dynamic update is enabled
- No need to schedule or manage zone transfers
RECOMMENDED: SOLARWINDS IP ADDRESS TRACKER (FREE TOOL)
Scan, detect and easily manage IP addresses with the Free IP address tracker by SolarWinds. By using this FREE tool you can save time by eliminating the need to manually track IP address information.
In addition, it helps to detect IP conflicts on your subnet. Download your FREE copy of IP Address Tracker.
This is the main zone and has a read/write copy of the zone data. All changes to the zone are made in the primary zone and are replicated to the secondary zones.
The zone data is stored in a text file located in this folder c:\windows\system32\DNS on the Windows server running DNS.
A secondary Zone is a read-only copy of the primary zone. This zone cannot process updates and can only retrieve updates from the primary zone. This zone can answer DNS name resolution queries from clients nodes, this helps reduce the workload on the primary zone. Secondary zones cannot be active directory integrated.
Stub zones are like a secondary zone but only stores partial zone data. These zones are useful to help reduce zone transfers by passing the requests to authoritative servers. These zones only contain the SOA, NS and A records.
Forward Lookup Zone
A forward lookup zone provides hostname to IP address resolution.
When you access a system or website by its hostname such as mcirosoft.com DNS checks the forward lookup zone for the IP information related to the hostname.
Reverse Lookup Zone
Reverse lookup zones resolve IP addresses into hostnames.
For example, when you look up the IP 220.127.116.11 it resolves to google-public-dns-a.google.com. A reverse DNS record had to be created for the IP to resolve to the hostname.
Reverse lookup zones are not as common as forwarding lookups and in most cases are not needed.
Zone transfers take place when they are not integrated with Active Directory. A Zone transfer is where the master DNS servers transfer zone data from the master to secondary.
Zone transfers can occur during any of the following
- When the refresh interval expires
- When a master server notifies a change has occurred
- When the server has rebooted or DNS service has restarted
- A manual transfer has occured from the DNS console
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.