Information Technology Reference
In-Depth Information
Lack of Fault Tolerance
Think of a primary zone as a contact list on your smartphone.
All of the contacts in the list are the records in your database. The problem is that, if you
lose your phone or the phone breaks, you lose your contact list. Until your phone gets fixed
or you swap out your phone card, the contacts are unavailable.
It works the same way with a primary zone. If the server goes down or you lose the hard
drive, DNS records on that machine are unreachable. An administrator can install a
secondary zone (explained later in the next section), and that provides temporary fault
tolerance. Unfortunately, if the primary zone is down for an extended period of time, the
secondary server's information will no longer be valid.
Additional Network Traffic
Let's imagine that you are looking for a contact number
for John Smith. John Smith is not listed in your smartphone directory, but he is listed in
your partner's smartphone. You have to contact your partner to get the listing. You cannot
directly access your partner's phone's contacts.
When a resolver sends a request to DNS to get the TCP/IP address for Jsmith (in this case
Jsmith is a computer name) and the DNS server does not have an answer, it does not have
the ability to check the other server's database directly to get an answer. Thus it forwards
the request to another DNS. When DNS servers are replicating zone databases with other
DNS servers, this causes additional network traffic.
No Security
Staying with the smartphone example, let's say that you call your partner
looking for John Smith's phone number. When your partner gives you the phone number
over your wireless phone, someone with a scanner can pick up your conversation.
Unfortunately, wireless telephone calls are not very secure.
Now a resolver asks a primary zone for the Jsmith TCP/IP address. If someone on the
network has a packet sniffer, they can steal the information in the DNS packets being sent
over the network. The packets are not secure unless you implement some form of secondary
security. Also, the DNS server has the ability to be dynamic. A primary zone accepts all
updates from DNS servers. You cannot set it to accept secure updates only.
Understanding Secondary Zones
In Windows Server 2012 R2 DNS, you have the ability to use secondary DNS zones.
Secondary zones are noneditable copies of the DNS database. You use them for
load
balancing
(also referred to as
load sharing
), which is a way of managing network overloads
on a single server. A secondary zone gets its database from a primary zone.
A
secondary zone
contains a database with all of the same information as the primary
zone, and it can be used to resolve DNS requests. Secondary zones have the following
advantages:
■
A secondary zone provides fault tolerance, so if the primary zone server becomes
unavailable, name resolution can still occur using the secondary zone server.
■
Secondary DNS servers can also increase network performance by offloading some of
the traffic that would otherwise go to the primary server.
Search WWH ::
Custom Search