Information Technology Reference
In-Depth Information
Advantages of Active Directory Integrated DNS
The advantages of using an Active Directory Integrated DNS zone well outweigh the
disadvantage just discussed. The following are some of the major advantages to an Active
Directory Integrated zone:
Full Fault Tolerance
Think of an Active Directory Integrated zone as a database on your
server that stores contact information for all your clients. If you need to retrieve John
Smith's phone number, as long as it was entered, you can look it up on the software.
If John Smith's phone number was stored only on your computer and your computer
stopped working, no one could access John Smith's phone number. But since John Smith's
phone number is stored in a database to which everyone has access, if your computer stops
working, other users can still retrieve John Smith's phone number.
An Active Directory Integrated zone works the same way. Since the DNS database is stored
in Active Directory, all Active Directory DNS servers can have access to the same data. If
one server goes down or you lose a hard drive, all other Active Directory DNS servers can
still retrieve DNS records.
No Additional Network Traffic
As previously discussed, an Active Directory Integrated
zone is stored in Active Directory. Since all records are now stored in Active Directory,
when a resolver needs a TCP/IP address for Jsmith, any Active Directory DNS server can
access Jsmith's address and respond to the resolver.
When you choose an Active Directory Integrated zone, DNS zone data can be replicated
automatically to other DNS servers during the normal Active Directory replication process.
DNS Security
An Active Directory Integrated zone has a few security advantages over a
primary zone:
■
An Active Directory Integrated zone can use secure dynamic updates.
■
As explained earlier, the Dynamic DNS standard allows secure-only updates or
dynamic updates, not both.
■
If you choose secure updates, then only machines with accounts in Active Direc-
tory can register with DNS. Before DNS registers any account in its database, it
checks Active Directory to make sure that it is an authorized domain computer.
■
An Active Directory Integrated zone stores and replicates its database through
Active Directory replication. Because of this, the data gets encrypted as it is sent
from one DNS server to another.
Background Zone Loading
Background zone loading (discussed in more detail later in this
chapter) allows an Active Directory Integrated DNS zone to load in the background. As a
result, a DNS server can service client requests while the zone is still loading into memory.
Understanding Stub Zones
Stub zones
work a lot like secondary zones—the database is a noneditable copy of a
primary zone. The difference is that the stub zone's database contains only the information
Search WWH ::
Custom Search