Windows Server 2008 : Domain Name System and IPv6 - Understanding DNS Zones

2/11/2011 9:12:30 AM
A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS server or group of servers. The zone is the primary delegation mechanism in DNS and is used to establish boundaries over which a particular server can resolve requests. Any server that hosts a particular zone is said to be authoritative for that zone, with the exception of stub zones. Figure 1 illustrates how different portions of the DNS namespace can be divided into zones, each of which can be hosted on a DNS server or group of servers.
Figure 1. DNS zones.

It is important to understand that any section or subsection of DNS can exist within a single zone. For example, an organization might decide to place an entire namespace of a domain, subdomains, and subsubdomains into a single zone. Or specific sections of that namespace can be divided up into separate zones. In fact, the entire Internet namespace can be envisioned as a single namespace with . as the root, which is divided into a multitude of different zones.


A server that is installed with DNS but does not have any zones configured is known as a caching-only server. Establishing a caching-only server can be useful in some branch office situations because it can help to alleviate large amounts of client query traffic across the network and eliminate the need to replicate entire DNS zones to remote locations.

Forward Lookup Zones

A forward lookup zone is created to, as the name suggests, forward lookups to the DNS database. In other words, this type of zone resolves names to IP addresses and resource information. For example, if a user wants to reach and queries for its IP address through a forward lookup zone, DNS returns, the IP address for that resource.


There is nothing to stop the assignment of multiple RRs to a single resource. In fact, this practice is common and useful in many situations. It might be practical to have a server respond to more than one name in specific circumstances. This type of functionality is normally accomplished through the creation of CNAME records, which create aliases for a particular resource.

Reverse Lookup Zones

A reverse lookup zone performs the exact opposite operation as a forward lookup zone. IP addresses are matched up with a common name in a reverse lookup zone. This is similar to knowing a phone number but not knowing the name associated with it. Reverse lookup zones are usually manually created and do not always exist in every implementation. Creating a new zone using the Configure a DNS Server Wizard, can automatically create a reverse lookup zone. Reverse lookup zones are primarily populated with PTR records, which serve to point the reverse lookup query to the appropriate name.

Primary Zones

In traditional (non–Active Directory–integrated) DNS, a single server serves as the master DNS server for a zone, and all changes made to that particular zone are done on that particular server. A single DNS server can host multiple zones, and can be primary for one and secondary for another. If a zone is primary, however, all requested changes for that particular zone must be performed on the server that holds the master copy of the zone.

Secondary Zones

A secondary zone is established to provide redundancy and load balancing for the primary zone. Each copy of the DNS database is read-only, however, because all record keeping is done on the primary zone copy. A single DNS server can contain several zones that are primary and several that are secondary. The zone creation process is similar to the one outlined in the preceding section on primary zones, but with the difference being that the zone is transferred from an existing primary server.

Stub Zones

The concept of stub zones is unique to Microsoft DNS. A stub zone is essentially a zone that contains no information about the members in a domain but simply serves to forward queries to a list of designated name servers for different domains. A stub zone subsequently contains only NS, SOA, and glue records. Glue records are essentially A records that work in conjunction with a particular NS record to resolve the IP address of a particular name server. A server that hosts a stub zone for a namespace is not authoritative for that zone.

As illustrated in Figure 2, the stub zone effectively serves as a placeholder for a zone that is authoritative on another server. It allows a server to forward queries that are made to a specific zone to the list of name servers in that zone.

Figure 2. Stub zones.

You can easily create a stub zone in Windows Server 2008 R2 after the need has been established for this particular type of functionality. To create a stub zone, follow these steps:

Launch Server Manager.

Expand the Roles, DNS Server, and DNS nodes, and then select the server name.

Select the Forward Lookup Zones node.

Select Action, New Zone.

Click Next on the Welcome page.

Select Stub Zone from the list of zone types. Because this zone will not be AD-integrated, uncheck the Store the Zone in Active Directory check box if it is checked, and then click Next to continue.

Type in the name of the zone that will be created, and click Next to continue.

Select Create a New File with This File Name and accept the defaults, unless migrating from an existing zone file. Then click Next to continue.

Type in the IP address of the server or servers from which the zone records will be copied. Press Enter for each server entered, and they will be validated, as shown in Figure 3. Click Next to continue.

Figure 3. Entering stub master servers.

Click Finish on the Summary page to create the zone.

The newly created stub zone will hold only the SOA, NS, and glue records for the domain at which it is pointed.

Most View
SQL Server 2012 : Storage Systems (part 3) - Storage Technology - Storage Tiering, Data Replication
Four Of The Best Stereo Systems (Part 4)
Windows Phone 8 : Microsoft Office Mobile - Excel (part 5) - Freezing a Pane, Applying Formatting Options
Asus P8277-V Mainboard - The Key LGA 1155-Based Mainboard Line (Part 3)
WinZip 17 Pro - Take Advantage Of Users’ Current Needs
Running a SharePoint Site on Windows Home Server : Installing and Configuring Windows SharePoint Foundation 2010 (part 2) - Creating a Top-Level SharePoint Site
Which Is The Real Best-Seller Ultrabook? (Part 2) - Gigabyte U2442, Samsung Series 9 900X, HP Envy 6
Windows 7 : Developing Applications with Enhanced Security - DEVISING AND IMPLEMENTING A SECURITY POLICY
Managing Windows Server 2012 (part 9) - Customizing the desktop and the taskbar - Configuring desktop items, Configuring the taskbar
Where It Meets Lifestyle – November 2012 (Part 2)
Top 10
Teenage Kicks - Britain's Youngest Hot Rodders (Part 3)
Teenage Kicks - Britain's Youngest Hot Rodders (Part 2)
Teenage Kicks - Britain's Youngest Hot Rodders (Part 1)
Swing Low Sweet Chariot Muscle Car
The 25-year Rule (Part 2)
The 25-year Rule (Part 1)
Review : Linksys EA9200 Tri-Band Smart Wi-Fi router
Review : Xiaomi Mi Pad
Identity on Cisco Firewalls : Administrative Access Control on ASA
Identity on Cisco Firewalls : Administrative Access Control on IOS