DNS
DNS
DNS-Zones
A zone is coherent area of the domain namespace for which a DNS server is authorising. The DNS server has authorisation for nameresolving in this zone. All DNS Clients of a zone are registered with their IP-address at the DNS-server for which they are configured. A DNS server “knows” all clients of his zone(s). It can assignments with ip-addresses and the hostnames of the devices.
A zone can hold multiple Domains and subdomains. There are 3 types of uones with different properties.
Primary Zone
A primary zone is characterised through a zone file, in which can be written to and read from. This file is a standart text file. DNS client can register to a primary zone. All changes made to the zone (re- and unregistering of clients) are saved to the zone file. If a new zpne is created on a DNS server, is has to be a primary zone. The zone-file is stored at %systemroot%\system32\dns (Windows Server).
Secondary Zone
A secondary zone is characterised through a not read-only zonefile, which is also saved as textfile. All changes made to the primary zone are savedto the primary zonefile and are replicated to the secundary zonefile. A sekundary zone is created to copy an existing zone and its zonefile. With the use of this, network and server load can be reduced.
Stubzone
A forward-lookup zone can also be configured as stubzone. A Stubzone contains partial quantities of zonedata and a copy of Resource records, which are required to indentify the authorising DNS-Server in an zone. A Stubzone saves a copy of a zone, which does only contain Nameserver (NS), start of authority(SOA) and A-Entrys. The NS-Resourcerecord allocates the DNS-domainnames to servers that are authorized or contains a zonefile for the domain. The SOA-Resourcerecord provides the startingpoint of information saved in a zone.
Active Directory-integrated Zone
In this zone, the zone information is stored in AD-structure and not as a textfile. Updates take place automatically through AD-replication. For this, all DNS servers have to installed at Domain Controllers. This option is recommended because it simplyfies administrative tasks.
Resource records
A zoenfile stores information that is needed by the DNS-server for nameresolving. This information is stored as Resource records. Resource records are Databaseentries which have several attributes like Hostname, IP-address or Hostname of a device.
A DNS-Forward-Lookupzone contains different resource records:
- Host- and address records (A)
- Server records (SRV)
- Mail-Exchange records (MX)
- Alias (CNAME)
| Resource Record | Definition |
|---|---|
| A | The Adress record contains the allocation of an Hostname and it´s IP-address |
| CNAME | The Canonical Name is a second record for a device. A second Hostname can be allocated to an IP-address, p.e. www for a webserver |
| HINFO | Contains Information about DNS-Hardware and -software. p.e. Processor and operating system |
| MX | The MX record identifies a Mailserver. Mulitple records are possible. |
| NS | The NS record identifies the Name-Server, the DNS-server. Primary and secondary DNS-server are registered. |
| PTR | The Pointer record is used for reverse nameresolving, IP to Hostname. This record is used for reverse-lookupzones. |
| SOA | The SOA record provides the startingpoint of information saved in a zone. (Star of Authority) |
| SRV | the Server record marks a service that is executed on a host. If a host hat to authenticate at a DC, it is looking for a SRV record. |
Different types of DNS-Servers
Primary and secondary Server
Primary and secondary servers are standartserver. On the primary server changes are made to the DNS-database of its zone. The secondary server are provided with read-onyl copies of the primary zones. This copies are distributed with zone transfers.
The zonedata which is needed for nameresolving should be avaiable on multiple DNS-Servers for network- and server load balance. Redudandency is also an important issue.
Masterserver
In a zonefile are NS- and SOA-records that define the Masterserver of a zone. The Masterserver distributes changes of the zonedatabase. It can be a primary or a secondary server. In normal usecases the primary DNS-Server is also the Masterserver.
Cache-only-Server
Servers for caching are not authorised for any zone, which means they do not store any data about primary or secondary zones. They do resolved domain names for client and save the info for a given period of time. Their storage is stored mostly with domain names that are asked often for.