Expires After
The
value you configure in the Expires After box determines the length of
time that a secondary server, without any contact with its master
server, continues to answer queries from DNS clients. After this time
elapses, the data is considered unreliable. The default value is 1 day.
Minimum (Default) TTL
The
value you configure in the Minimum (Default) TTL box determines the
default Time to Live (TTL) that is applied to all resource records in
the zone. The default value is 1 hour.
TTL
values are not relevant for resource records within their authoritative
zones. Instead, the TTL refers to the cache life of a resource record
in nonauthoritative servers. A DNS server that has cached a resource
record from a previous query discards the record when that record’s TTL
has expired.
Exam Tip
If
you have deployed caching-only servers in your network in addition to a
primary server, increasing the minimum TTL can decrease name resolution
traffic between the caching-only servers and the primary server. |
TTL For This Record
The
value you configure in the TTL For This Record text box determines the
TTL of the present SOA resource record. This value overrides the
default value setting in the preceding field.
Once configured in the DNS console, an SOA resource record is represented textually in the zone file, as shown in this example:
@IN SOA Server01.contoso.com. hostmaster.contoso.com. (
5099 ; serial number
3600 ; refresh (1 hour)
600 ; retry (10 mins)
86400 ; expire (1 day)
60 ) ; minimum TTL (1 min)
Name Servers Tab
The
Name Servers tab allows you to configure NS resource records for a
zone. These records cannot be created elsewhere in the DNS console. You
use NS resource records to specify the authoritative name servers for a
given zone. The NS resource record of the first primary server of a
zone is configured automatically.
Note
Every zone must contain at least one NS resource record at the zone root. |
The following line is an example NS record taken from the database file for the lucernepublishing.com zone:
@ NS dns1.lucernepublishing.com.
In this record, the “@”
symbol represents the zone defined by the SOA record in the same zone
file. The complete entry, then, effectively maps the
lucernepublishing.com domain to a DNS server hosted on a computer named
dns1.lucernepublishing.com.
Tip
In
primary zones, zone transfers by default are allowed only to servers
specified on the Name Servers tab. This restriction is new to Windows
Server 2003. |
WINS Tab
You
use the WINS tab—or the WINS-R tab in reverse lookup zones—to configure
Windows Internet Name Service (WINS) servers to aid in name resolution
for a given zone after DNS servers have failed to resolve a queried
name.
Zone Transfers Tab
The Zone Transfers tab, shown in Figure 6,
allows you to restrict zone transfers from the local master server. For
primary zones, zone transfers to secondary servers by default are
restricted only to name servers configured on the Name Servers tab.
Alternatively, you can customize zone transfer restrictions by
selecting the Only To The Following Servers option and then specifying
the IP addresses of allowed secondary servers in the list below this
option.
Secondary
zones by default do not allow zone transfers to other secondary zones,
but you can enable this feature simply by selecting the Allow Zone
Transfers check box.
Off the Record
In
Windows 2000, the default setting on the Zone Transfers tab for primary
zones was to allow transfers to any server, but this feature created an
unnecessary security hole. Think about it: why would you want to enable
anyone who can access your DNS server to set up a secondary server and
peruse your network’s resource records? Restricting zone transfers by
default to known name servers is a lot smarter—it allows you to prevent
unauthorized copying of zone data. |
Notification
The
Zone Transfers tab also allows you to configure notification to
secondary servers. To perform this task, click Notify on the Zone
Transfers tab when zone transfers are enabled. This action opens the
Notify dialog box, in which you can specify secondary servers that
should be notified whenever a zone update occurs at the local master
server. By default, all servers listed on the Name Servers tab are
automatically notified of zone changes.
Notification and Zone Transfer Initiation
Zone transfers in standard zones can be triggered by any of three events:
They can be triggered when the refresh interval of the primary zone’s SOA resource record expires.
They can be triggered when a secondary server boots up.
In
both cases, the secondary server initiates an SOA query to find out
whether any updates in the zone have occurred. Transfers occur only if
the zone database has been revised.
Zone
transfers are automatically triggered when a change occurs in the
configuration of the primary server and this server has specified
particular secondary DNS servers to be notified of zone updates.
When
a zone transfer initiates, the secondary server performs either an
incremental zone transfer (IXFR) query or an all zone transfer (AXFR)
query to the master server. Computers running Windows 2000 Server and
Windows Server 2003 perform IXFR queries by default. Through IXFR
queries, only the newly modified data is transferred across the
network. Computers running Windows NT Server do not support IXFR
queries and can perform only AXFR queries. Through AXFR queries, the
entire zone database is transferred to the secondary server.
Primary DNS servers running Windows Server 2003 support both IXFR and AXFR zone transfers.
Note
You
do not need to configure zone transfers or notification among domain
controllers or DNS servers in Active Directory–integrated zones. For
the servers within these zones, transfers are conducted automatically. |
