*****************************ILLEGAL FOR NON-TRAINER USE****************************** You need to determine the zone types to use in your DNS plan and choose the appropriate storage locations for the zones. The DNS zone types you choose will influence the placement of DNS servers in a name resolution design because each zone type solves a specific requirement within a DNS plan. Standard zone files, also known as traditional DNS zone files, are zone files that are stored as text files on the server’s hard drive. To use standard zone files, you create a zone on the DNS server that you plan to use to perform DNS database administration. This server becomes the primary zone server where all updates occur, such as resource record additions or deletions. When you create a DNS server to function as a secondary zone server, you specify the name or the IP address of the primary zone server that will provide a copy of the zone file. You can use secondary zone servers to provide load balancing and a certain degree of fault tolerance.
Standard DNS zones store the zone information in a file on a computer running Windows Server 2003 and DNS. Standard DNS zones:
Follow a single master model for storing and replicating zone information. Primary zones are the only zone types that support a read/write copy of the zone information. You are allowed only one primary zone, but you can replicate read-only copies of the zone information to any number of secondary zones and stub zones.
Allow zone transfers between primary and secondary or stub zones to occur incrementally or by transferring the entire zone contents. The DNS Server service in Windows Server 2003 supports both incremental and complete zone transfers.
Function identically to Berkeley Internet Name Domain (BIND)–based DNS servers. Traditional DNS zones have the same benefits and constraints as BIND–based DNS zones. You can use traditional DNS zones if high interoperability with BIND–based DNS servers is a design requirement.
Introduction
What are standard zone files?
Active Directory–integrated zones store DNS zone information in Active Directory. Active Directory–integrated zones are:
Multimaster, read/write copies of the zone information.
The multimaster characteristic enables you to make updates to the original Active Directory–integrated zone or make replicated copies of the zone. It ensures that you can always perform updates to the DNS zone information. As a best practice, select Active Directory–integrated zones if your DNS design includes dynamic updates to DNS. Traditional DNS zones are not multimaster, so the failure of a DNS server with a primary zone prevents dynamic updates.
Replicated by Active Directory.
Because Active Directory–integrated zones store the zone information in Active Directory, zone information is replicated along with the other Active Directory data.
Required for secured, dynamically updated DNS zones.
Because Active Directory–integrated zones store the zone information, you establish permissions for the computer, group, or user that can update the DNS zone information.
Replicated according to an administrative selectable scope.
You can replicate DNS data to a DNS server within a forest, domain, or specific domain controllers in an Active Directory partition. You can also replicate Active Directory–integrated zone information to traditional secondary zones outside the domain.
Treated as a traditional primary zone by another BIND–based DNS server. Active Directory–integrated zones appear as traditional primary zones to a BIND–based DNS server. You can replicate DNS data to other Active Directory–integrated zones or to traditional secondary zones.
What are Active Directory–integrated zones?
There are three different zone types to choose from in a DNS plan. Primary
Primary zones are read/write copies of zone information. A traditional primary zone is periodically transferred to servers hosting secondary zones to ensure that the secondary zone server’s copy of the file is current. With Windows Server 2003 DNS servers, the primary zone server initially transfers a full copy of the zone file and then subsequently sends only changes to the secondary zone server. Active Directory–integrated primary zone information is replicated by Active Directory to other servers hosting the Active Directory–integrated zone.
Secondary
Secondary zone servers provide only limited fault tolerance because they continue to respond to DNS queries and cannot perform updates because they only have a read-only copy of the zone file. Windows 2000 DNS supports incremental zone transfers (IXFR), which the primary zone server sends only changes that have occurred to the zone file since the last zone transfer. Secondary zone types cannot be stored in Active Directory. Stub
A stub zone is also a read-only copy of a zone. However, a stub zone just contains a subset of the records associated with that zone. It contains information about the name servers that are authoritative for that domain, allowing a client (or other DNS server) to go directly to an authoritative server without having to visit intermediate servers. This can increase the efficiency of the name resolution process across zones across discontiguous namespaces. Information in a stub zone may be transferred if a traditional stub zone is used or replicated by Active Directory if the stub zone is Active Directory–integrated.
Stub zones enable a DNS server to perform recursion by using the stub zone’s list of name servers without needing to query the Internet or internal root server for the DNS namespace.
Using stub zones throughout your DNS infrastructure enables you to distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones and should not be considered when addressing redundancy and load sharing.
A DNS server configured with a stub zone is not authoritative for that zone. The stub zone identifies DNS servers that are authoritative for the zone.
DNS zone types
Using stub zones