Top 3 Products & Services
Dated: Jul. 17, 2012
Related CategoriesCisco Certifications
Networking In General
Something About DNS Zones
When a DNS serverrole is installed on a network operating system, by default forward lookup zone is automatically created and the DNS server works as Caching Only server that caches the results of all the queries that it resolves. Forward lookup zone of a DNS server resolves IP addresses to their corresponding host names, is used in most network setups in production environments.
DNS servers also allow administrators to create reverse lookup zones that resolve hostnames of the computers to their corresponding IP addresses. This is done with the help of Pointer PTR records that reverse lookup zones contain. Both forward and reverse lookup zones can be configured to work as Primary, Secondary or Stub zones. Every zone type has its own specialty, and to get efficient performance, they must be installed and configured at specific locations in production environments.
Primary zone in a DNS server is the read/write copy of the DNS zone in which DNS records are created either dynamically or manually. One DNS domain can have only one primary DNS zone for that domain. Since primary zone is a read/write copy of the DNS, according to the best practices, it must be installed in the internal network that is away from the reach of external network and is behind strong firewalls.
Unlike primary zone, one DNS domain can have multiple secondary zones. Secondary zones are the read-only copies of the primary zone of the DNS domain. When secondary zones are configured for a domain, administrators can schedule zone transfers in which DNS records are transferred from the primary (read/write) zone to the secondary (read-only) zone. DNS zone transfers are one-way in this case, i.e. from primary to the secondary zone. Since secondary DNS zones are the read only copies of the primary DNS zone and do not allow DNS records to be created on them, no unauthorized person or hacker can create false DNS records or poison the DNS database. This is the reason why secondary zones are mostly installed and configured to face the external networks, i.e. the Internet. In production environments, servers that are configured to run secondary DNS zones are located in the Demilitarized Zones or DMZ.
Stub zones contain only NS Name Servers (DNS server) records of their authoritative DNS domains. Stub zones of a DNS domain are mostly configured in child domains, from where the DNS queries for the parent domain are to be resolved. Since stub zones contain only NS records that point to the authoritative DNS domain to which they belong, they are best suited for the environments in which zone transfers rely on slow WAN links, such as 56 Kbps dial-up connections. When the address of name server of the parent DNS domain changes, stub zones automatically update their databases with the updated NS record that points to the new name server.
Irrespective of the type of zone that administrators configure while installing DNS servers, if the DNS server roles are installed on the computers that also work as Active Directory domain controllers, it is strongly recommended that the DNS zones should be integrated with the Active Directory databases. When this is done, technically the DNS zones are known as Active Directory integrated zones.
Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!