DNS Solution Summary (MCP Series)

Primary Zone

Use a primary zone on servers that are not domain controllers or windows servers and need to host an editable copy of zone data.

Secondary Zone

Use a secondary zone on servers that are not domain controllers or windows servers and do not need to host an editable copy of zone data. Secondary servers provide fault tolerance and load balancing and reduce name resolution traffic over WAN links. A secondary DNS server can be a secondary to a AD-I Zone.

Active Directory Integrated Zone

Use an AD-I zone on servers that are Windows Domain Controllers. AD-I zones allow updates on any AD-I DNS Server and replicate information through standard AD replication (instead of Zone Transfers).

Caching Only Server

A caching only server is used to prevent zone transfer traffic over a WAN. Over a longer period of time a Caching Only Server will also reduce name resolution traffic over the WAN.

Reverse Lookup Zone

A reverse look up zone allows clients to find the IP address for a specific host name. You might require a reverse look up zone for one of the following reasons:

  • To allow the use of NSLOOKUP by IP address
  • To use IP filtering in IIS
  • To accommodate applications that rely on reverse look ups
Zone Delgation

Zone delegation allows an administrator to delegate administration of a particular zone to another administrator. For example: The IT Operations Manager might delegate sales.company.local to the Sales IT Manager and the DNS server in that zone.


Forwarders are used to send queries to other servers when the current server can't resolve a query. Forwarders are disabled on servers that have a "." (root) zone configured.

Conditional Forwarding

Conditional forwarding is used to send queries for specific domains to specific DNS servers for that domain. Condition Forwarding also works on servers that have a "." (root) zone configured.

Root Zone

A root zone makes your server authoritative for the entire Internet. A DNS server with a root zone will not forward queries or use recursion.

Root Hints

Root hints are contained in the cache.dns file and a backup file is located in the backup folder. By default, root hints point to the Internet root servers. If you have configured an internal root server you should configure your other internal DNS servers to point to your internal root server by removing all the default root hints and configuring your own.

Dynamic DNS

Dynamic DNS allows (capable) clients to update DNS records. Incapable clients (Windows 98) can have their DNS records updated by the DHCP server. Clients attempt to update the DNS server by default in Windows 2000+ operating systems.

Secure Updates

Secure updates prevent unauthorised updates to the DNS database by only allowing domain members to update DNS records. Secure updates are only available on Active Directory Integrated Zones.

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

gPLink and gPOptions

PSLoggedOn Getting Started on Windows Server 2008 R2