Windows 2000 DNS Clients and Servers
The first portion of the chapter defines the different types of zones that can be created and how to configure a DNS name server to support those zones. The second portion of the chapter will cover installing and configuring the DNS service and provides information on various DNS clients and what capabilities of the Windows 2000 DNS service they can use.
The two main categories of zone you can create with the Windows 2000 DNS service are standard zones and Active Directory Integrated zones. A standard zone is created as a text file stored in the DNS directory on the name server's hard disk. An Active Directory Integrated zone is stored as part of the Windows 2000 Active Directory and does not have a text file associated with it.
With DNS name servers that host standard zones, one name server is configured to maintain a read/write copy of the zone database. All changes to that zone are made on the name server hosting the primary zone database file and, as changes are made to the database on that name server, it sends the database updates to other name servers. In this manner, there are several name servers that can respond to queries from client resolvers and other name servers, which balances the workload among several servers and provides some fault-tolerance if one of the name servers is not functioning properly.
The following are the types of standard zones that can be created:
Standard PrimaryA standard primary zone is the read/write copy of the zone database. Changes made to the zone database must be made on the name server that contains the primary zone database.
Standard SecondaryA standard secondary zone is the read-only copy of the zone database. Changes made to the zone database are made on the name server that hosts the primary zone database file and then, using an update process, a name server hosting a secondary copy of the zone receives updates.
in-addr.arpaAn in-addr.arpa zone is used for reverse lookup and would be used to support reverse lookup queries. That is, an IP address is provided and resolved to a name. The information in these zones is typically used by network applications for verification rather than identification or as a tool for monitoring and troubleshooting the DNS service.
Active Directory Integrated Zone
Active Directory Integrated zones get their name from the Windows 2000 Active Directory. The reason for this is an Active Directory Integrated zone is created using the DNS tool, but it is stored in the Active Directory instead of as a file on the name server's hard disk. Because an Active Directory Integrated zone is part of the Active Directory, the name server hosting this type of zone must also be a Windows 2000 domain controller.
Active Directory is directory service provided with Windows 2000 networking. The information in Active Directory defines what network objects can be created and what attributes each object can have. Active Directory provides a hierarchical structure employed by users and administrators to organize and locate resources, as well as manage a network and implement security.
Windows 2000 Active Directory is based on a multiple master model, which means there is not one specific computer that maintains the Active Directory. Changes to the Active Directory can be made on any domain controller, and those changes are propagated to all the domain controllers for the domain.
Because an Active Directory Integrated zone is stored in Active Directory, there is no primary or secondary zone hosted on a single name server. Rather, changes to an Active Directory Integrated zone can be made on any name server hosting the zone, and those changes will be propagated to all the name servers through Active Directory replication. The following are the types of Active Directory Integrated zones that can be created:
Forward Lookup Zone An Active Directory Integrated forward lookup zone serves the same purpose as a standard primary zone but is maintained differently. The zone database is not stored in a file on the name server; it is stored as part of the Active Directory information. Because any name server that hosts an Active Directory Integrated zone has a read/write copy of the zone and can make changes to the zone information, there is no primary or secondary zone. Replication is performed through the Active Directory replication process, which is performed through a secure, encrypted replication process.
Reverse Lookup ZoneA reverse lookup zone is used for reverse lookup and is similar to the standard in-addr.arpa zone. The reverse lookup zone is stored and updated in the same manner as the Active Directory Integrated forward lookup zone.