A
zone in DNS is a portion of a DNS namespace that is controlled by a
particular DNS server or group of servers. The zone is the primary
delegation mechanism in DNS and is used to establish boundaries over
which a particular server can resolve requests. Any server that hosts a
particular zone is said to be authoritative for that zone, with the
exception of stub zones. Figure 1
illustrates how different portions of the DNS namespace can be divided
into zones, each of which can be hosted on a DNS server or group of
servers.
It
is important to understand that any section or subsection of DNS can
exist within a single zone. For example, an organization might decide to
place an entire namespace of a domain, subdomains, and subsubdomains
into a single zone. Or specific sections of that namespace can be
divided up into separate zones. In fact, the entire Internet namespace
can be envisioned as a single namespace with . as the root, which is
divided into a multitude of different zones.
Note
A server that is
installed with DNS but does not have any zones configured is known as a
caching-only server. Establishing a caching-only server can be useful in
some branch office situations because it can help to alleviate large
amounts of client query traffic across the network and eliminate the
need to replicate entire DNS zones to remote locations.
Forward Lookup Zones
A forward lookup zone is
created to, as the name suggests, forward lookups to the DNS database.
In other words, this type of zone resolves names to IP addresses and
resource information. For example, if a user wants to reach dc1.companyabc.com and queries for its IP address through a forward lookup zone, DNS returns 172.16.1.11, the IP address for that resource.
Note
There
is nothing to stop the assignment of multiple RRs to a single resource.
In fact, this practice is common and useful in many situations. It
might be practical to have a server respond to more than one name in
specific circumstances. This type of functionality is normally
accomplished through the creation of CNAME records, which create aliases
for a particular resource.
Reverse Lookup Zones
A reverse lookup zone
performs the exact opposite operation as a forward lookup zone. IP
addresses are matched up with a common name in a reverse lookup zone.
This is similar to knowing a phone number but not knowing the name
associated with it. Reverse lookup zones are usually manually created
and do not always exist in every implementation. Creating a new zone
using the Configure a DNS Server Wizard, can automatically create a reverse lookup zone. Reverse
lookup zones are primarily populated with PTR records, which serve to
point the reverse lookup query to the appropriate name.
Primary Zones
In traditional
(non–Active Directory–integrated) DNS, a single server serves as the
master DNS server for a zone, and all changes made to that particular
zone are done on that particular server. A single DNS server can host
multiple zones, and can be primary for one and secondary for another. If
a zone is primary, however, all requested changes for that particular
zone must be performed on the server that holds the master copy of the
zone.
Secondary Zones
A secondary zone is
established to provide redundancy and load balancing for the primary
zone. Each copy of the DNS database is read-only, however, because all
record keeping is done on the primary zone copy. A single DNS server can
contain several zones that are primary and several that are secondary.
The zone creation process is similar to the one outlined in the
preceding section on primary zones, but with the difference being that
the zone is transferred from an existing primary server.
Stub Zones
The concept of stub zones
is unique to Microsoft DNS. A stub zone is essentially a zone that
contains no information about the members in a domain but simply serves
to forward queries to a list of designated name servers for different
domains. A stub zone subsequently contains only NS, SOA, and glue
records. Glue records are essentially A records that work in conjunction
with a particular NS record to resolve the IP address of a particular
name server. A server that hosts a stub zone for a namespace is not
authoritative for that zone.
As illustrated in Figure 2,
the stub zone effectively serves as a placeholder for a zone that is
authoritative on another server. It allows a server to forward queries
that are made to a specific zone to the list of name servers in that
zone.
You can easily create a stub
zone in Windows Server 2008 R2 after the need has been established for
this particular type of functionality. To create a stub zone, follow
these steps:
1. | Launch Server Manager.
|
2. | Expand the Roles, DNS Server, and DNS nodes, and then select the server name.
|
3. | Select the Forward Lookup Zones node.
|
4. | Select Action, New Zone.
|
5. | Click Next on the Welcome page.
|
6. | Select
Stub Zone from the list of zone types. Because this zone will not be
AD-integrated, uncheck the Store the Zone in Active Directory check box
if it is checked, and then click Next to continue.
|
7. | Type in the name of the zone that will be created, and click Next to continue.
|
8. | Select
Create a New File with This File Name and accept the defaults, unless
migrating from an existing zone file. Then click Next to continue.
|
9. | Type
in the IP address of the server or servers from which the zone records
will be copied. Press Enter for each server entered, and they will be
validated, as shown in Figure 3. Click Next to continue.
|
10. | Click Finish on the Summary page to create the zone.
|
The newly created stub zone will hold only the SOA, NS, and glue records for the domain at which it is pointed.
