DNS Servers and Zones

Primary DNS Servers

A DNS Server contains zone files. If a DNS Server is authoritative over a zone file, it has full control over it. A Primary DNS Server can update, make additions to, modify and delete records in the zone file. The Primary DNS Server is the only place modifications to the domain can be made. Primary DNS Servers are authoritative over the zones that they contain. Multiple Primary DNS Servers can be authoritative for the same zone, any changes to the zone file will be replicated to all other DNS Servers.

Secondary DNS Servers

A Secondary DNS Server contains backup copies of a zone file and can only read information from the zone file. A Secondary DNS Server cannot update or delete records from the zone file it contains. Any changes that need to be made to the zone file have to be made on the Primary DNS Server. These changes are then replicated to the secondary DNS server. Secondary DNS Servers are used for load-balancing and fault-tolerance.

Use the buttons below to navigate through the lesson

Forward Lookup Zones

A Forward lookup is the most common form of DNS lookup. This type of lookup converts a hostname into an IP address. A Forward Lookup-Zone contains Name to IP Address mappings. Each zone file consists of a number of resource records (RR’s). Resource records (RR’s) contain information about certain resources on the network.

Resource Records

There are several types of resource records (RR’s) that can be found in a zone file:

  • A (Host) Record: Is used to associate a host’s name to an IP address.
  • CNAME (Alias): An IP Address can have more than one name. Some Web Sites, for example, have several Web Servers for load balancing, each with different IP Addresses. A query to www.microsoft.com will give you several possible IP Addresses all pointing to the same web-site.
  • MX (Mail Exchanger): A Mail record used to indicate where mail for the domain should go.
  • The Name Server Record (NS): Shows which DNS Servers are authoritative for this zone.
  • Start of Authority (SOA) Record: This is the first record in the database file and contains information about the zone file.
  • Service (SRV) Records. These contain the IP addresses of different services on the domain, e.g. the services used to logon and query Active Directory. Domains could not function without SRV records.

Reverse Lookup Zones

A Reverse Lookup-Zone contains IP Address to Name mappings. This allows the computer to do reverse queries, some applications need to be able to make reverse lookup queries. Reverse Lookup Zones contain the following Resource Records.

  • Pointer Record: (Does the opposite of the A record it maps an IP address to a host name. By having the two types of records it is possible to do a reverse lookup.)
  • CNAME (Alias)
  • The Start of Authority (SOA) record
  • The Name Server Record (NS)

When doing reverse-lookups, DNS uses the same principle as a forward query. The IP address is reversed allowing queries to start from the least specific to the most specific. The special domain name in_addr.arpa is used for reverse lookups. e.g. A query about the hostname of would result in a query to a zone-file called 0.1.10.in_addr.arpa.

Active Directory Integrated Zones

Active Directory Integrated Zones store the same information as standard Zone Files, however the information is stored and replicated with the Active Directory. There are no Primary or Secondary Zones. All zones are multi-master, which means that you can update any of the zones and the changes will be replicated.

Active Directory zones as well as standard Windows Server 2003 zones use IXFR (Incremental Zone Transfers), which means that when a change is made to a zone file, only that change is replicated instead of the entire database. This can lower network traffic between DNS Servers. Active Directory Zones allow for secure, dynamic updates. Updates to the DNS zone are done automatically and only clients who are a member of the forest can register.

Stub Zones

A stub-zone contains a partial copy of another zone. The zone contains only the NS and SOA records for its master zone. Stub zones identify the servers that are authoritative for the master zone and the servers that are authoritative for its child zones below the master in the namespace.
Stub zones are mainly used to keep track of name servers in delegated child zones when there are a great deal of children.

Root Servers

If your Windows Network isn’t connected to the Internet or if you want to prevent users querying anything on the Internet, you can configure a DNS server to contain its own root zone. The Root Zone is treated as the master of all queries. Nothing is ever queried above a Root Zone. A Root Zone can never be demoted and then a new Root Server placed above it. It is therefore essential that you plan your DNS implementation correctly.

Caching-Only DNS Servers

All DNS Servers store the queries that they have resolved. However caching-only DNS Servers only cache the information and don’t actually hold any sort of zone file. When a caching-only DNS Server is first started it contains no information and the cache is gradually built up over time using iterative queries to other DNS Servers that contain the information. A caching-only server is not authoritative for any zone.

Caching only servers can be used to speed up Internet access on networks. The DNS server will store any queries it makes to the Internet and speed up name resolution.

A DNS Server can be configured to forward name resolution requests to other DNS Servers. These forwarding requests can either be all unresolvable queries or queries based on domain-names (conditional).