DNS is such an important part of the network that you should not just use a single DNS server. With a single DNS server, you also have a single point of failure and in fact, many domain registrars encourage the use of more than two name servers for a domain. Secondary servers or multiple primary Active Directory Integrated servers play an integral role in providing DNS information for an entire domain.
As previously stated, secondary DNS servers receive their zone databases through zone transfers. When you configure a secondary server for the first time, you must specify the primary server that is authoritative for the zone and will send the zone transfer. The primary server must also permit the secondary server to request the zone transfer.
Zone transfers occur in one of two ways: full zone transfers (AXFR) and incremental zone transfers (IXFR).
When a new secondary server is configured for the first time, it receives a full zone transfer from the primary DNS server. The full zone transfer contains all of the information in the DNS database. Some DNS implementations always receive full zone transfers.
After the secondary server receives its first full zone transfer, subsequent zone transfers are incremental. The primary name server compares its zone version number with that of the secondary server, and it sends only the changes that have been made in the interim. This significantly reduces network traffic generated by zone transfers.
The secondary server typically initiates zone transfers when the refresh interval time for the zone expires or when the secondary or stub server boots. Alternatively, you can configure notify lists on the primary server that send a message to the secondary or stub servers whenever any changes to the zone database occur.
When you consider your DNS strategy, you must carefully consider the layout of your network. If you have a single domain with offices in separate cities, you want to reduce the number of zone transfers across the potentially slow or expensive WAN links, although this is becoming less of a concern because of continuous increases in bandwidth.
Active Directory Integrated zones do away with traditional zone transfers altogether with other DNS integrated zones. Instead, they replicate across Active Directory with all of the other AD information. This replication is secure and encrypted because it uses the Active Directory security. AD Integrated zones can still do database transfers to DNS servers that are set up as a secondary zone.
How DNS Notify Works
Windows Server 2022 supports DNS Notify. DNS Notify is a mechanism that allows the process of initiating notifications to secondary servers when zone changes occur (RFC 1996). DNS Notify uses a push mechanism for communicating to a select set of secondary zone servers when their zone information is updated. (DNS Notify does not allow you to configure a notify list for a stub zone.)
After being notified of the changes, secondary servers can then start a pull zone transfer and update their local copies of the database.
Many different mechanisms use the push/pull relationship. Normally, one object pushes information to another, and the second object pulls the information from the first. Most applications push replication on a change value and pull it on a time value. For example, a system can push replication after 10 updates, or it can be pulled every 30 minutes.
To configure the DNS Notify process, you create a list of secondary servers to notify.
List the IP address of the server in the primary master’s Notify dialog box (see Figure 5.8). The Notify dialog box is located on the Zone Transfers tab, which is located in the zone Properties dialog box (see Figure 5.9).
FIGURE 5.8 DNS Notify dialog box

FIGURE 5.9 DNS Zone Transfers tab

Configuring Stub Zone Transfers with Zone Replication
In the preceding section, I talked about how to configure secondary server zone transfers. What if you wanted to configure settings for stub zone transfers? This is where zone replication scope comes in.
Only Active Directory–integrated primary and stub zones can configure their replication scope. Secondary servers do not have this ability.
You can configure zone replication scope configurations in two ways. You can set configuration options through the DNS snap- in or by using a command- line tool called DNSCmd. To configure zone replication scope through the DNS snap-i n, follow these steps:
- Click Start ➢ Administrative Tools ➢ DNS.
- Right- click the zone that you want to set up.
- Choose Properties.
- In the Properties dialog box, click the Change button next to Replication (see Figure 5.10).
- Choose the replication scope that fits your organization.
FIGURE 5.10 DNS zone replication scope

Leave a Reply