The primary means to configure zone settings is
through the zone properties dialog box, which is accessible through the
DNS console. Each properties dialog box for a standard zone has five
tabs: General, Start Of Authority (SOA), Name Servers, WINS, and Zone
Transfers. Properties dialog boxes for Active Directory–integrated zones
include a sixth tab, Security, that allows you to configure access
permissions for the zone.
To open a properties dialog
box for a particular zone, right-click the node of the zone you want to
configure in the DNS console, and then select Properties, as shown in Figure 1.
General Tab
The General tab, shown
in Figure 2, allows you to temporarily suspend
name resolution and to configure four basic features: zone type
(including Active Directory integration), zone file name, dynamic
updates, and aging.
Zone Status
The Pause button allows you to pause and resume
name resolution for the zone. Note that this feature does not allow you
to pause or resume the DNS Server service.
Zone Type
Clicking Change
opens the Change Zone Type dialog box, as shown in Figure 3.
The Change Zone Type
dialog box allows you to reconfigure the zone as a primary, secondary,
or stub zone. A primary zone stores the most current records and settings for
the zone. For each standard zone that is not Active
Directory–integrated, only one primary DNS server is allowed, and this
server contains the only read/write version of the zone database. A secondary zone is a
read-only copy of the primary zone used to improve performance and
fault tolerance. A stub zone is a copy of a zone that contains only those
resource records necessary to identify the actual authoritative DNS
servers for that zone.
Active Directory
Service Integration
Selecting the
Store The Zone In Active Directory check box in the Change Zone Type
dialog box allows you to store the primary zone information in the
Active Directory database instead of in the WINDOWS\System32\Dns folder.
In Active Directory–integrated zones, zone data is replicated through
Active Directory. In most cases, this eliminates the need to configure
zone transfers to secondary servers.
Tip
To
migrate a standard primary server, configure a secondary server,
transfer the zone to the secondary server, and then promote the
secondary server to a primary server. After the secondary server has
been promoted, you can delete the original primary server. |
There
are several advantages to integrating your DNS zone with Active
Directory. First, because Active Directory performs zone replication,
you do not need to configure a separate mechanism for DNS zone
transfers. Fault tolerance, along with improved performance from the
availability of multiple read/write primary servers, is automatically
supplied by the presence of multimaster replication on your network.
Second, Active Directory allows for single properties of resource
records to be updated and replicated among DNS servers. Avoiding the
transfer of many and complete resource records decreases the load on
network resources during zone transfers. Finally, Active Directory
integration allows you to configure access security for stored records,
which prevents unauthorized updates.
Planning
If
you can deploy an Active Directory–integrated zone, do. It reduces
administrative headache, improves security, and minimizes zone transfer
traffic. Because of these advantages, you should plan to use a standard
primary or secondary zone only when you want to deploy a DNS server on a
computer that is not an Active Directory domain controller. |
