Use a primary zone on servers that are not domain controllers or windows servers and need to host an editable copy of zone data.
Use a secondary zone on servers that are not domain controllers or windows servers and do not need to host an editable copy of zone data. Secondary servers provide fault tolerance and load balancing and reduce name resolution traffic over WAN links. A secondary DNS server can be a secondary to a AD-I Zone.
Active Directory Integrated Zone
Use an AD-I zone on servers that are Windows Domain Controllers. AD-I zones allow updates on any AD-I DNS Server and replicate information through standard AD replication (instead of Zone Transfers).
Caching Only Server
A caching only server is used to prevent zone transfer traffic over a WAN. Over a longer period of time a Caching Only Server will also reduce name resolution traffic over the WAN.
Reverse Lookup Zone
A reverse look up zone allows clients to find the IP address for a specific host name. You might require a reverse look up zone for one of the following reasons:
- To allow the use of NSLOOKUP by IP address
- To use IP filtering in IIS
- To accommodate applications that rely on reverse look ups
Zone delegation allows an administrator to delegate administration of a particular zone to another administrator. For example: The IT Operations Manager might delegate sales.company.local to the Sales IT Manager and the DNS server in that zone.
Forwarders are used to send queries to other servers when the current server can't resolve a query. Forwarders are disabled on servers that have a "." (root) zone configured.
Conditional forwarding is used to send queries for specific domains to specific DNS servers for that domain. Condition Forwarding also works on servers that have a "." (root) zone configured.
A root zone makes your server authoritative for the entire Internet. A DNS server with a root zone will not forward queries or use recursion.
Root hints are contained in the cache.dns file and a backup file is located in the backup folder. By default, root hints point to the Internet root servers. If you have configured an internal root server you should configure your other internal DNS servers to point to your internal root server by removing all the default root hints and configuring your own.
Dynamic DNS allows (capable) clients to update DNS records. Incapable clients (Windows 98) can have their DNS records updated by the DHCP server. Clients attempt to update the DNS server by default in Windows 2000+ operating systems.
Secure updates prevent unauthorised updates to the DNS database by only allowing domain members to update DNS records. Secure updates are only available on Active Directory Integrated Zones.