Configuring Zones

After you have installed the DNS Server service, your next step is to create and configure zones (unless you are implementing a caching-only server).

A zone is basically an administrative entity, which is a portion of the DNS database that is administered as a single unit. A zone can span a single domain or multiple domains. The DNS server that is authoritative for a zone is responsible for resolving any requests for that particular zone. The zone file maintains all the configuration information for the zone and contains the resource records for the domains in the zone.

Each new zone consists of a forward lookup zone and an optional reverse lookup zone . A forward lookup zone maps hostnames to IP addresses. When a client needs the IP address for a hostname, the information is retrieved from the forward lookup zone. A reverse lookup zone does the opposite and allows for reverse queries, or mapping an IP address to a hostname. Reverse queries are often used when troubleshooting with the NSLookup command.

Zone Types

Three types of zones can be configured: standard primary, standard secondary, and Active Directoryintegrated. Each zone type is discussed further in the following list:

  • Standard primary zones This type of zone maintains the master writable copy of the zone in a text file. An update to the zone must be performed from the primary zone.

  • Standard secondary zones This zone type stores a copy of an existing zone in a read-only text file. To create a secondary zone, the primary zone must already exist, and you must specify a master name server. This is the server from which the zone information is copied .

  • Active Directoryintegrated zones This zone type stores zone information within Active Directory. This allows you to take advantage of additional features, such as secure dynamic updates and replication. Active Directoryintegrated zones can be configured on Windows 2000 domain controllers running DNS. Each domain controller maintains a writable copy of the zone information, which is stored in the Active Directory database.

graphics/note_icon.gif

When you install Active Directory on the first domain controller, a DNS server is required. If you choose to install DNS when Active Directory is installed, the zone is automatically configured as an Active Directoryintegrated zone.


Creating Zones

The main tool used to configure and administer a DNS server is the DNS manager . From this management console, you can configure a DNS server by creating zones. To create a new zone, follow these steps:

  1. Click Start, point to Programs, Administrative Tools, and click DNS. This opens the DNS management console.

  2. Right-click the DNS server and click New Zone. The New Zone Wizard opens. Click Next.

  3. Select the type of zone you want to create: Active Directoryintegrated , Standard primary , or Standard secondary (see Figure 2.1). Click Next. Keep in mind that the option to create an Active Directoryintegrated zone is only available if Active Directory is installed on the local machine.

    Figure 2.1. Configuring the zone type.

    graphics/02fig01.jpg

  4. Select the type of zone you want to create: a forward lookup zone or a reverse lookup zone. Click Next.

  5. If you select forward lookup zone, the Zone Name page appears. Type the name for the zone, such as bayside.net . Click Next.

  6. If you selected to create a reverse lookup zone, type the network ID (see Figure 2.2). This is used to create the in-addra.arpa domain with subdomains named using the network ID of the IP address. DNS uses the reverse lookup zone for performing address to name translations. For example, a network ID of 192.168.1 would be translated into 1.168.192.in-addra.arpa . Click Next.

    Figure 2.2. Creating a reverse lookup zone.

    graphics/02fig02.jpg

  7. In the Zone File screen, select whether to create a new zone file or to use an existing one (see Figure 2.3). This option appears when creating a forward or reverse lookup zone. Click Next.

    Figure 2.3. Configuring the zone filename.

    graphics/02fig03.jpg

  8. Click Finish.

Configuring Zone Properties

After a zone has been successfully added to your DNS server, you can configure it via the zone's Properties dialog box. To do so, right-click the zone from within the DNS management console and click Properties. The Properties dialog box for the zone displays five tabs, as shown in Figure 2.4. (If the zone is Active Directory integrated, six tabs will be available.) Table 2.1 summarizes each of the tabs.

Figure 2.4. Configuring zone properties.

graphics/02fig04.jpg

Table 2.1. Zone Property Tabs

Property Tab

Description

General

View the status of the zone, change the type of zone, change the zone filename, and configure dynamic updates.

Start of Authority (SOA)

Configure the zone transfer information and the email address of the zone administrator.

Name Servers

Specify the list of secondary servers that should be notified when changes to the zone file occur.

WINS

Enable the DNS server to query the list of WINS servers for name resolution.

Zone Transfers

Configure which secondary servers can receive zone transfers. You can specify any server, only those listed on the Name Servers tab, or the ones configured from this property sheet. Clicking the Notify button allows you to configure which secondary servers will be notified of changes.

Security

If the zone is Active Directoryintegrated, the Security tab is available and can be used to configure permissions to the zone file.

graphics/alert_icon.gif

Security has become a major topic both for exams and on-the-job realities. Be prepared to encounter at least one question on securing zone transfers between DNS servers. Using the Name Servers tab and the Zone Transfers tab, you can configure additional security by limiting which secondary servers can receive zone transfers and be notified of updates to the zone file.


Zone Transfers

Secondary servers get their zone information from a master name server. The master name server is the source of the zone file; it can be a primary server or another secondary server. If the master name server is a secondary server, it must first get the updated zone file from the primary server. The process of replicating a zone file to a secondary server is referred to as a zone transfer . Zone transfers occur between a secondary server and a master name server in two situations:

  • When the master name server notifies the secondary server that a change has been made to the zone file. When the secondary server receives notification, it requests a zone transfer. If multiple secondary servers exist, they are notified at random so the master name server is not overburdened with zone transfer requests.

  • When the refresh interval expires and the secondary server contacts the primary name server to check for changes to the zone file.

There are two types of zone transfers. The first is a Full Zone Transfer (AXFR) , in which the entire zone file is replicated to the secondary server. This type of zone transfer is supported by most implementations of DNS. If the secondary server's zone file is not current, which means changes were made, the entire zone file is replicated.

The second type of zone transfer is known as an Incremental Zone Transfer (IXFR) , in which only the changes made to a zone file are replicated to the secondary server, thereby reducing the amount of network traffic. You can control how often zone transfers occur from the Start of Authority (SOA) tab within the zone's Properties dialog box (see Figure 2.5). Table 2.2 summarizes the configurable options.

Figure 2.5. Configuring zone transfer settings.

graphics/02fig05.jpg

Table 2.2. Zone Transfer Settings

Option

Description

Serial number

Lists the number used to determine whether the zone file has changed. Each time a change is made, this number is incremented by 1. You can force a zone transfer by manually increasing this number.

Primary server

Lists the hostname of the primary DNS server for the zone.

Responsible person

Lists the email address of the person responsible for administering the zone.

Refresh interval

Determines how often the secondary server will poll the primary server for updates. Consider increasing this value for slow network connections.

Retry interval

Specifies how often the secondary server will attempt to contact the primary server if the server does not respond.

Expires after

Specifies when zone file information should expire if the secondary server fails to refresh the information. If a zone expires, zone data is considered to be potentially out of date and is discarded. Secondary master servers will not use zone data from an expired zone.

Minimum (default) TTL

Specifies how long records from the zone should be cached on other servers.

TTL for this record

Specifies how long DNS servers are allowed to store a record from the zone in their cache before it expires.

Active Directoryintegrated zones replicate information differently than primary and secondary zones, because the zone information is stored in Active Directory. Zone transfers are not used to update the zone information. Instead, the DNS servers with Active Directoryintegrated zones poll Active Directory at 15-minute intervals to check for updates.

Converting Zones

Using the General tab from the Zone Properties dialog box, you can change the current zone type (see Figure 2.6). You have the option of changing a primary or secondary zone to an Active Directoryintegrated zone or an Active Directoryintegrated zone to a primary zone or secondary zone. Before you attempt to change the zone type, be aware of the following points:

  • To convert a zone to an Active Directoryintegrated zone, the DNS Server service must be installed on a Windows 2000 domain controller.

  • If you convert to a secondary zone, you must specify the IP address of the server from which the zone information will be retrieved.

  • Changing a secondary zone to a primary zone will affect such things as dynamic updates, the use of the DNS Notify option, and zone transfers.

  • When an Active Directoryintegrated zone is converted to a primary zone, zone information is deleted from Active Directory and copied into a text file on the local DNS server.

Figure 2.6. Changing the zone type.

graphics/02fig06.jpg



Windows 2000 Network Infrastructure Exam Cram 2 (Exam 70-216)
MCSE Windows 2000 Network Infrastructure Exam Cram 2 (Exam Cram 70-216)
ISBN: 078972863X
EAN: 2147483647
Year: 2005
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net