• Tìm kiếm

DNS zones in DNS Server on Windows Server

  • 11,000
  • Tác giả: admin
  • Ngày đăng: 05:10 15/12/2024
  • Lượt xem: 11
  • Tình trạng: Còn hàng

A DNS zone is the specific portion of a DNS namespace that's hosted on a DNS server. A DNS zone contains resource records, and the DNS server responds to tướng queries for records in that namespace. For example, the DNS server that's authoritative for resolving www.contoso.com to tướng an IP address would host the contoso.com zone.

DNS zone nội dung can be stored in a tệp tin or in Active Directory Domain Services (AD DS). When the DNS server stores the zone in a file:

  • That tệp tin is in a local thư mục on the server.
  • Only one copy of the zone is writable.
  • Other copies, which are read-only, are referred to tướng as secondary zones.

DNS zones stored in AD DS are known as Active Directory-integrated zones. Active Directory-integrated zones are available only on tên miền controllers with the DNS Server role installed.

DNS zone types

The DNS Server service supports the following types of zone:

  • Primary zone.
  • Secondary zone.
  • Stub zone.
  • Reverse lookup zone.

Primary zones

A DNS server hosting a primary zone is the primary source for information about this zone. It stores the zone data in a local tệp tin or in AD DS. To create, edit, or delete resource records, you must use the primary zone. Secondary zones are read-only copies of primary zones.

You can store a standard primary zone in a local tệp tin, or you can store zone data in AD DS. When you store zone data in AD DS other features are available, such as secure dynamic updates and the ability for each tên miền controller that hosts the zone to tướng function as a primary and be able to tướng process updates to tướng the zone. When the zone is stored in a tệp tin, by mặc định the primary zone tệp tin is named zone_name.dns, and it's located in the %windir%\System32\Dns thư mục on the server.

When you deploy Active Directory, a DNS zone that is associated with your organization’s AD DS tên miền name is automatically created. By mặc định the AD DS DNS zone replicates to tướng any other tên miền controller configured as a DNS server in the tên miền. You can also configure Active Directory Integrated DNS zones to tướng replicate to tướng all tên miền controllers within an AD DS forest, or specific tên miền controllers enrolled in a particular AD DS tên miền partition.

Secondary zone

A secondary zone is a read-only copy of a primary zone. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to tướng the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is only a copy of a primary zone that is hosted on another server, it can't be stored in AD DS as an Active Directory Integrated zone.

In most cases, a secondary zone periodically copies resource records directly from the primary zone. But in some complex configurations, a secondary zone can copy resource records from another secondary zone.

Stub zone

A stub zone only contains information about the authoritative name servers for the zone. The zone hosted by the DNS server must obtain its information from another DNS server that hosts the zone. This DNS server must have network access to tướng the remote DNS server to tướng copy the authoritative name server information about the zone.

You can use stub zones to:

  • Keep delegated zone information current. The DNS server updates the stub records for its child zones regularly, the DNS server that hosts both the parent zone and the stub zone maintains a current list of authoritative DNS servers for the child zone.
  • Improve name resolution. Stub zones enable a DNS server to tướng perform recursion using the stub zone's list of name servers, without having to tướng query the Internet or an internal root server for the DNS namespace.
  • Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones don't serve the same purpose as secondary zones, and they aren't an alternative for enhancing redundancy and load sharing.

There are two lists of DNS servers involved in the loading and maintenance of a stub zone:

  • The list of name servers from which the DNS server loads and updates a stub zone. A name server may be a primary or secondary DNS server for the zone. In both cases, it has a complete list of the DNS servers for the zone.
  • The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records.

When a DNS server loads a stub zone, such as widgets.tailspintoys.com, it queries the name servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.tailspintoys.com. The list of name servers may contain a single server or multiple servers, and it can be changed anytime.

A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative Domain Name System (DNS) servers for that zone. Typically, you use a stub zone to tướng resolve names between separate DNS namespaces.

When working with sub zones, you should consider:

  • The stub zone can't be hosted on a DNS server that is authoritative for the same zone.
  • If you integrate the stub zone into AD DS, you can specify if the DNS server hosting the stub zone uses a local list of name servers or the list stored in AD DS. If you want to tướng use a local name servers list, you must have the IP addresses for each name server.

Reverse lookup zones

In most Domain Name System (DNS) lookups, clients typically perform a forward lookup, which is a search that is based on the DNS name of another computer as it is stored in a host (A) resource record. This type of query expects an IP address as the resource data for the answered response.

DNS also provides a reverse lookup process, in which clients use a known IP address and look up a computer name based on its address. A reverse lookup takes the sườn of a question, such as "Can you tell u the DNS name of the computer that uses the IP address 192.168.1.20?"

The in-addr.arpa tên miền was defined in the DNS standards and reserved in the Internet DNS namespace to tướng provide a practical and reliable way to tướng perform reverse queries. To create the reverse namespace, subdomains within the in-addr.arpa tên miền are formed, using the reverse ordering of the numbers in the dotted-decimal notation of IP addresses.

The in-addr.arpa tên miền applies to tướng all TCP/IP networks that are based on Internet Protocol version 4 (IPv4) addressing. The New Zone Wizard automatically assumes that you're using this tên miền when you create a new reverse lookup zone.

The order of IP address octets must be reversed when the in-addr.arpa tên miền tree is built. The IP addresses of the DNS in-addr.arpa tree can be delegated to tướng organizations as they're assigned a specific or limited mix of IP addresses within the Internet-defined address classes.

Zone transfer settings

Zone transfers allow you to tướng control the circumstances under which a secondary zone to tướng be replicated from a primary zone. To improve the security of your DNS infrastructure, allow zone transfers only for either the DNS servers in the name server (NS) resource records for a zone or for specified DNS servers. If you allow any DNS server to tướng perform a zone transfer, you're allowing internal network information to tướng be transferred to tướng any host that can liên hệ your DNS server.

Zone delegation

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to tướng another location or department in your organization by delegating the management of the corresponding zone. For example, delegating the australia.contoso.com zone from the contoso.com zone.

When you delegate a zone, remember that for each new zone that you create, you need delegation records in other zones that point to tướng the authoritative DNS servers for the new zone. Delegation records are necessary both to tướng transfer authority and to tướng provide correct referral to tướng other DNS servers and clients of the new servers that are being made authoritative for the new zone.

Next steps

  • Manage DNS zones using DNS server
  • DNS Policies Overview
  • Anycast DNS overview