DNS Zones
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Saving Progress...
Resources
Zone table.pdf
Download
A DNS zone is a is a collection of DNS resource records (like itflee.com and its associated IP address). There are two main types of DNS zones; forward and reverse lookup zones. Forward lookup zones are the most common, and translates host names to IP addresses. A reverse lookup zone does the exact opposite in that it translates an IP address to a host name.
A primary zone is a DNS zone that this DNS server is the primary source of information. By default, the data for this zone is stored in a local file named zone_name.dns and is located in the %windir%\System32\Dns directory. The file may also be stored in Active Directory if this DNS server is also a write-able Domain Controller.
There are several benefits and reasons why you would want to store a primary zone in Active Directory. Since the zone is stored in AD, the zone can be replicated using AD replication process and AD’s security features.It is also worth mentioning that a primary zone is the only zone type that can be directly edited or updated.
Secondary Zones
A secondary zone is a read-only replica of a primary DNS zone that is hosted on another remote DNS server. This obviously means that your DNS server must have network access to the remote DNS server in order to gather the information. This DNS zone is not stored in AD DS because it is a mere read-only copy of the DNS zone.
If you try to make a change in a secondary DNS zone, the change request will be passed on to the server which holds the primary zone. If the server is available, the change will be made.
The purpose of a secondary DNS zone comes down to redundancy. If the server hosting the primary copy is unavailable, this server will be available for use by clients in its place. One of the issues with a secondary DNS zone is that each record held within this zone must be replicated from another server. On large networks that have frequent DNS server changes this can be somewhat resource intensive.
Stub Zones
A stub zone is similar to a secondary zone in that it is a read-only zone that obtains its information from other DNS servers. The main difference between a stub zone and a secondary zone, is that while a secondary zone contains an exact replica (including all resource records) of a primary zone, a stub zone only contains information about authoritative name servers.
So inside a stub zone you will not find records for computer host names, but instead records for other DNS servers. The purpose of this zone is to allow hosts on one network to obtain information from a DNS server on another network, without this DNS server needing to replicate all of the data inside of the other DNS server.You can think of stub zones as being a less resource intensive version of a secondary zone.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
Hello, I don’t know why my server is unknown while executing nslookup to make a resolution an domain name and an IP address.
Despite I follow all the processes.
>dc.mytimezone
server: unknown
address: 192.168.1.5
Name: dn01.hue.lab
address: 192.168.1.5
aliases: dc.mytimezone
Is there anything I fail to do please?
I have checked online, it is said the reverse lookup zone is not well configured but I check many time, I retry to reinstall, and I got message error: “reverse lookup zone is already installed”
I am a little bit depressed.
Thank for help
Hi
André Serville
The IP Address of the domain controller needs to be the DNS IP Address to be used on the secondary domain or workstation. The first domain controller is also a DNS server. That will resolve the domain name and server names.
To resolve IP Addresses using nslookup a reverse zone must be created for the subnet 192.168.1.0/24, and a PTR will need to be made for each of the hosts since these are not automatically populated once the reverse zone is created.
Ricardo
Hello @ricardo,
It is exactly the configuration of IP address I did to meet this error.
I retry to launch nslook, even using CMD command with nslookup
>nslookup dns01.hue.lab
server: dns01.hue.lab
address: 192.168.1.5
*** Unknown can’t find 192.168.1.5 : Non-existent domain
The reason, I don’t know but it is somewhere
Thank you for your precious time
When doing a nslookup to dns01.hue.lab it seems that it is using itself for name resolution by looking at the server: dns01.hue.lab line. Is this a domain controller with a DNS server role? doing a name resolution for google.com work? That’s just to check if it is not a network problem.
If you have two virtual machines make sure there’s network connectivity so it can query for DNS name records.
How many virtual machines do you have? What are their IP addresses with subnet mask? I am just trying to imagine the network to see where’s the issue.
Thank you
Hello,
I do everything well according to me: One DNS Server, the Domain Controller and the second machine is server member.
Also, I run this command to fix the firewall:
1- cmd> netsh advfirewall firewall add rule name=”Open port 80″ dir=in action=allow protocol=tcp localport=80 security=authdynenc
2- cmd> netsh advfirewall firewall add rule name=”Open port 53″ dir=in action=allow protocol=tcp localport=53 security=authdynenc
3- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:5,any Echo Request” security=authdynenc
4- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:8,any Echo Request” security=authdynenc
5- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:138,any Echo Request” security=authdynenc
6- cmd> netsh advfirewall firewall add rule name=”ICMP Incoming V4 Echo Request” dir=in action=allow protocol=”IMCP ALLOW Incoming V4:any,any Echo Request” security=authdynenc
Perhaps because I run both following commands to fix:
1- ICMPv4:5,any
2- ICMPv4:8,any
3- ICMPv4:13,any
4- ICMPv4:any,any
I run this over both virtual machines and they ping each other. Are these commands together can make conflict and cause the issue to happen ?
Server: unknown
Thank you!
If ping works on your home lab then there’s network connectivity. You can disable the firewall and check.
I see the second rule for DNS to be TCP but DNS resolution happens on UDP for the most part.
Hi
Ricardo P I am going to delete firewall rule for openning 53 port running on tcp and add it under UDP.
That make sense.
Thank you and I will revert to soon.
Regards!