Windows Domain Name Service (Windows DNS)

In Windows, the Active Directory domains tightly integrates with Domain Name Service (DNS) to an extent that an AD is worthless without DNS in it’s domain.

Domain Name Service (DNS) is a kind of phonebook/Database that maintains the list of mappings between computer names and IP addresses.

Once an IP address is assigned by DHCP server, a computer automatically gets registered in DNS that is configured in its TCP-IP preferred primary/secondary DNS servers.

A DNS namespace consists of zones which defines scope i.e., which machines fall under that zone.  Thus a DNS zone is a Text/Database file (NTDS.Dit) that defines what machines it knows about in the namespace.

Windows DNS supports four basic types of Zones. They are

1. Active Directory integrated zones: DNS DB is stored as an AD object.  Supports DNS zone transfers via AD replication. If all DNS servers are DCs, you don’t require 2ndary zones.
2. Primary Zone: Is a master zone in a non-AD integrated DNS network. All DNS updates run through this server and this server communicates to secondary zone server for pushing updates.
3. Secondary Zone: Is a read only copy of Primary Zone. Explicit zone transfer is required for pulling up updates from the primary zone
4. Stub Zone: Is a special zone where you only have list of DNS servers for DNS servers n other domains. Usually, preferred while you setup communication between two domains in separate forests. Stub Zone auto populates list of all active NS servers for the configured domain.

Classification of DNS zones by type of data they store:
1. Forward Lookup Zone:  Looks up a Host IP Address by Host Name. i.e.,  maps Host Name –> Host IP Address
2. Reverse Lookup Zone:  Looks up a Host Name by Host IP Address. i.e., maps  Host IP Address –> Host Name
3. Stub Zones:  Contains list of all available NS servers to be contacted for an external domain name resolutions
4. Conditional Forwarders:   Contains list of NS servers to which a DNS request has to be redirected based on domain name for external domains

Note: one can’t create Stub Zone as well Conditional Forwarder a same domain. Only either of them is supported at one.

Features of Windows DNS:

1. Conditional Forwarders: is a feature that lets you _redirect_ all DNS requests to other internal/external domain DNS servers by domain names.  You need to manually maintain the list of servers added for DNS redirection in conditional forwarders.
2. Root Hints: is a feature that lets DNS server to direct the requests to external internet world NS servers for all DNS queries that couldn’t be resolved internally
3. Forwarders: Is a list of internal DNS servers to be used in case a query is not resolved in the current DNS zone
4.  
5.  

Features of Active Directory integrated zones:

1. DNS zone transfers are taken care by AD replication
2. Supports multi-master replication i.e., DNS updates can be done on any of the AD-integrated DNS server and they get auto replicated to other servers
3. DNS updates are Secured
4. Backward compatibility to support existing Secondary Zones