Zone Type Description
Primary The primary zone is the master copy of a zone database.
• The primary zone is the only writeable copy of the zone database.
• Changes to the zone can only be made to the primary zone.
• The server that holds the primary zone is called a primary server.
• Each zone can have only a single primary zone server.
• Zone data is stored in a text file.
Secondary A secondary zone is a read-only copy of the zone database.
• Changes cannot be made to the records in a secondary zone.
• A server that holds a secondary zone is called a secondary server.
• Secondary servers copy zone data from other servers through a process called zone transfer.
• Secondary servers can copy zone data from the primary server or other secondary servers.
• Zone data is stored in a text file.
Active Directory-integrated An Active Directory-integrated zone holds zone data in Active Directory instead of a text file.
• Active Directory-integrated zones are multi-master zones, meaning that changes to the zone information can be made by multiple servers. Multiple servers hold read-write copies of the zone data.
• Only DNS servers that are domain controllers can host Active Directory-integrated zones.
• Zone data is stored in Active Directory. Replication of zone data occurs during Active Directory replication.
• Storing zone data in Active Directory provides automatic replication, fault tolerance, and distributed administration of DNS data.
• You can configure a secondary server to get zone data from an Active Directory-integrated zone. However, you cannot have a primary zone and an Active Directory-integrated zone for the same zone.
The zone types above describe the read-write capabilities and the storage location of zone data. In addition, zones are classified as one of two types:
• A forward lookup zone provides hostname-to-IP address resolution. Clients query the DNS server with the hostname, and receive the IP address in return.
• A reverse lookup zone provides IP address-to-hostname resolution. Clients query the DNS server with the IP address, and receive the hostname in return.
Common Resource Records
Entries for hostnames, IP addresses, and other information in the zone database are stored in records. Each host has at least one record in the DNS database that maps the hostname to the IP address. The following table lists common resource records.
Record Type Use
SOA (Start of Authority) The first record in any DNS database file is the SOA. It defines the general parameters for the DNS zone, and it is assigned to the DNS server hosting the primary copy of a zone. There is only one SOA record, and it is the first record in the zone database file. The SOA record includes parameters such as the authoritative server and the zone file serial number.
NS (name server) The NS resource record identifies all name servers that can perform name resolution for the zone. Typically, there is an entry for the primary server and all secondary servers for the zone (all authoritative DNS servers).
A (host address) The A record maps an IPv4 (32-bit) DNS host name to an IP address. This is the most common resource record type.
Namespace Design Facts
Most organizations have both a public Internet domain and a domain that is used on the private network for Active Directory. For this reason, DNS namespace design is an important consideration when configuring DNS. Namespace design has the following goals:
• Allow internal users to access internal resources.
• Allow external users to access external resources.
• Allow internal users to access external public resources.
• Prevent external users from accessing internal resources.
The table below describes different methods for accomplishing these goals.
Same internal and external domain name With this