1. Exploring DNS Zone Properties
The
primary means to configure zone settings is through the zone properties
dialog box, which is accessible through the DNS console. Each
properties dialog box for a standard zone has five tabs: General, Start
Of Authority (SOA), Name Servers, WINS, and Zone Transfers. Properties
dialog boxes for Active Directory–integrated zones include a sixth tab,
Security, that allows you to configure access permissions for the zone.
1.1 General Tab
The General tab, shown in Figure 1,
allows you to temporarily suspend name resolution and to configure four
basic features: zone type (including Active Directory integration),
zone file name, dynamic updates, and aging.
1.2 Zone Status
The
Pause button allows you to pause and resume name resolution for the
zone. Note that this feature does not allow you to pause or resume the
DNS Server service.
1.3 Zone Type
Clicking
Change opens the Change Zone Type dialog box, which allows you to
reconfigure the zone as a primary, secondary, or stub zone. Selecting
the Store The Zone In Active Directory check box in the Change Zone
Type dialog box allows you to store the primary zone information in the
Active Directory database instead of in the WINDOWS\System32\Dns folder. In Active Directory–integrated zones, zone data is replicated through Active Directory.
1.4 Zone Replication
When
you opt to store zone information in the Active Directory database, the
Change button for Replication becomes enabled. This button allows you
to configure replication parameters for the Active Directory–integrated
zone.
Clicking the Change button opens the Change Zone Replication Scope dialog box, shown in Figure 2. This dialog box allows you to determine among which servers in the Active Directory forest the zone data should be replicated.
Table 1 describes the four options available in this dialog box.
Table 1. Zone Replication Options
| Options | Description |
|---|
| To All DNS Servers In The Active Directory Forest | Replicates
zone data to all DNS servers running on domain controllers in the
Active Directory forest. Usually, this option provides the broadest
scope of replication. |
| To All DNS Servers In The Active Directory Domain | Replicates zone data to all DNS servers running on domain controllers in the Active Directory domain. |
| To All Domain Controllers In The Active Directory Domain | Replicates
zone data to all domain controllers in the Active Directory domain. If
you want Microsoft Windows 2000 DNS servers to load an Active Directory
zone, you must select this setting for that zone. |
| To All Domain Controllers Specified In The Scope Of The Following Application Directory Partition | Replicates
zone data according to the replication scope of the specified
application directory partition. For a zone to be stored in the
specified application directory partition, the DNS server hosting the
zone must be enlisted in the specified application directory partition. |
When
deciding which replication option to choose, consider that the broader
the replication scope, the greater the network traffic caused by
replication. For example, if you choose to have Active
Directory–integrated DNS zone data replicated to all DNS servers in the
forest, this setting produces greater network traffic than does
replicating the DNS zone data to all DNS servers in a single Active
Directory domain in that forest. On the other hand, replicating zone
data to all DNS servers in a forest can improve forestwide name
resolution performance and increase fault tolerance.
1.5 Application Directory Partitions and DNS Replication
An application directory partition is a directory partition that is replicated among a specified subset of domain controllers running Windows Server 2003.
Built-in application directory partitions
For
DNS, two built-in application directory partitions exist for each
Active Directory domain: DomainDnsZones and ForestDnsZones. The
DomainDnsZones application directory partition is replicated among all
DNS servers that are also domain controllers in an Active Directory
domain. The ForestDnsZones application directory partition is
replicated among all DNS servers that are also domain controllers in an
Active Directory forest. Each of these application directory partitions
is designated by a DNS subdomain and an FQDN. For example, in an Active
Directory domain named bern.lucernepublishing.com whose root domain in
the Active Directory forest is lucernepublishing.com, the built-in DNS
application partition directories are specified by these FQDNs:
DomainDnsZones.bern.lucernepublishing.com and
ForestDnsZones.lucernepublishing.com.
When
you select the To All DNS Servers In The Active Directory Forest option
in the Change Zone Replication Scope dialog box, you are in fact
choosing to store DNS zone data in the ForestDnsZones application
directory partition. When you select the To All DNS Servers In The
Active Directory Domain option, you are choosing to store DNS zone data
in the DomainDnsZones application directory partition.
Note
If
either of these application directory partitions is deleted or damaged,
you can recreate them in the DNS console by right-clicking the server
node and selecting Create Default Application Directory Partitions. If
the default DNS application directory partitions are currently
available, the Create Default Application Directory Partitions option
will not be available. |
Creating custom application directory partitions
You
can also create your own custom application directory partitions for
use with DNS and enlist chosen domain controllers in your network to
host replicas of this partition.
To accomplish this task, first create the partition by typing the following command:
dnscmd servername /createdirectorypartition FQDN
Then enlist other DNS servers in the partition by typing the following command:
dnscmd servername /enlistdirectorypartition FQDN
For
example, to create an application directory partition named SpecialDns
on a computer named Server01 in the Active Directory domain
contoso.com, type the following command:
dnscmd server01 /createdirectorypartition SpecialDns.contoso.com
To enlist a computer named Server02 in the application directory partition, type the following command:
dnscmd server02 /enlistdirectorypartition SpecialDns.contoso.com
Note
You must be a member of the Enterprise Admins group to create an application directory partition. |
To
store DNS data in a custom application directory partition, select the
fourth (bottom) option in the Change Zone Replication Scope dialog box,
and specify the custom application directory partition in the drop-down
list box. This option—To All Domain Controllers Specified In The Scope
Of The Following Application Directory Partition—is available only if
custom application directory partitions are available for DNS on your
network.
Replication with Windows 2000 servers
Because
application directory partitions are not available on Windows 2000
domain controllers, you must select the third option in the Change Zone
Replication Scope dialog box if you want the zone data to be read by
Windows 2000 DNS servers. With this option—To All Domain Controllers In
the Active Directory Domain—data is not replicated merely among all DNS
server domain controllers, but among all domain controllers regardless
of whether they are also DNS servers.
Tip
Expect
to be tested on application directory partition concepts and commands,
as well as the options in the Change Zone Replication Scope dialog box. |
