Other than that, Domain Name System also stores other types of information. For example, Internet domains that given by the list ofÂ mail serversÂ that acceptÂ email. Domain Name System is an essential component of the functionality of theÂ Internet because it providing a worldwide, distributedÂ keyword-based redirection service.
The Internet maintains two principalÂ namespaces. The two namespaces is the domain name hierarchy and theÂ Internet ProtocolÂ (IP) address system. The Domain Name System able to maintains the domain namespace. Besides that, it also provides translation services between these two namespaces. Internet name servers implement the Domain Name System. A communicationÂ protocols also implement it too.Â A DNS name server is a server that stores the DNS records for a domain name. For example address records, name server records, and mail exchanger records. DNS name server responds with answers to queries against its database.
The DNS Server role in Windows ServerÂ 2008 contains several features that able to improve the performance of the DNS Server service. It combines support for standard DNS protocols with the benefits of integration with Active Directory Domain Services (ADÂ DS). The benefits are Windows networking and security features. Besides that, it also includes advanced capabilities as secure dynamic update of DNS resource records.
The DNS Server role provides the following:
Support for Active Directory Domain Services (ADÂ DS)
DNS is required for support of ADÂ DS to give network computers. The ability to locate domain controllers is given to DNS which is required by DNS to support ADÂ DS replication. DNS zones can be stored in the domain or application directory partitions of ADÂ DS. A partition is a data container in ADÂ DS. The partition distinguishes data for different replication purposes. You able to configure which ActiveÂ Directory partition to store the zone. Besides that, also able to configure the set of domain controllers among which that zone's data will be replicated.
Conditional forwarders is the external functionality of standard forwarders provides by DNS servers. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. Conditional forwarding reduces the host name resolution time by sending DNS queries directly to the authoritative DNS servers of the host's domain. For example, you can configure a DNS server to forward all the queries it receives for names ending with corp.contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.
DNS supports a zone type called a stub zone. Stub zone work a lot like secondary zones which it database is a noneditable copy of primary zone. The stub zone's database just contains only the information necessary to indentify the authoritative DNS servers for a zone. A stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone and this helps maintain DNS name resolution efficiency.
Enhanced DNS security featuresÂ
DNS provides enhanced security administration for the DNS Server service. Besides that, the DNS Client service and DNS data also included in the enhanced security administration too.Â
Integration with other Microsoft networking servicesÂ
The DNS Server service offers integration with other services and contains features beyond the features that are specified in the DNS RFCs. These features include integration with ADÂ DS, Windows Internet Name Service (WINS), and Dynamic Host Configuration Protocol (DHCP) services.
RFC-compliant dynamic update protocol supportÂ
By using dynamic update protocol (RFCÂ 2136), DNS Server service enables clients to dynamically update resource records. Time needed to manage those records manually become lesser. Therefore DNS service can be improved. Computers running the DNS Client service can register their DNS names and IP addresses dynamically.
Support for incremental zone transfer between serversÂ
DNS servers that store DNS data in files use zone transfers to replicate information about a portion of the DNS namespace. The DNS Server service uses incremental zone transfer to replicate only the changed portions of a zone when it transfers zones that are not integrated with ADÂ DS, which conserves network bandwidth.
DNS is a hierarchically distributed database. In other words their layers are arranged in a definite order, and its data is distributed across a wide range of machines, each of which can exert control over a portion of the database. DNS is a standard set of protocols defining the following
A mechanism for querying and updating address information in the database
A mechanism for replicating the information in the database among servers
A schema of the database
DNS domain names
The Domain Name System is implemented as a hierarchical and distributed database. It is containing several types of data such as host names and domain names. Domain namespace is the names of a hierarchical tree structure that was formed in DNS database. Domain names consist of individual labels separated by dots. For example: mydomain.microsoft.com.
DNS Domain Name Hierarchy
DNS able to delegate control over portions of the DNS namespace to multiple organizations. For example, when you register a domain name (example.com), you control the DNS for the portion of the DNS namespace within "example.com". The registrar controlling the ".com" has delegated control over the "example.com" node in the DNS tree. No other node can be named "example" directly below the ".com" within the DNS database.
Within the portion of the domain namespace that you control (example.com), you could create a host records and other records. You could also further subdivide "example.com" and delegate control over those to other organization or departments. These divisions are called sub domains. For example, you can create sub domains named for the cities in which your company has branch offices and delegate the control over those sub domains to the branch offices. The sub domains might be named "penang.example.com", "kl.example.com" and so on.
Each domains or delegated sub domain is associated with DNS name servers. In other words, for every node in the DNS, one or more servers can give an authoritative answer to queries about that domain. At the root of the domain namespace are the root servers.
DNS servers work together to resolve hierarchical names. If server already has information about the name, it simply fulfills the query for the client. Otherwise it queries other DNS servers for the appropriate information. The system works well because it distributes the authority of separate parts of the DNS structure to specific servers. A DNS zone is a portion of the DNS namespace over which a specific DNS server has authority.
Within a given DNS zone, resource records (RRs) contain the hosts and other database information that make up the data for the zone. For example, and RR might contain the host entry for www.example.com, pointing it to the IP address 192.168.1.10
Understanding Sever, Client, Resolvers
DNS server - any computer providing domain name services is a DNS name server. No matter where in the DNS namespace the server resides, it's still a DNS name server.
DNS client - A DNS client is any machine that issues queries to a DNS server. The client host name may or may not be registered in a DNS database. Client issues DNS request through processes called resolvers.
Resolver - it is software processes, sometimes implemented in software libraries that handle the actual process of finding the answer to queries for DNS data. The resolver is also built into many large pieces of software so that external libraries don't have to be called in order to make and process DNS queries. Resolvers can be what you consider client computers or other DNS servers attempting to resolve and answer on behalf of a client.
DNS Database Zone
DNS zone is a portion of the DNS namespace over which a specific DNS server has authority. Within a given DNS zone, certain resource records define the hosts and other types of record that make up the database for the zone.
Three type of zone can be configure by a DNS server to host a zone
A primary zone
A secondary zone
A stub zone
The primary zone is responsible for maintaining all the records for the DNS zone. It contains the primary copy of the DNS database. This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. All record update occur on the primary zone are made by the DNS server that is authoritative for the specific primary zone. When the zone is stored in a file, by default the primary zone file is namedÂ zone_name.dns and it is located in the %windir%\System32\Dns folder on the server. There are two types of primary zone:
Primary zone with Active Directory integration (Active Directory DNS)
Secondary zones are noneditable copies of the DNS database that can use for load balancing, which is a way of managing network overloads on a single server. Besides that, it contains a database with all the same information as the primary zone and can use be used to resolve request. Secondary zone have the following advantage
It provides fault tolerance, so if the primary zone server becomes unavailable, name resolution can still occur using the secondary zone server.
It can increase network performance by offloading some of the traffic that would otherwise go to the primary server.
Secondary servers are often placed within the parts of an organization that have high speed network access. This prevents DNS queries from having to run across slow wide area network connections. For example, if there are two remote offices within the "example.com" organization, you may want to place a secondary DNS server in each remote office. This way, when clients require name resolution, they will contact the nearest server for this IP address information, thus preventing unnecessary WAN traffic. However, if too many secondary zone servers can actually cause an increase in network traffic because of replication.
Stub zone work a lot like secondary zones which it database is a noneditable copy of primary zone. The difference is that the stub zone's database just contains only the information necessary (three record type - name server(NS), start of authority(SOA), glue host(A) records) to indentify the authoritative DNS servers for a zone. Stub zone have the following advantage and features
Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.
Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace.
Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones and secondary zones are having different of purpose, therefore stub zone should not use to replace secondary zone, and use for redundancy and load balancing.
Active Directory Domain Services Integration
In windows server 2000, active directory-integrated DNS was introduced to the world. This zone type was unique zone, and it was a separate choice during setup. In windows server 2003 and 2008, this zone becomes an add-on to a primary DNS zone.
By integrating your zones with ADÂ DS, you can take advantage of DNS features, such as ADÂ DS replication, secure dynamic updates, and record aging and scavenging.
Advantage of ADÂ DS integration
The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.
Directory-integrated replication is faster and more efficient than standard DNS replication
ADÂ DS replication processing is performed on a per-property basis, only relevant changes are propagated. Less data is used and submitted in updates for directory-stored zones.
No additional network traffic
An Active Directory-integrated zone stored in Active Directory. Since all records are now stored in Active Directory, when a resolver needs TCP/IP address for User, any Active Directory DNS server can access User address and respond to the resolver.
When u choose an Active Directory-integrated zone, DNS zone data can be replicated automatically to other DNS servers during the normal Active Directory replication process
An Active Directory-integrated zone can use secure dynamic updates
The dynamic DNS standard allows secure-only updates or dynamic updates, but not both. If choose secure updates, then only machines with account in Active Directory can register with DNS. Before DNS register any account in its database it checks Active Directory to make sure it is an authorized domain computer.
An Active Directory-integrated zone stores and replicates its database through Active Directory replication. Because of this, the data gets encrypted as it is send from one DNS server to another
Background zone loading
It allows a DNS Active Directory-integrated zone to load in the background. As a result, a DNS server can service the client requests while the zone is still loading into memory
Only primary zones can be stored in the directory. A DNS server cannot store secondary zones in the directory. It must store them in standard text files. The multimaster replication model of ADÂ DS removes the need for secondary zones when all zones are stored in ADÂ DS.
Zone Transfer and Replication
DNS is such an important part of the network that you should not use just a single DNS server. With a single DNS server, you also now have a single point failure, and in face many domain registrars encourage the use of more than two name servers for a domain. Secondary servers or multiple primary Active Directory-integrated servers play an integral role in providing DNS information for an entire domain.
As previously stated, secondary DNS servers receive their zone database through zone transfers. When you configure a secondary server for the first time, you must specify the primary server that is authoritative for the zone and that will send the zone transfer. The primary server must also permit the secondary server to request the zone transfer.
Zone transfer occur in one of two ways, full zone transfers(AXFR) and incremental zone transfer(IXFR).
When a new secondary server is configured for the first time, it receives a full zone transfer from the primary DNS server. The full zone transfer contains all the information in the DNS database. Some DNS implementations always receive full zone transfers.
After the secondary server receives its first full zone transfer, subsequent zone transfer are incremental. The primary name server compare its zone version number with that on the secondary server and send only the changes that have been made in the interim. This significantly reduces network traffic generated by zone transfers.
Zone transfer are typically initiated by the secondary server when the refresh interval time for the zone expires or when the secondary or stub server boots. Alternatively, you can configure notify list on the primary sever that notify the secondary or stub servers whenever any changes to the zone database occur.
Active Directory-integrated zones do away with traditional zone transfer altogether. Instead, they replicate across Active Directory with all other AD information. This replication is secure since it uses the Active Directory security.
Delegating Zone for DNS
DNS provides the ability to divide up the names space into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When deciding whether to divide your DNS namespace to make additional zone, consider the following reason to use additional zone
A need to delegate the management of part of your DNS namespace to another location or department within your organization
A need to divide one large zone into smaller zones for distributing traffic loads among multiple servers for improving DNS name resolution performance or for creating a more fault-tolerant DNS environment
A need to extend the namespace by adding numerous sub domains at once, such as to accommodate the opening of new branch or site
Each new delegated zone requires a primary DNS server just like a regular DNS zone. When delegating zone within your namespace, be aware that for each new zone you create, you need to place delegation record in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers being made authoritative for the new zone.
Example: Delegating a sub domain to a new zone
As shown in the diagram below, delegation from the parent zone (microsoft.com) is needed for when a new zone for a sub domain (example.microsoft.com) want to create.
In this example, an authoritative DNS server computer for the newly delegated example.microsoft.com sub domain is named that is based on a derivative sub domain that is included in the new zone (ns1.na.example.microsoft.com). To able to let outside the new delegated zone known of this servers, therefore two resource records needed in the microsoft.com zone to complete delegation to the new zone