DESKTOP

Windows Server 2003 : Domain Name System - Active Directory-Integrated Zones

- Give Up Coffee For Beautiful Breasts

- Nikon D3500 Digital SLR Camera

- Sony Alpha A58 Digital SLT Camera

- Panasonic HX-WA30 - A Pistol-Grip Full HD Camcorder

1/2/2013 6:15:28 PM

1. Active Directory-Integrated Zones

Up to this point, I've treated the Windows Server 2003 DNS service as a traditional nameserver, mostly compliant with the relevant RFCs, which can act in both primary and secondary "modes" for a zone. However, Windows Server 2003 offers a third mode specific to Windows that, although not listed in an RFC, offers some distinct advantages if you've made an infrastructure investment in Active Directory and Windows.

The third mode, Active Directory-integrated DNS , offers two plusses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers. Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS. In a traditional DNS setup, only one type of nameserver can accept these registrations—the primary server, because it has the only read/write copy of a zone. By creating an Active Directory-integrated zone, all Windows Server 2003 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multi-master replication. All you need to do to set up this scenario is install Windows Server 2003 on a machine, configure it as a domain controller, install the DNS service, and set up the zone. It's all automatic after that. Contrast this with the standard primary-secondary nameserver setup, where the primary server is likely to be very busy handling requests and zone transfers without worrying about the added load of dynamic DNS registrations. Active Directory-integrated zones relieve this load considerably. And to add to the benefits, Active Directory-integrated zones support compression of replication traffic between sites, which also makes it unnecessary to use the old-style "uncompressed" zone transfers.

As you read in the previous section, part of the dynamic DNS functionality provided in Windows Server 2003 is the scavenger process. Recall the no-refresh interval function, which was created to eliminate exorbitant amounts of traffic being passed between domain controllers for each DNS re-registration.

Active Directory-integrated zones also afford a big security advantage, in that they provide the capability to lock down dynamic DNS functionality by restricting the ability of users and computers to register records into the system—only computers that are members of the Active Directory domain that hosts the DNS records can add and update records dynamically to these zones. However, to have an Active Directory-integrated zone, your nameservers must be domain controllers for an Active Directory domain. If other nameservers are used that are not domain controllers, they can act as only traditional secondary nameservers, holding a read-only copy of the zone and replicating via the traditional zone transfer process.

If you're already running a nameserver that is a domain controller with an active zone in service, it's easy to convert that to an Active Directory-integrated zone. (And for that matter, it's easy to revert to a primary or secondary zone—this isn't a be-all and end-all.) Here's how to go forward:

Open the DNS Management snap-in.
Right-click the zone folder you want to convert, and select Properties from the context menu.
Navigate to the General tab, as shown in Figure 1.

Figure 1. Converting a zone to Active Directory-integrated mode

To the right of the Type entry—it should now say either Primary or Secondary—click the Change button. The Change Zone Type screen will appear, as shown in Figure 2.
Check the Store the zone in Active Directory checkbox.
Click OK.

Figure 2. Storing a zone in Active Directory

You'll note that your options expand once you've converted to Active Directory-integrated zones. Go back to the zone's properties, and on the General tab, note a couple of things:

The Dynamic Updates field now allows Secure Only updates.
You have options for replicating zone changes throughout all domain controllers in Active Directory.

Let's focus on the latter for a moment.

1.1. Replication Among Domain Controllers

Windows Server 2003 introduces a new feature that allows you to tune how Active Directory replicates DNS information to other domain controllers. Click the Change button beside the Replication field on the zone properties, and you'll be presented with the Change Zone Replication Scope screen as shown in Figure 2.

The default setting is "To all domain controllers in the Active Directory domain," which instructs Windows to behave exactly as it did in Windows 2000 Server: replicate DNS information to all domain controllers in Active Directory, regardless of whether they're actually running the DNS service. Obviously, if you have 20 domain controllers in your domain, but only three domain controllers that run DNS, this is a lot of replication traffic that is just wasted. On this screen, you can select to replicate the DNS information only to domain controllers running DNS in either the forest or the domain. This is very helpful, and for large organizations, it should cut down on WAN traffic.

Figure 2. Controlling DNS replication in Active Directory

Other

Zotac GTX 660 2GB - Dominate The Middle Ground Of Gaming Performance

Thermaltake Water2.0 Pro - Cool, But Loud

How To Build The Ultimate AMD Gaming Rig

Macbook Pro: The Inner Beauty (Part 2)

Macbook Pro: The Inner Beauty (Part 1)

Samsung Chromeboo - ARM Isn’t Always Slower Than x86

Windows 8 Hardware (Part 4) : Logitech Wireless Rechargeable Touchpad T650, Logitech T620, Microsoft Sculpt Comport Keyboard

Windows 8 Hardware (Part 3) : Acer Iconia W510, Acer T232HL, Innovatouch IW2235P-U

Windows 8 Hardware (Part 2) : Lenovo Ideapad Yoga 13, Dell XPS 12

Windows 8 Hardware (Part 1) : Microsoft Surface RT

Top 10

- Review : Sigma 24mm f/1.4 DG HSM Art

- Review : Canon EF11-24mm f/4L USM

- Review : Creative Sound Blaster Roar 2

- Review : Philips Fidelio M2L

- Review : Alienware 17 - Dell's Alienware laptops

- Review Smartwatch : Wellograph

- Review : Xiaomi Redmi 2

- Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator

- Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator

- 3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart

REVIEW

- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)

VIDEO TUTORIAL

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)

Popular Tags

Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone

site
stats