Introduction to Windows 2000 Server DNS zone types

&http://www.aliyun.com/zixun/aggregation/37954.html ">nbsp; DNS refers to: domain Name server. In the Internet domain name and IP address is one by one corresponding, although the domain name is convenient for people to remember, but the machine can only know each other IP address, the transformation between them is called Domain name resolution, domain name resolution needs to be specialized domain name resolution server to complete, DNS is the domain name resolution server.

DNS is the abbreviation for the domain Name System, which is used to name the computers and network services that are organized into the domain hierarchy. In the Internet domain name and IP address is one by one corresponding, although the domain name is convenient for people to remember, but the machine can only know each other IP address, the transformation between them is called Domain name resolution, domain name resolution needs to be specialized domain name resolution server to complete, DNS is the domain name resolution server. DNS names are used in TCP/IP networks such as the Internet to find computers and services through a user-friendly name. When a user enters a DNS name in an application, the DNS service can resolve the name to other information related to it, such as an IP address. Because, you enter the Web site, is through the domain name resolution system to find the corresponding IP address, so that the Internet. In fact, the end point of the domain name is IP.

There are two types of search zones for Windows 2000 DNS servers: Forward lookup zones and reverse lookup zones. The forward lookup zone is used to process forward parsing, which resolves the host name to an IP address, and the reverse lookup zone is used to handle the reverse parsing, that is, resolving the IP address to the host name. Either the forward lookup zone or the reverse lookup zone has three types of zones, namely standard primary, standard secondary, and Active directory-integrated zone (s). Here is a discussion of the differences between these types of zones.

When you create a DNS zone, you create a standard primary zone, and the zone record in the standard primary zone is generated and readable, which means that the DNS server can either accept the registration of new users or provide name resolution services to users. The standard primary zone is stored as a file on the DNS server that created the zone. The DNS server that maintains the standard primary zone is called the primary DNS server for the zone.

If there are many client computers in a DNS zone, in order to optimize services for user DNS name resolution, you can create a standard secondary zone for the zone on another DNS server. Zone records in standard secondary zones are copied from the standard primary zone and are read-only, which means that the DNS server cannot accept registration requests from new users and can only provide name resolution services for users who have already registered. Standard secondary zones are also stored as files on the DNS servers that create the zone. A DNS server that maintains a standard secondary zone is called a secondary DNS server for that zone.

Because zone records for secondary DNS servers are replicated from the primary DNS server, the master DNS server is also known as the master server for secondary DNS servers. This is not to say that only the primary DNS server can act as the master server. If the zone record for a secondary DNS server is replicated from another secondary DNS server, then the first secondary DNS server is called the "level One" of the zone, and this DNS server is called the "level two secondary" of the zone, then "level one" is called "Level two" master server.

You can set "Allow dynamic Updates" in the zone properties of the standard primary zone. "Allow dynamic updates" means that when the IP address or hostname of a client computer in the zone changes, this change can be changed dynamically in the DNS zone record without the need for the administrator to manually change it.

Active Directory integrated zones exist only on domain controllers (DCs), and zones of that type do not exist in the form of files but exist in the Active Directory. Active Directory-integrated zones do not have zone replication, but are replicated with Active Directory replication, so this type of zone avoids the DNS server single point of failure. In addition to setting "Allow dynamic Updates" in the zone properties of Active directory integrated zones, you can also set the security update only.

The meaning of "only security update" is to ensure security on the basis of dynamic updates. So how can security be implemented in a DNS zone that is set to security update only? The word we often say is "domain is the minimum boundary of security", "Security update only zone will accept changes to the hostname and IP address of the computer account that has been added to the domain, and will not dynamically change in the zone record when the hostname and IP address of the computer account that are not part of the domain change. However, these computers can still use this DNS server for name resolution services.

The zone type of DNS can be changed to change a standard primary zone type to a standard secondary zone, or to enhance security to change it to Active directory integrated zones. In general, however, it is best to use Active Directory-integrated zones for the DNS zone type of the Active Directory and to set the Zone property to security only, and do not change it to the standard primary zone type.