Establishing and Implementing DNS Zones

A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS server or group of servers. The zone is the primary delegation mechanism in DNS and is used to establish boundaries over which a particular server can resolve requests . Any server that hosts a particular zone is said to be " authoritative " for that zone, with the exception of stub zones, which are defined later in the chapter in the section on "stub zones." Figure 13.11 illustrates how different portions of the DNS namespace can be divided into zones, each of which can be hosted on a DNS server or group of servers.

It is important to understand that any section or subsection of DNS can exist within a single zone. For example, an organization might decide to place an entire namespace of a domain, subdomains, and sub-subdomains into a single zone. Or specific sections of that namespace can be divided up into separate zones. In fact, the entire Internet namespace can be envisioned as a single namespace with . as the root, which is divided into a multitude of different zones.

Forward Lookup Zones

A forward lookup zone is created to do, as the name suggests, forward lookups to the DNS database. In other words, this type of zone resolves names to IP addresses and resource information. For example, if a user wants to reach Server1 and queries for its IP address through a forward lookup zone, DNS returns 10.0.0.11, the IP address for that resource.

Reverse Lookup Zones

A reverse lookup zone performs the exact opposite operation as a forward lookup zone. IP addresses are matched up with a common name in a reverse lookup zone. This is similar to knowing someone's phone number but not knowing the name associated with it. Reverse lookup zones must be manually created, and do not always exist in every implementation. Reverse lookup zones are primarily populated with PTR records, which serve to point the reverse lookup query to the appropriate name.

Primary Zones

In traditional (non-Active Directoryintegrated) DNS, a single server serves as the master DNS server for a zone, and all changes made to that particular zone are done on that particular server. A single DNS server can host multiple zones, and can be primary for one and secondary for another. If a zone is primary, however, all requested changes for that particular zone must be done on the server that holds the master copy of the zone.

Creating a new primary zone manually is a fairly straightforward process. The following procedure outlines the creation of a standard zone for the companyabc.com DNS namespace:

1. Open the DNS MMC snap-in by choosing Start, Administrative Tools, DNS.

2. Navigate to DNS\< Servername >\Forward Lookup Zones.

3. Right-click Forward Lookup Zones and choose New Zone.

4. Click Next on the Welcome screen.

5. Select Primary Zone from the list of zone types available and click Next to continue.

6. Type in the name of the primary zone to be created and click Next.

7. Because you're creating a new zone file, as opposed to importing an existing zone file, select Create a New File with This File Name and click Next.

8. Determine whether dynamic updates will be allowed in this zone. If not, select Do Not Allow Dynamic Updates and click Next to continue.

9. Click Finish on the Summary page to create the zone.

Secondary Zones

A secondary zone is established to provide redundancy and load balancing for the primary zone. Each copy of the DNS database is read-only, however, because all recordkeeping is done on the primary zone copy. A single DNS server can contain several zones that are primary and several that are secondary. The zone creation process is similar to the one outlined in the preceding section on primary zones, but with the difference being that the zone is transferred from an existing primary server.

Stub Zones

The concept of stub zones is new in Microsoft DNS. A stub zone is essentially a zone that contains no information about the members in a domain but simply serves to forward queries to a list of designated name servers for different domains. A stub zone subsequently contains only NS, SOA, and glue records. Glue records are essentially A records that work in conjunction with a particular NS record to resolve the IP address of a particular name server. A server that hosts a stub zone for a namespace is not authoritative for that zone.

As illustrated in Figure 13.12, the stub zone effectively serves as a placeholder for a zone that is authoritative on another server. It allows a server to forward queries that are made to a specific zone to the list of name servers in that zone.

You can easily create a stub zone in Windows Server 2003 after it is determined that a stub zone is required. The following procedure details the steps involved with the creation of a stub zone:

1. Open the DNS MMC snap-in by choosing Start, Administrative Tools, DNS.

2. Navigate to DNS\< Servername >\Forward Lookup Zones.

3. Right-click Forward Lookup Zones and choose New Zone.

4. Click Next on the Welcome screen.

5. Select Stub Zone from the list of zone types and click Next to continue.

6. Type in the name of the zone that will be created and click Next to continue.

7. Select Create a New File with This File Name and accept the defaults, unless you are migrating from an existing zone file. Then click Next to continue.

8. Type in the IP address of the server or servers from which the zone records will be copied . Click Add for each server entered, as shown in Figure 13.13, and then click Next to continue.

   Figure 13.13. A newly created stub zone.

   

9. Click Finish on the Summary page to create the zone.

The newly created stub zone will hold only the SOA, NS, and glue records for the domain at which it is pointed.