Windows 7 / Networking

Deploying a DNS server

The process of actually deploying a DNS server on a Windows Server 2012 computer is simply a matter of installing the DNS Server role, using the Add Roles and Features Wizard in Server Manager. The actual installation requires no additional input; there are no additional pages in the wizard and no role services to select.

Once you install the DNS Server role, the computer is ready to perform caching-only name resolution services for any clients that have access to it. The role also installs the DNS Manager console, which you use to configure the DNS server's other capabilities. To configure the server to perform other services, consult the following sections.

Creating zones

A zone is an administrative entity you create on a DNS server to represent a discrete portion of the DNS namespace. Administrators typically divide the DNS namespace into zones to store them on different servers and to delegate their administration to different people. Zones always consist of entire domains or subdomains. You can create a zone that contains multiple domains, as long as those domains are contiguous in the DNS namespace. For example, you can create a zone containing a parent domain and its child, because they are directly connected, but you cannot create a zone containing two child domains without their common parent, because the two children are not directly connected.

You can divide the DNS namespace into multiple zones and host them on a single DNS server if you want to, although there is usually no persuasive reason to do so. The DNS server in Windows Server 2012 can support as many as 200,000 zones on a single server, although it is hard to imagine a scenario that would require that many. In most cases, an administrator creates multiple zones on a server and then delegates most of them to other servers, which then become responsible for hosting them.

Every zone consists of a zone database, which contains the resource records for the domains in that zone. The DNS server in Windows Server 2012 supports three zone types, which specify where the server stores the zone database and what kind of information it contains. These zone types are as follows:

  • Primary zone: Creates a primary zone that contains the master copy of the zone database, where administrators make all changes to the zone's resource records. If the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) check box is cleared, the server creates a primary master zone database file on the local drive. This is a simple text file that is compliant with most non-Windows DNS server implementations.
  • Secondary zone: Creates a duplicate of a primary zone on another server. The secondary zone contains a backup copy of the primary master zone database file, stored as an identical text file on the server's local drive. You can only update the resource records in a secondary zone by replicating the primary master zone database file, using a process called a zone transfer.
  • Stub zone: Creates a copy of a primary zone that contains the key resource records that identify the authoritative servers for the zone. The stub zone forwards or refers requests. When you create a stub zone, you configure it with the IP address of the server that hosts the zone from which you created the stub. When the server hosting the stub zone receives a query for a name in that zone, it either forwards the request to the host of the zone or replies with a referral to that host, depending on whether the query is recursive or iterative.

DNS was designed long before Active Directory, so most of the Internet relies on primary and secondary zones using text-based database files. The most common DNS server implementation on the Internet is a UNIX program called bind that uses these databases.

However, for DNS servers supporting internal domains, and especially AD DS domains, using the Windows DNS server to create a primary zone and store it in Active Directory is the recommended procedure. When you store the zone in the AD DS database, you do not have to create secondary zones or perform zone transfers, because AD DS takes the responsibility for replicating the data, and whatever backup solution you use to protect Active Directory protects the DNS data as well.

USING ACTIVE DIRECTORY-INTEGRATED ZONES

When you are running the DNS server service on a computer that is an Active Directory Domain Services domain controller and you select the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) check box while creating a zone in the New Zone Wizard, the server does not create a zone database file. Instead, the server stores the DNS resource records for the zone in the AD DS database. Storing the DNS database in Active Directory provides a number of advantages, including ease of administration, conservation of network bandwidth, and increased security.

In Active Directory-integrated zones, the zone database is replicated automatically to other domain controllers, along with all other Active Directory data. Active Directory uses a multiple master replication system so that copies of the database are updated on all domain controllers in the domain. You can modify the DNS resource records on any domain controller hosting a copy of the zone database, and Active Directory will update all of the other domain controllers automatically. You don't have to create secondary zones or manually configure zone transfers, because Active Directory performs all database replication activities.

By default, Windows Server 2012 replicates the database for a primary zone stored in Active Directory to all the other domain controllers running the DNS server in the AD DS domain where the primary domain controller is located. You can also modify the scope of zone database replication to keep copies on all domain controllers throughout the enterprise, or on all domain controllers in the AD DS domain, whether or not they are running the DNS server. You can also create a custom replication scope that copies the zone database to the domain controllers you specify.

Active Directory conserves network bandwidth by replicating only the DNS data that has changed since the last replication, and by compressing the data before transmitting it over the network. The zone replications also use the full security capabilities of Active Directory, which are considerably more robust than those of file-based zone transfers.

CREATING AN ACTIVE DIRECTORY ZONE

To create a new primary zone and store it in Active Directory, use the following procedure.

  1. Log on to the Windows Server 2012 domain controller using an account with Administrative privileges. The Server Manager window opens.
  2. Click Tools > DNS to open the DNS Manager console.
  3. Expand the server node and select the Forward Lookup Zones folder.
  4. Right-click the Forward Lookup Zones folder and, from the shortcut menu, select New Zone. The New Zone Wizard starts.
  5. Click Next to bypass the Welcome page and open the Zone Type page.
  6. Leave the Primary Zone option and the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) check box selected and click Next. The Active Directory Zone Replication Scope page opens.
  7. Click Next. The Zone Name page opens.
  8. Specify the name you want to assign to the zone in the Zone Name text box and click Next. The Dynamic Update page opens.
  9. Select one of the following options:
    • Allow Only Secure Dynamic Updates
    • Allow Both Nonsecure And Secure Dynamic Updates
    • Do Not Allow Dynamic Updates
  10. Click Next. The Completing the New Zone Wizard page opens.
  11. Click Finish. The wizard creates the zone.
  12. Close the DNS Manager console.

Once you have created a primary zone, you can now proceed to create resource records that specify the names of the hosts on the network and their equivalent IP addresses.

[Previous] [Contents] [Next]

In this tutorial:

  1. Deploying and configuring core network services
  2. Configure IPv4 and IPv6 addressing
  3. Classless Inter-Domain Routing
  4. IPv4 subnetting
  5. Assigning IPv4 addresses
  6. IPv6 addressing
  7. IPv6 address types
  8. Assigning IPv6 addresses
  9. Planning an IP transition
  10. Tunneling
  11. Configure servers
  12. DHCP communications
  13. Deploying a DHCP serve
  14. Using PXE
  15. Deploying a DHCP relay agent
  16. Deploy and configure the DNS service
  17. DNS server caching
  18. DNS forwarders
  19. Deploying a DNS server
  20. Creating resource records