0%

0/1 Lessons

Course Introduction

• 10min

0 / 2 lessons complete

DNS Basics

• 1hr 16min

0 / 8 lessons complete

DNS Resource Records

• 46min

0 / 5 lessons complete

DNS Zones

• 3hr 41min

0 / 12 lessons complete

DNS Delegation

• 50min

0 / 4 lessons complete

DNS Security Techniques

• 36min

0 / 5 lessons complete

Advanced DNS Topics

• 22min

0 / 5 lessons complete

DNS Security (DNSSEC)

• 1hr 16min

0 / 6 lessons complete

DNS Policies

• 54min

0 / 6 lessons complete

PowerShell for DNS

• 1hr 27min

0 / 6 lessons complete

Troubleshooting DNS Issues - Troubleshooting Tools

• 1hr 39min

0 / 8 lessons complete

DNS Zones

Instructions

Q&A (0)

Notes (0)

Resources (1)

Saving Progress...

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

A DNS zone is a is a collection of DNS resource records (like itflee.com and its associated IP address). There are two main types of DNS zones; forward and reverse lookup zones. Forward lookup zones are the most common, and translates host names to IP addresses. A reverse lookup zone does the exact opposite in that it translates an IP address to a host name.  

A primary zone is a DNS zone that this DNS server is the primary source of information. By default, the data for this zone is stored in a local file named zone_name.dns and is located in the %windir%\System32\Dns directory. The file may also be stored in Active Directory if this DNS server is also a write-able Domain Controller. 

There are several benefits and reasons why you would want to store a primary zone in Active Directory. Since the zone is stored in AD, the zone can be replicated using AD replication process and AD’s security features.It is also worth mentioning that a primary zone is the only zone type that can be directly edited or updated.  

Secondary Zones

A secondary zone is a read-only replica of a primary DNS zone that is hosted on another remote DNS server. This obviously means that your DNS server must have network access to the remote DNS server in order to gather the information. This DNS zone is not stored in AD DS because it is a mere read-only copy of the DNS zone.  

If you try to make a change in a secondary DNS zone, the change request will be passed on to the server which holds the primary zone. If the server is available, the change will be made.  

The purpose of a secondary DNS zone comes down to redundancy. If the server hosting the primary copy is unavailable, this server will be available for use by clients in its place. One of the issues with a secondary DNS zone is that each record held within this zone must be replicated from another server. On large networks that have frequent DNS server changes this can be somewhat resource intensive.  

Stub Zones

A stub zone is similar to a secondary zone in that it is a read-only zone that obtains its information from other DNS servers. The main difference between a stub zone and a secondary zone, is that while a secondary zone contains an exact replica (including all resource records) of a primary zone, a stub zone only contains information about authoritative name servers.  

So inside a stub zone you will not find records for computer host names, but instead records for other DNS servers. The purpose of this zone is to allow hosts on one network to obtain information from a DNS server on another network, without this DNS server needing to replicate all of the data inside of the other DNS server.You can think of stub zones as being a less resource intensive version of a secondary zone.  

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

0 0 votes
Lesson Rating
Subscribe
Notify of
profile avatar
7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

profile avatar
AndreServille1(@andres)
Member
7 months ago

Hello, I don’t know why my server is unknown while executing nslookup to make a resolution an domain name and an IP address.
Despite I follow all the processes.
>dc.mytimezone
server: unknown
address: 192.168.1.5

Name: dn01.hue.lab
address: 192.168.1.5
aliases: dc.mytimezone

Is there anything I fail to do please?
I have checked online, it is said the reverse lookup zone is not well configured but I check many time, I retry to reinstall, and I got message error: “reverse lookup zone is already installed”
I am a little bit depressed.
Thank for help

profile avatar
AndreServille1(@andres)
Member
7 months ago

Hello @ricardo,
It is exactly the configuration of IP address I did to meet this error.

I retry to launch nslook, even using CMD command with nslookup

>nslookup dns01.hue.lab
server: dns01.hue.lab
address: 192.168.1.5

*** Unknown can’t find 192.168.1.5 : Non-existent domain

The reason, I don’t know but it is somewhere

Thank you for your precious time

profile avatar
AndreServille1(@andres)
Member
7 months ago

Hello,

I do everything well according to me: One DNS Server, the Domain Controller and the second machine is server member.

Also, I run this command to fix the firewall:

1- cmd> netsh advfirewall firewall add rule name=”Open port 80″ dir=in action=allow protocol=tcp localport=80 security=authdynenc
2- cmd> netsh advfirewall firewall add rule name=”Open port 53″ dir=in action=allow protocol=tcp localport=53 security=authdynenc

3- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:5,any Echo Request” security=authdynenc
4- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:8,any Echo Request” security=authdynenc

5- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:138,any Echo Request” security=authdynenc

6- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:any,any Echo Request” security=authdynenc

Perhaps because I run both following commands to fix:
1- ICMPv4:5,any
2- ICMPv4:8,any
3- ICMPv4:13,any
4- ICMPv4:any,any

I run this over both virtual machines and they ping each other. Are these commands together can make conflict and cause the issue to happen ?

Server: unknown

Thank you!

profile avatar
AndreServille1(@andres)
Member
7 months ago

Hi profile avatar Ricardo P I am going to delete firewall rule for openning 53 port running on tcp and add it under UDP.
That make sense.
Thank you and I will revert to soon.
Regards!

Last edited 7 months ago by Ricardo P