Question

Complete Critical Thinking Activity 3: Configuring Zones. You have an Active Directory forest named csmtech.local and two Active Directory domains in the forest named csmpub.local and csmsales.local. You want the DNS servers in each domain to be able to handle DNS queries from client computers for any of the other domains. DNS servers in the csmtech.local and csmpub.local domains should be authoritative for their own domains and the csmsales.local domain. However, DNS servers in csmsales. local should be authoritative only for csmsales.local. How should you set up the DNS servers and zones to handle this situation? Explain how the DNS servers in each domain should be configured with zones. Be sure to include information about replication scope and zone types.

Answer 1

Setting up of DNS server and zones to handle the given situation:

Consider the following 2 scenarios that the user want to provide with the requirements.

Handling of full Domain Name System (DNS) names.

Handling of flat names.

Situation-1:

Let's assume the user is living in the domain "x1.local" and want to handle something on "x2.local" such as www.x2.local, the user required to use conditional forwarder on the DNS server to handle something on "x2.local".

To do this, the user needs to do the following:

Choose "properties by right clocking on the server.

Click the Edit button in Forwarders tab.

In "x2.local", type in the Internet Protocol (IP) address of any one of the DNS server.

Click "OK".

These are the steps to add forwarder for another domain.

From "x2.local", the user need to communicate with DNS administrators to allow zone transfers to the user's IP address of DNS server.

If the user wants to handle something from "x1.local", then the user can follow the same steps given above.

Situation-2:

If the "x1.local" users want to handle a flat name in another domain or forest, then a DNS suffix search list for the user's clients need to be specified in "x1.local".

This can be done in 2 ways:

Group policy

Using Dynamic Host Configuration

Explanation:

DNS Zones store DNS resource record information. Some common DNS records include:

• A Record: Name to IP address mapping
• CNAME: Maps an alias to the canonical name
• MX Record: Used to identify mail servers
• NS Record: Identifies the name servers for a particular zone
• SOA: Start of Authority records
• TXT: Allows any text to be inserted into a DNS record

There are many more record types, and without these records, everything would be accessed by an IP address.

DNS Zones provide us a way to maintain these records on one or more servers.

Advantages of Active Directory integrated Zones :

• Replication is faster, more secure and efficient.
• Better redundancy due to zone data being copied to all Domain Controllers
• Improved Security if secure dynamic update is enabled
• No need to schedule or manage zone transfers.

Primary Zone :

• This is the main zone and has a read/write copy of the zone data. All changes to the zone are made in the primary zone and are replicated to the secondary zones.
• The zone data is stored in a text file located in this folder c:\windows\system32\DNS on the Windows server running DNS.

Secondary Zone :

• A secondary Zone is a read-only copy of the primary zone. This zone cannot process updates and can only retrieve updates from the primary zone. This zone can answer DNS name resolution queries from clients nodes, this helps reduce the workload on the primary zone. Secondary zones cannot be active directory integrated.

Stub Zone :

• Stub zones are like a secondary zone but only stores partial zone data. These zones are useful to help reduce zone transfers by passing the requests to authoritative servers. These zones only contain the SOA, NS and A records.

Forward Lookup Zone :

• A forward lookup zone provides hostname to IP address resolution.
• When you access a system or website by its hostname such as mcirosoft.com DNS checks the forward lookup zone for the IP information related to the hostname.

Reverse Lookup Zone :

• Reverse lookup zones resolve IP addresses into hostnames.
• For example, when you look up the IP 8.8.8.8 it resolves to google-public-dns-a.google.com. A reverse DNS record had to be created for the IP to resolve to the hostname.
• Reverse lookup zones are not as common as forwarding lookups and in most cases are not needed.

Zone Transfers

• Zone transfers take place when they are not integrated with Active Directory. A Zone transfer is where the master DNS servers transfer zone data from the master to secondary.

Zone transfers can occur during any of the following :

• When the refresh interval expires
• When a master server notifies a change has occurred
• When the server has rebooted or DNS service has restarted
• A manual transfer has occured from the DNS console.