Servers refer to their zones (also called DNS database files or db files) to resolve names. The zones contain resource records that comprise the resource information associated with the DNS domain. For example, some resource records map friendly names to Internet Protocol (IP) addresses, and others map IP addresses to friendly names. Some resource records not only include information about servers in the DNS domain, they serve to define the domain by specifying which servers are authoritative for which zones. In this lesson, you learn how to configure DNS zones in Windows 2000.
After this lesson, you will be able to
Estimated lesson time: 20 minutes
A DNS database can be partitioned into multiple zones. A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS name space. Zone files are maintained on DNS servers. A single DNS server can be configured to host zero, one, or multiple zones. Each zone is anchored at a specific domain name referred to as the zone's root domain. A zone contains information about all names that end with the zone's root domain name. A DNS server is considered authoritative for a name if it loads the zone containing that name. The first record in any zone file is a start of authority (SOA) resource record. The SOA resource record identifies a primary DNS name server for the zone as the best source of information for the data within that zone and as an entity processing the updates for the zone.
Names within a zone can also be delegated to other zones. Delegation is a process of assigning responsibility for a portion of a DNS name space to a separate entity. This separate entity could be another organization, department, or workgroup within your company. In technical terms, delegating means assigning authority over portions of your DNS name space to other zones. The name server record that specifies the delegated zone and the DNS name of the server authoritative for that zone represents such delegation. Delegating across multiple zones was part of the original design goal of DNS. The following are the main reasons for the delegation of a DNS name space:
The name server's resource records facilitate delegation by identifying DNS servers for each zone. They appear in all forward and reverse lookup zones. Whenever a DNS server needs to cross a delegation, it refers to the name server's resource records for DNS servers in the target zone. In Figure 10.11, the management of the microsoft.com domain is delegated across two zones: microsoft.com and mydomain.microsoft.com.
Figure 10.11 The microsoft.com domain delegated across two zones
Domain name servers store information about part of the domain name space called a zone. The name server is authoritative for a particular zone. A single name server can be authoritative for many zones. Understanding the difference between a zone and a domain is sometimes confusing.
A zone is simply a portion of a domain. For example, the domain microsoft.com may contain all of the data for microsoft.com, marketing.microsoft.com, and development.microsoft.com. However, the zone microsoft.com contains only information for microsoft.com and references to the authoritative name servers for the subdomains. The zone microsoft.com can contain the data for sub-domains of microsoft.com if they have not been delegated to another server. For example, marketing.microsoft.com may manage its own delegated zone. The parent, microsoft.com, may manage development.microsoft.com. If there are no subdomains, then the zone and domain are essentially the same. In this case the zone contains all data for the domain.
All domains (or subdomains) that appear as part of the applicable zone delegation must be created in the current zone prior to performing a zone delegation as described next. As necessary, use the DNS console to first add domains to the zone before completing the procedure that follows.
Follow these steps to create a zone delegation:
The New Delegation wizard appears.
Figure 10.12 Adding a new delegation server
The New Resource Record dialog box appears, allowing you to specify DNS servers.
DNS was originally designed to support only static changes to a zone database. Because of the design limitations of static DNS, adding, removing, or modifying resource records could only be done manually by a DNS system administrator. For example, a DNS system administrator would edit records on a zone's primary server and the revised zone database would then be propagated to secondary servers during zone transfer. This design is workable when the number of changes is small and updates occur infrequently, but is otherwise quite inefficient.
Windows 2000 provides client and server support for the use of dynamic updates. Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address.
By default, computers that run Windows 2000 and are statically configured for TCP/IP attempt to dynamically register host and pointer resource records for IP addresses that are configured and used by their installed network connections. Dynamic updates can be sent for any of the following reasons or events:
For DNS servers, the DNS service allows dynamic update to be enabled or disabled on a per-zone basis at each server configured to load either a standard primary or directory-integrated zone. By default, client computers running any version of Windows 2000 dynamically update their host resource records in DNS when configured for TCP/IP. When DNS zones are stored in Active Directory database, DNS is configured by default to accept dynamic updates.
Windows 2000 DNS servers support dynamic updates. The DNS server provided with Windows NT Server 4.0 does not.
For a request for a dynamic update to be performed, several prerequisite conditions can be configured. Each prerequisite must be satisfied for an update to occur. After all prerequisites are met, the zone's primary server can proceed with an update of its local zones. Some examples of prerequisites that can be set are:
For client computers to be registered and updated dynamically with a DNS server, you must do one of the following:
In this practice, you make it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur by enabling dynamic updates for a DNS zone.
The DNS administrative console appears.
The Zone Properties dialog box appears, as illustrated in Figure 10.13.
Figure 10.13 Zone Properties dialog box
Delegation is a process of assigning responsibility for a portion of a DNS name space to a separate entity. The names server's resource records facilitate delegation by identifying DNS servers for each zone. They appear in all forward and reverse lookup zones. Windows 2000 provides client and server support for the use of dynamic updates. Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur.