Win2000 type of DNS server zone

There are two types of search zones in the DNS server for Windows 2000: Forward lookup Zones and reverse lookup zones. The forward lookup zone is used to process forward parsing, which resolves the host name to an IP address, and the reverse lookup zone is used to handle the reverse parsing, that is, resolving the IP address to the host name. Either the forward lookup zone or the reverse lookup zone has three types of zones, namely standard primary, standard secondary, and Active directory-integrated zone (s). Here is a discussion of the differences between these types of zones.

When you create a DNS zone, you create a standard primary zone, and the zone record in the standard primary zone is generated and readable, which means that the DNS server can either accept the registration of new users or provide name resolution services to users. The standard primary zone is stored as a file on the DNS server that created the zone. The DNS server that maintains the standard primary zone is called the primary DNS server for the zone.

If there are many client computers in a DNS zone, in order to optimize services for user DNS name resolution, you can create a "standard secondary zone" for the zone on another DNS server. Zone records in standard secondary zones are copied from the standard primary zone and are read-only, which means that the DNS server cannot accept registration requests from new users and can only provide name resolution services for users who have already registered. The standard secondary zone is also stored as a file on the DNS server that created the zone. A DNS server that maintains a standard secondary zone is called a secondary DNS server for that zone.

Because the zone record for the secondary DNS server is replicated from the primary DNS server, the master DNS server is also known as the master server for secondary DNS servers. This is not to say that only the primary DNS server can act as the master server. If the zone record for a secondary DNS server is replicated from another secondary DNS server, then the first secondary DNS server is called the "level One" of the zone, and this DNS server is called the "level two secondary" of the zone, then "level One" is referred to as "level two assistance" Master server ".

You can set "Allow dynamic Updates" in the zone properties of the standard primary zone. "Allow dynamic updates" means that when the IP address or hostname of a client computer in the zone changes, this change can be changed dynamically in the DNS zone record without the need for the administrator to manually change it.

Active Directory integrated zones exist only on domain controllers (DCs), and zones of that type do not exist in the form of files but exist in the Active Directory. Active Directory-integrated zones do not have zone replication, but are replicated with Active Directory replication, so this type of zone avoids the DNS server single point of failure. In addition to setting "Allow dynamic Updates" in the zone properties of Active directory integrated zones, you can also set the security update only.

The meaning of "only security update" is to ensure security on the basis of dynamic updates. So how does security be implemented in a DNS zone that is set to security update only? The word we often say is "domain is the minimum boundary of security", "Security update only zone will accept changes to the hostname and IP address of the computer account that has been added to the domain, and will not dynamically change in the zone record when the hostname and IP address of the computer account that are not part of the domain change. However, these computers can still use this DNS server for name resolution services.

The zone type of DNS can be changed to change a standard primary zone type to a standard secondary zone, or to enhance security to change it to Active directory-integrated zones. In general, however, it is best to use Active Directory-integrated zones for the DNS zone type of the Active Directory and to set the Zone property to security only, and do not change it to the standard primary zone type.