Information Technology Reference
In-Depth Information
a read only domain controller). When you're storing the zone in Active Directory, the only valid
zone type options are primary and stub zones.
If you're creating a standard zone, the zone database is stored in a text file called
zone-name
.
dns; the
zone-name
is generally the domain name. This file is located in the %systemroot%\
system32\dns folder on the DNS server. A standard zone can be a primary, secondary, or stub zone.
An Active Directory-integrated zone has a number of advantages over a standard zone:
•
Automatic zone replication
—When DNS is installed on a new domain controller, zones are
replicated to the new DNS server automatically. Standard zones require configuring zone
transfers manually.
•
Multimaster replication and update
—Multiple domain controllers can be configured as
primary DNS servers, and changes can be made on any of these domain controllers.
Multimaster replication provides fault tolerance because no single server is relied on to
make DNS changes. Changes to DNS are replicated to all other DCs in the domain config-
ured as DNS servers. In contrast, a standard zone has a single primary DNS server (and
possibly one or more secondary servers), which is the only server where changes to the
database can be made. If the primary server fails, DNS changes can't be made until a pri-
mary server is brought online.
•
Secure updates
—DNS can be configured to allow dynamic DNS updates only from DNS
clients that have authenticated to Active Directory. This option prevents rogue clients from
poisoning the DNS database.
•
Efficient replication
—Replication of Active Directory-integrated zones can target only the
DNS record properties that have changed. This option conserves bandwidth, compared
with standard zones, which transfer the entire zone database.
9
Zone Replication Scope
Active Directory-integrated zones are stored in an Active
Directory partition, but there are a few options for which partition the zone is stored in and
to which DCs zone information is replicated. After selecting the zone type and specifying that
the zone be stored in Active Directory, you're asked to select the zone replication scope (see
Figure 9-7) with one of these options:
•
To all DNS servers in this forest
—Stores the zone in the forest-wide DNS application
directory partition called ForestDNSZones. This partition is created when DNS is installed
on the first DC in the forest.
Figure 9-7
Selecting a zone replication scope
Search WWH ::
Custom Search