• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft DNS Articles
• Understanding DNS
• Understanding Host Name Resolution
• Configuring DNS Clients
• DNS and Active Directory Integration
• DNS Server Roles
• Installing and Configuring DNS
• Integrating DNS Server with DHCP and WINS
• Monitoring and Troubleshooting DNS
• Planning and Implementing a DNS Namespace
• Planning DNS Zone Replication
• Securing DNS
• Securing DNS Servers
• Understanding DNS Queries and Lookups
• Understanding DNS Zones
• Renaming Domains
• Articles Menu
• » Windows Server
• » Microsoft Networking
• » Microsoft Security
• » Active Directory
• » Microsoft IIS
• » Microsoft IPSec
• » Microsoft DNS
• » Microsoft DHCP
• » Microsoft WINS
• » Microsoft Filesystems
• » Remote Access
• » Microsoft Exchange
• » Microsoft SMS
• » Microsoft ISA Server
• » Microsoft Biztalk Server
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

DNS and Active Directory Integration

DNS and Active Directory Integration Overview

DNS is the primary name registration and resolution service in Windows 2000 and Windows Server 2003, and provides a hierarchically distributed and scalable database; provides name registration, name resolution and service location for Windows 2000 and Windows Server 2003 clients; and locates domain controllers for logon. A DNS server is a computer running the DNS Server service that provides domain name services. The DNS server manages the DNS database that is located on it. The information in the DNS database of a DNS server pertains to a portion of the DNS domain tree structure or namespace

A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority, or is authoritative. A zone is a portion of a namespace - it is not a domain. A domain is a branch of the DNS namespace. A DNS zone can contain one or more contiguous domains. A DNS server can be authoritative for multiple DNS zones. Zone files store resource records for the zones over which a DNS server has authority

In DNS, a standard primary DNS server is the authoritative DNS server for a DNS zone. There are a number of zones used in Windows Server 2003 DNS. The different types of zones used in Windows Server 2003 DNS are listed below:

• Primary zone: This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary zone.
• Secondary zone: A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.
• Active Directory-integrated zone: An Active Directory-integrated zone is a zone that stores its zone data in Active Directory. DNS zone files are not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security features of Active Directory.
• Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to identify the authoritative DNS servers for the master zone.

The main zone types used in Windows Server 2003 DNS environments are primary zones and Active Directory-integrated zones. Both primary zones and secondary zones are standard DNS zones that use zone files. The main difference between primary zones and secondary zones is that primary zones can be updated. Secondary zones contain read-only copies of zone data.

An Active Directory-integrated zone can be defined as an improved version of a primary DNS zone because it can use multi-master replication and the security features of Active Directory. The zone data of Active Directory-integrated zones are stored in Active Directory. Active Directory-integrated zones are authoritative primary zones.

A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementations are:

• Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far less.
• The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.
• Active Directory-integrated zones can enjoy the security features of Active Directory.
• The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This in turn reduces administrative overhead.
• When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored on any new domain controllers automatically. Synchronization takes place automatically when new domain controllers are deployed.

How to create an Active Directory-integrated zone

1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. In the console tree, select the DNS server that you want to create a new DNS zone.
3. From the Action menu, click the New Zone option.
4. On the initial page of the New Zone Wizard, click Next.
5. Select the zone type that you want to create. The options are Primary, to create a new standard primary zone; Secondary, to create a copy of the primary zone; and Stub, to create a copy of zone but for only the NS record, SOA record, and the glue A record.
6. Select the default selected option - Primary zone.
7. To integrate the new zone with Active Directory, and if the DNS server is a domain controller; then you can select the Store the zone in Active Directory (available only if DNS server is a domain controller) checkbox.
8. Click Next.
9. On the Active Directory Zone Replication Scope page, accept the default setting for DNS replication: To all domain controllers in the Active Directory domain. Click Next.
10. Select the Forward lookup zone option on the following page which is displayed by the New Zone Wizard, and then click Next.
1
11. Enter a zone name for the new zone. Click Next.
1
12. The options that you can select on the following page pertain to dynamic updates. The Allow only secure dynamic updates (recommended for Active Directory) option is only available if you are using Active Directory-integrated zones. Click Next.
1
13. Click Finish to add the new zone to your DNS server.

Related Articles on DNS

• What is DNS?
• How do I flush DNS?
• How do I find my DNS servers?
• What are public DNS servers?
• How do I perform a DNS lookup?
• What is reverse DNS?
• What is a dynamic DNS?
• What are DNS root servers?
• Understanding DNS

Bookmark DNS and Active Directory Integration

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum