Zone Replication
When you opt to store
zone information in the Active Directory database, the associated Change
button becomes enabled, as shown in Figure 4.
This button allows you to configure replication parameters for the
Active Directory–integrated zone.
Clicking the Change
button opens the Change Zone Replication Scope dialog box, shown in Figure 5. This dialog box allows you to determine among which
servers in the Active Directory forest the zone data should be
replicated.
Table 1 describes the
four options available in this dialog box.
Table 1. Zone Replication Options
| Options | Description |
|---|
| To All DNS Servers In The
Active Directory Forest | Replicates zone data to all DNS
servers running on domain controllers in the Active Directory forest.
Usually, this option provides the broadest scope of replication. |
| To All DNS Servers In The Active Directory Domain | Replicates
zone data to all DNS servers running on domain controllers in the
Active Directory domain. |
| To All Domain Controllers
In The Active Directory Domain | Replicates zone data to
all domain controllers in the Active Directory domain. If you want
Microsoft Windows 2000 DNS servers to load an Active Directory zone, you
must select this setting for that zone. |
| To
All Domain Controllers Specified In The Scope Of The Following
Application Directory Partition | Replicates zone
data according to the replication scope of the specified application
directory partition. For a zone to be stored in the specified
application directory partition, the DNS server hosting the zone must be
enlisted in the specified application directory partition. |
When deciding
which replication option to choose, consider that the broader the
replication scope, the greater the network traffic caused by
replication. For example, if you choose to have Active
Directory–integrated DNS zone data replicated to all DNS servers in the
forest, this setting produces greater network traffic than does
replicating the DNS zone data to all DNS servers in a single Active
Directory domain in that forest. On the other hand, replicating zone
data to all DNS servers in a forest can improve forestwide name
resolution performance and increase fault tolerance.
Application
Directory Partitions and DNS Replication
An
application directory partition is a directory partition that is replicated among a
specified subset of domain controllers running Windows Server 2003.
Built-in application directory
partitions
For DNS,
two built-in application directory partitions exist for each Active
Directory domain: DomainDnsZones and ForestDnsZones. The DomainDnsZones
application directory partition is replicated among all DNS servers that
are also domain controllers in an Active Directory domain. The
ForestDnsZones application directory partition is replicated among all
DNS servers that are also domain controllers in an Active Directory
forest. Each of these application directory partitions is designated by a
DNS subdomain and an FQDN. For example, in an Active Directory domain
named bern.lucernepublishing.com whose root domain in the Active
Directory forest is lucernepublishing.com, the built-in DNS application
partition directories are specified by these FQDNs:
DomainDnsZones.bern.lucernepublishing.com and
ForestDnsZones.lucernepublishing.com.
When you select the To All DNS Servers In The Active Directory
Forest option in the Change Zone Replication Scope dialog box, you are
in fact choosing to store DNS zone data in the ForestDnsZones
application directory partition. When you select the To All DNS Servers
In The Active Directory Domain option, you are choosing to store DNS
zone data in the DomainDnsZones application directory partition.
Note
If either of these
application directory partitions is deleted or damaged, you can recreate
them in the DNS console by right-clicking the server node and selecting
Create Default Application Directory Partitions. |
Creating
custom application directory partitions
You can also create your own custom application
directory partitions for use with DNS and enlist chosen domain
controllers in your network to host replicas of this partition.
To accomplish this task, first
create the partition by typing the following command:
dnscmd
[servername] /
createdirectorypartition FQDN
Then enlist other DNS servers
in the partition by typing the following command:
dnscmd servername
/ enlistdirectorypartition FQDN
For example, to create an
application directory partition named SpecialDns on a computer named
Server1 in the Active Directory domain contoso.com, type the following
command:
dnscmd
server1 /createdirectorypartition SpecialDns.contoso.com
To enlist a computer named Server2 in the
application directory partition, type the following command:
dnscmd server2
/enlistdirectorypartition SpecialDns.contoso.com
Note
You must be a member of the
Enterprise Admins group to create an application directory partition. |
To store DNS data in a
custom application directory partition, select the fourth (bottom)
option in the Change Zone Replication Scope dialog box, and specify the
custom application directory partition in the drop-down list box. This
option—To All Domain Controllers Specified In The Scope Of The Following
Application Directory Partition—is available only if custom application
directory partitions are available for DNS on your network.
Replication with Windows 2000 servers
Because application directory
partitions are not available on Windows 2000 domain controllers, you
must select the third option in the Change Zone Replication Scope dialog
box if you want the zone data to be read by Windows 2000 DNS servers.
With this option—To All Domain Controllers In the Active Directory
Domain—data is not replicated merely among all DNS server domain
controllers, but among all domain controllers regardless of whether they
are also DNS servers.
Tip
Expect to be
tested on application directory partition concepts and commands, as well
as the options in the Change Zone Replication Scope dialog box. |
Zone File Name
For standard zones not
stored in Active Directory, the default zone filename is created by
adding a .dns extension to the zone name. The Zone File Name text box on
the General tab allows you to change the default name of this file.
Dynamic Updates
The General tab also
allows you to configure a zone with dynamic updates in resource
records. As shown in Figure 6, three dynamic update settings are available for Active
Directory–integrated DNS zones: None, Nonsecure And Secure, and Secure
Only. For standard zones, only two settings are available: None and
Nonsecure And Secure.
When
you select the None setting in the properties for a zone, you must
manually perform registrations and updates to zone records. However,
when you enable either the Nonsecure And Secure setting or the Secure
Only setting, client computers can automatically create or update their
own resource records. This functionality greatly reduces the need for
manual administration of zone records, especially for DHCP clients and
roaming clients.
Figure 7 shows a typical dynamic update process.
Whenever
a triggering event occurs on a DNS client computer, the DHCP Client
service, not the DNS Client service, attempts to perform a dynamic
update of the A resource record with the DNS server. This update process
is designed so that if a change to the IP address information occurs
because of DHCP, this update is immediately sent to the DNS server. The
DHCP Client service attempts to perform this dynamic update function for
all network connections used on the system, including those not
configured to use DHCP. Whether this attempt at a dynamic update is
successful depends first and foremost on whether the zone has been
configured to allow dynamic updates.
