Windows Server 2008 : Domain Name System and IPv6 - Understanding DNS Zones

2/11/2011 9:12:30 AM
A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS server or group of servers. The zone is the primary delegation mechanism in DNS and is used to establish boundaries over which a particular server can resolve requests. Any server that hosts a particular zone is said to be authoritative for that zone, with the exception of stub zones. Figure 1 illustrates how different portions of the DNS namespace can be divided into zones, each of which can be hosted on a DNS server or group of servers.
Figure 1. DNS zones.

It is important to understand that any section or subsection of DNS can exist within a single zone. For example, an organization might decide to place an entire namespace of a domain, subdomains, and subsubdomains into a single zone. Or specific sections of that namespace can be divided up into separate zones. In fact, the entire Internet namespace can be envisioned as a single namespace with . as the root, which is divided into a multitude of different zones.


A server that is installed with DNS but does not have any zones configured is known as a caching-only server. Establishing a caching-only server can be useful in some branch office situations because it can help to alleviate large amounts of client query traffic across the network and eliminate the need to replicate entire DNS zones to remote locations.

Forward Lookup Zones

A forward lookup zone is created to, as the name suggests, forward lookups to the DNS database. In other words, this type of zone resolves names to IP addresses and resource information. For example, if a user wants to reach and queries for its IP address through a forward lookup zone, DNS returns, the IP address for that resource.


There is nothing to stop the assignment of multiple RRs to a single resource. In fact, this practice is common and useful in many situations. It might be practical to have a server respond to more than one name in specific circumstances. This type of functionality is normally accomplished through the creation of CNAME records, which create aliases for a particular resource.

Reverse Lookup Zones

A reverse lookup zone performs the exact opposite operation as a forward lookup zone. IP addresses are matched up with a common name in a reverse lookup zone. This is similar to knowing a phone number but not knowing the name associated with it. Reverse lookup zones are usually manually created and do not always exist in every implementation. Creating a new zone using the Configure a DNS Server Wizard, can automatically create a reverse lookup zone. Reverse lookup zones are primarily populated with PTR records, which serve to point the reverse lookup query to the appropriate name.

Primary Zones

In traditional (non–Active Directory–integrated) DNS, a single server serves as the master DNS server for a zone, and all changes made to that particular zone are done on that particular server. A single DNS server can host multiple zones, and can be primary for one and secondary for another. If a zone is primary, however, all requested changes for that particular zone must be performed on the server that holds the master copy of the zone.

Secondary Zones

A secondary zone is established to provide redundancy and load balancing for the primary zone. Each copy of the DNS database is read-only, however, because all record keeping is done on the primary zone copy. A single DNS server can contain several zones that are primary and several that are secondary. The zone creation process is similar to the one outlined in the preceding section on primary zones, but with the difference being that the zone is transferred from an existing primary server.

Stub Zones

The concept of stub zones is unique to Microsoft DNS. A stub zone is essentially a zone that contains no information about the members in a domain but simply serves to forward queries to a list of designated name servers for different domains. A stub zone subsequently contains only NS, SOA, and glue records. Glue records are essentially A records that work in conjunction with a particular NS record to resolve the IP address of a particular name server. A server that hosts a stub zone for a namespace is not authoritative for that zone.

As illustrated in Figure 2, the stub zone effectively serves as a placeholder for a zone that is authoritative on another server. It allows a server to forward queries that are made to a specific zone to the list of name servers in that zone.

Figure 2. Stub zones.

You can easily create a stub zone in Windows Server 2008 R2 after the need has been established for this particular type of functionality. To create a stub zone, follow these steps:

Launch Server Manager.

Expand the Roles, DNS Server, and DNS nodes, and then select the server name.

Select the Forward Lookup Zones node.

Select Action, New Zone.

Click Next on the Welcome page.

Select Stub Zone from the list of zone types. Because this zone will not be AD-integrated, uncheck the Store the Zone in Active Directory check box if it is checked, and then click Next to continue.

Type in the name of the zone that will be created, and click Next to continue.

Select Create a New File with This File Name and accept the defaults, unless migrating from an existing zone file. Then click Next to continue.

Type in the IP address of the server or servers from which the zone records will be copied. Press Enter for each server entered, and they will be validated, as shown in Figure 3. Click Next to continue.

Figure 3. Entering stub master servers.

Click Finish on the Summary page to create the zone.

The newly created stub zone will hold only the SOA, NS, and glue records for the domain at which it is pointed.

Most View
SQL Server 2008 : Index analysis (part 1) - Identifying indexes to drop/disable
Antec GX700 Value Gaming Computer Case
iRadio - Latest Music Stream
Best Photo Printers Revealed – Jan 2013 (Part 1)
Wacom Cintiq 24HD Touch - Pen-Enabled Display Plus Multi-Touch Gestures (Part 2)
The HP Virtual Server Environment : Choosing a Partitioning Solution (part 2) - Why Choose Integrity VM?
The Contemporary APUs - AMD Trinity vs Intel Ivy Bridge (Part 9)
Microsoft SharePoint 2010 : InfoPath Forms Services - Accessing Data in InfoPath Forms (part 1)
Samsung DA-E750 – A Good Speaker Dock-Cum-Soundbar
Windows Server 2008 and Windows Vista : Group Policy Management Console Delegation - Modeling GPOs, RSoP of GPOs
Top 10
Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 5) - Using Email Disclaimers
Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 4) - Establishing a Corporate Email Policy, Securing Groups
Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 3) - Hardening Windows Server 2003 - Running SCW
Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 2) - Hardening Windows Server 2003 - Using the Microsoft Baseline Security Analyzer
Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 1) - Hardening Windows Server 2003 - Auditing Policies
Microsoft Exchange Server 2007 : Server and Transport-Level Security - Considering the Importance of Security in an Exchange Server 2007 Environment
Sharepoint 2013 : List and library essentials - Organizing items by using folders
Sharepoint 2013 : List and library essentials - Sorting or filtering a list view
Sharepoint 2013 : List and library essentials - Creating and selecting a list view
Windows Server 2012 : Managing and Troubleshooting Hardware (part 11) - Resolving resource conflicts