Windows Server 2008 R2 Unleashed (60 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
.
KEY—
Stores a public key used for encryption for a particular domain.
.
RP—
Specifies the Responsible Person for a domain.
.
WKS—
Designates a particular Well-Known Service.
.
MB—
Indicates which host contains a specific mailbox.
A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS
server or group of servers. The zone is the primary delegation mechanism in DNS and is
used to establish boundaries over which a particular server can resolve requests. Any server
that hosts a particular zone is said to be authoritative for that zone, with the exception of
stub zones, which are defined later in the chapter in the “Stub Zones” section. Figure 10.6
illustrates how different portions of the DNS namespace can be divided into zones, each
of which can be hosted on a DNS server or group of servers.
Understanding DNS Zones
271
.com
ZONE
companyabc.com
companyxyz.com
ZONE
asia.companyabc.com
europe.companyabc.com
ZONE
ZONE
east.asia.companyabc.com
sales.europe.companyabc.com
west.asia.companyabc.com
ptg
FIGURE 10.6
DNS zones.
It is important to understand that any section or subsection of DNS can exist within a
single zone. For example, an organization might decide to place an entire namespace of a
domain, subdomains, and subsubdomains into a single zone. Or specific sections of that
namespace can be divided up into separate zones. In fact, the entire Internet namespace
can be envisioned as a single namespace with . as the root, which is divided into a multi-
tude of different zones.
NOTE
A server that is installed with DNS but does not have any zones configured is known
as a caching-only server. Establishing a caching-only server can be useful in some
branch office situations because it can help to alleviate large amounts of client query
traffic across the network and eliminate the need to replicate entire DNS zones to
remote locations.
10
Forward Lookup Zones
A forward lookup zone is created to, as the name suggests, forward lookups to the DNS
database. In other words, this type of zone resolves names to IP addresses and resource
information. For example, if a user wants to reach dc1.companyabc.com and queries for its
IP address through a forward lookup zone, DNS returns 172.16.1.11, the IP address for
that resource.
272
CHAPTER 10
Domain Name System and IPv6
NOTE
There is nothing to stop the assignment of multiple RRs to a single resource. In fact,
this practice is common and useful in many situations. It might be practical to have a
server respond to more than one name in specific circumstances. This type of function-
ality is normally accomplished through the creation of CNAME records, which create
aliases for a particular resource.
Reverse Lookup Zones
A reverse lookup zone performs the exact opposite operation as a forward lookup zone. IP
addresses are matched up with a common name in a reverse lookup zone. This is similar
to knowing a phone number but not knowing the name associated with it. Reverse lookup
zones are usually manually created and do not always exist in every implementation.
Creating a new zone using the Configure a DNS Server Wizard, as in the example earlier in
this chapter, can automatically create a reverse lookup zone. Reverse lookup zones are
primarily populated with PTR records, which serve to point the reverse lookup query to
the appropriate name.
ptg
Primary Zones
In traditional (non–Active Directory–integrated) DNS, a single server serves as the master
DNS server for a zone, and all changes made to that particular zone are done on that
particular server. A single DNS server can host multiple zones, and can be primary for one
and secondary for another. If a zone is primary, however, all requested changes for that
particular zone must be performed on the server that holds the master copy of the zone.
Secondary Zones
A secondary zone is established to provide redundancy and load balancing for the primary
zone. Each copy of the DNS database is read-only, however, because all record keeping is
done on the primary zone copy. A single DNS server can contain several zones that are
primary and several that are secondary. The zone creation process is similar to the one
outlined in the preceding section on primary zones, but with the difference being that the
zone is transferred from an existing primary server.
Stub Zones
The concept of stub zones is unique to Microsoft DNS. A stub zone is essentially a zone
that contains no information about the members in a domain but simply serves to
forward queries to a list of designated name servers for different domains. A stub zone
subsequently contains only NS, SOA, and glue records. Glue records are essentially A
records that work in conjunction with a particular NS record to resolve the IP address of a
particular name server. A server that hosts a stub zone for a namespace is not authoritative
for that zone.
Understanding DNS Zones
273
As illustrated in Figure 10.7, the stub zone effectively serves as a placeholder for a zone
that is authoritative on another server. It allows a server to forward queries that are made
to a specific zone to the list of name servers in that zone.
Authoritative for
Authoritative for
companyabc.com
companyabc.com
Server1
Server2
NS
Server3
192.168.0.11
192.168.0.12
192.168.0.13
Records
STUB ZONE
PRIMARY
SECONDARY
ZONE
ZONE
NS
server2.companyabc.com
A
A
SOA
A
SOA
A
A
server2 = 192.168.0.12
A
A
NS
NS
A
A
A
A
NS
server3.companyabc.com
NS
NS
A
A
A
A
A
A
A
A
A
server3 = 192.168.0.13
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
ptg
A
A
Glue
A
A
A
Records
A
All Records
All Records
for Zone
for Zone
FIGURE 10.7
Stub zones.
You can easily create a stub zone in Windows Server 2008 R2 after the need has been estab-
lished for this particular type of functionality. To create a stub zone, follow these steps:
1. Launch Server Manager.
2. Expand the Roles, DNS Server, and DNS nodes, and then select the server name.
3. Select the Forward Lookup Zones node.
4. Select Action, New Zone.
5. Click Next on the Welcome page.
6. Select Stub Zone from the list of zone types. Because this zone will not be AD-inte-
grated, uncheck the Store the Zone in Active Directory check box if it is checked,
10
and then click Next to continue.
7. Type in the name of the zone that will be created, and click Next to continue.
8. Select Create a New File with This File Name and accept the defaults, unless migrat-
ing from an existing zone file. Then click Next to continue.
9. Type in the IP address of the server or servers from which the zone records will be
copied. Press Enter for each server entered, and they will be validated, as shown in
Figure 10.8. Click Next to continue.
274
CHAPTER 10
Domain Name System and IPv6
FIGURE 10.8
Entering stub master servers.
10. Click Finish on the Summary page to create the zone.
The newly created stub zone will hold only the SOA, NS, and glue records for the domain
at which it is pointed.
ptg
Copying the DNS database from one server to another is accomplished through a process
known as a zone transfer. Zone transfers are required for any non-Active Directory-inte-
grated zone that has more than one name server responsible for the contents of that zone.
The mechanism for zone transfers varies, however, depending on the version of DNS.
Zone transfers are always pulled by the secondary servers from the primary servers.
Primary DNS servers can be configured to notify secondary DNS servers of changes to a
zone and to begin a zone transfer. They can also be configured to perform a zone transfer
on a scheduled basis. To set up a secondary server to pull zone transfers from a forward
lookup zone, follow this procedure:
1. Launch Server Manager on the DNS server with the primary zone.
2. Expand the Roles, DNS Server, DNS nodes, and then select the server name.
3. Select the Forward Lookup Zones node.
4. Right-click the name of the zone and choose Properties.
5. Choose the Zone Transfers tab.
6. Check Allow Zone Transfers and select Only to the Following Servers.
7. Click Edit, type in the IP address of the server that will receive the update, and press
Enter. The server will be validated, as shown in Figure 10.9. Because the server is not
yet an authoritative server for the zone, the error message “The server with this IP
address is not authoritative for the required zone” appears. This will be done in the
next section. The error can be safely ignored. Click OK to save.
Performing Zone Transfers
275
FIGURE 10.9
Setting up zone transfer servers.
8. To ensure that updates will be processed correctly, click the Notify button, enter the
name of the secondary server, and press Enter. Click OK to save changes.
9. Click OK to save the changes.
ptg
NOTE
In addition to specifically defining recipients of zone transfer notifications by IP
address, you can select the Only to Servers Listed on the Name Servers Tab option
button as well, assuming that the recipient server or servers are listed on the Name
Servers tab.
Now that the primary zone on the primary DNS server has been configured to allow trans-
fers, the secondary zone has to be configured on the secondary DNS server. To create the
secondary zone and begin zone transfers, execute the following steps:
1. Launch Server Manager.
2. Expand the Roles, DNS Server, DNS nodes, and then select the server name.
3. Select the Forward Lookup Zones node.
4. Select Action, New Zone.
5. Click Next on the Welcome page.
10
6. Select Secondary Zone from the list of zone types. Secondary zones cannot be AD-
integrated and the options will be grayed out. Click Next to continue.
7. Type in the name of the zone that will be created (this should match the primary
zone name), and click Next to continue.
8. Type in the IP address of the server or servers from which the zone records will be
transferred. Press Enter for each server entered, and they will be validated. Click
Next to continue.
276
CHAPTER 10
Domain Name System and IPv6
9. Click Finish on the Summary page to create the zone.
