Zone Management Facts Flashcards
Primary
The primary zone contains the master copy of a zone.
The server that holds the primary zone is called a primary server .
Zone data is stored in a text file.
The primary zone is the only writeable copy of the zone.
Zone changes can be made to only the primary zone.
Each zone can have only a single primary server.
The primary zone sends updates to the secondary zone using zone transfers.
Permission is required to get a copy of the zone. The permission should be set in the primary zone.
Secondary
A secondary zone is a read-only copy of the zone.
A server that holds a secondary zone is called a secondary server .
Changes cannot be made to the records in a secondary zone.
Secondary servers receive copies of zone data from other servers using zone transfer.
Secondary servers can receive zone data from the primary server or other secondary servers.
Zone transfers are always initiated by the secondary zone.
The zone transfer is based on the serial number of the SOA (Start of Authority) record.
The SOA record is the first record created for a zone.
The SOA record identifies the zone and the primary server for the zone.
The serial number for the SOA record is incremented whenever there is a change to the SOA record.
Triggers for zone transfers are as follows:
Refresh interval specifies the amount of time between requests for the primary zone’s SOA record.
DNS Notify lists the servers to be notified. The primary server sends a notification to the secondary server that a change has been made. The secondary server then initiates a zone transfer by requesting a copy of the SOA record.
Zone data is stored as clear text. You should use IPsec to secure the zone transfer.
Active Directory-integrated
An Active Directory-integrated (ADI) zone stores zone data in the Active Directory database instead of a text file.
Active Directory-integrated zones are multi-master zones, meaning that changes to the zone information can be made by multiple servers that hold read-write copies of the zone data.
Only DNS servers that are domain controllers can host Active Directory-integrated zones.
Zone data is stored in Active Directory. Replication of zone data occurs during Active Directory replication.
Storing zone data in Active Directory provides automatic replication, fault tolerance, and distributed administration of DNS data.
Zone transfers are secure because the Active Directory replication process is encrypted.
Active Directory-integrated zones support secure dynamic updates.
Dynamic updates allow DNS clients to contact the server and update their records when their IP address changes.
Only members of the domain can update records.
The client who created the DNS record becomes its owner.
You can configure a secondary server to get zone data from an Active Directory-integrated zone.
Active Directory-integrated replication scopes allow you to specify which domain controllers will store a copy of the zone data. The choices are:
All domain controllers in the domain, even if they are not running DNS.
All domain controllers in the domain that have DNS installed.
All domain controllers in the forest that have DNS installed.
Chosen domain controllers through an application partition.
Use application partition to specify which domain controllers have a copy of the zone data.
The Active Directory database is stored in partitions. When you use application partition, you change the partition that the zone information is stored in.
To set up an application partition:
D nscmd /createdirectory creates the partition.
Dnscmd /enlistdirectorypartition specifies the domain controllers included in the application partition.
A (host address)
Maps an IPv4 (32-bit) DNS host name to an IP address. This is the most common resource record type.
AAAA (Quad-A)
Maps an IPv6 (128-bit) DNS host name to an IP address.
Pointer (PTR)
Maps an IP address to a host name (by pointing to an A record).
Canonical Name
(CNAME)
Provides alternate names (or aliases) to hosts that already have a host record. For example:
sales.testout can be mapped to the IP address of testout.com
If a single A record is used with multiple CNAME records, when the IP address changes, only the A record needs to be modified.
Mail Exchange
(MX)
Identifies servers used for handling email
TXT
Stores plaintext notes in a DNS zone. This record type can be used to help prevent email spam and domain ownership verification.
Start of Authority
(SOA)
Stores all of the administration information about the DNS zone. For example, the administrator’s email address, TTL values, primary name server, and more information is recorded in this file.
SOA records are very important in the zone transfer process.
Name server
(NS)
Defines the authoritative server for a specific domain. This record identifies all name servers that can perform name resolution for the zone.
Typically, there is an entry for the primary server and all secondary servers for the zone (all authoritative DNS servers).