DNS Zones

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to the i.t free training video on DNS zones DNS zones hold the data needed by DNS to operate this video we'll look at which DNS zones exist and how you can use these zones before I start looking at the different DNS zone types first I will look at what is a DNS zone a DNS zone is a portion of the DNS namespace by using zones this allows the DNS namespace to be divided up for an administrative reasons a DNS zone contains DNS records depending on which type of DNS zone is created this will determine the kinds of DNS records that can be stored in that zone and also if the records can be modified DNS zones allow the DNS namespace to be divided up for administration and redundancy in this video I will look at the following zone types primary secondary Active Directory integrated zones stub zones and reverse look up zones since DNS allows decentralized administration DNS records need to be stored in multiple locations in different zones this allows the administrator to configure DNS for performance and availability while still having centralized control the first zone that I will look at is the primary zone a primary zone contains a rewrite copy of the zone data the first implementations of DNS were on UNIX back in the 1980s this system was called bind and it is still widely used today if you use DNS on Windows Microsoft's implementation is fully bind compatible bind stores the primary zone in a text file since the DNS data is stored in a text file changes can only be made in one location at a time changes to a zone can only happen on the primary zone if another zone type is asked to make a change the change will be forwarded to the server holding the primary zone in order to make the change the problem with this approach is that if the server holding the primary zone is not available changes cannot be made until that DNS server is available again the next zone type Active Directory integrated zone addresses the issue of having only the one DNS server holding the primary DNS zone often students have trouble understanding the difference between a primary zone stored in a text file and a primary zone stored in an Active Directory integrated zone an Active Directory zone is simply a primary zone stored in Active Directory in other words the text file holding the DNS zone data has been moved into the Active Directory database by moving the text file into Active Directory DNS can use the same Active Directory replication system that is used to replicate objects in Active Directory this also means that changes to DNS records can be made on multiple servers at the same time so by using Active Directory integrated zones you gain redundancy as the DNS zone data is no longer just stored on the one DNS server and changes can be made on any DNS server holding the Active Directory integrated zone in order to access the DNS data stored in Active Directory DNS must be installed on a server that is a domain controller this limits the servers that Active Directory integrated zones can be used on however you do gain additional features using an Active Directory integrated zone clients that are members of the domain can use secure dynamic updates to update DNS records a common example of this is when a computer starts up for the first time it will attempt to register its hostname in DNS if secure updates are enabled the client can use the secure Channel that is created when it is joined to the domain to update the DNS record if you do not use Active Directory integrated zones your clients can still use dynamic updates however there is nothing stopping an attacker from using dynamic updates to add their own DNS records to the DNS zone the next type of zone is a secondary zone a secondary zone is a read-only copy of another zone this can be a copy of a primary zone or another secondary zone remember that an Active Directory integrated zone is a primary zone so a secondary zone can be a copy of an Active Directory integrated zone since a secondary zone is read-only changes cannot be made to the zone file contained on the DNS server however if the DNS server does receive a request to change a DNS record this request can be passed on to a DNS server that is holding a primary zone and thus a writable copy the advantage of secondary zones is that they work on member servers or servers that are not part of the domain secondary zones can be configured on a Windows and UNIX based system they are interchangeable so you could have a Windows primary zone and a UNIX secondary zone working together or vice-versa secondary zones by design will keep a complete copy of the zone they are replicating off this is good for redundancy because even if the master copy is not available the secondary copy can still answer requests for the zone using its read-only copy the problem with secondary zones is that if the zone file is quite large and changes a lot this means there is a lot of replication if you have a small branch office with a small amount of users this means that there could be hundreds or even thousands of records that are replicated to that branch office that no client on that network will ever ask for to get around this problem you can use a stub zone a stub zone contains partial data from another zone file the data contained in the stub zone is only the records that can be used to find an authoritative server it does not contain any other DNS records an authority server is a DNS server that is able to answer questions for that zone or to put it another way it is a DNS server that holds a primary or secondary zone to understand how a stub zone works consider that you have a server configured as a stub zone and another server is configured as a primary zone so effectively what happens is that when a request to resolve a DNS record comes through the DNS server with the stub zone simply directs the request to a DNS server that can resolve the requests if you watched our video on forwarding and conditional forwarding you may be thinking that you can achieve the same result by using forwarding and conditional forwarding where required there is a fundamental difference between a stub zone and forwarding to understand why let's consider the same example that was used in the forwarding and conditional forwarding video in this case there are two company's IT free training and high cost training they both have their DNS requests forward into their ISPs DNS server if a computer on the highcosttraining domain wanted to resolve a computer located on the I T free training network the request would be forwarded to the ISPs DNS server which would not know how to resolve it so you want to forward requests like these to the IP free training DNS server to achieve this a stub zone is created on the highcosttraining dns server the stub zone contains the basic DNS records for IT free training like the DNS servers however it does not contain detailed information like DNS records since it has details on the DNS servers in ninety free training it can answer queries about it it is able to forward the request to the IT free training DNS server to resolve you can do this using conditional forwarding as shown in the conditional forwarding video the disadvantage of conditional forwarding is that it is statically defined if IT free training makes changes to their DMS for example adding or removing DNS servers the conditional forwarder will need to be changed in order to reflect this change the advantage of using a stub zone is that it automatically updates its records this means that if IT free training were to add remove or make changes to their DNS servers from their network the stub zone on highcosttraining would automatically be updated with those changes you can see the advantage of this in this example a secondary zone could also be used however remember that a secondary zone will replicate all records in the zone file if situations where the DNS server does not receive many DNS requests and you do not have access to read the DNS records on the other server stub zones are a good choice the last zone that I will look at is the reverse lookup zone this zone file contains a mapping from the IP address to the host for example if you had an IP address you could send a query to a DNS server asking what the host name is that belongs to that IP address if the DNS server has a reverse lookup zone configured and that reverse lookup zone contains a record for that IP address the DNS server will respond back with the hostname associated with that IP address reverse look up zones are mainly used in troubleshooting they are useful when you find an IP address in a log file and want to know which hosts it belongs to reverse look up zones are not created by default and are not required for day-to-day network activity for example services like Active Directory can work without issue with not a single reverse lookup zone configured it is up to the administrator to decide if they want to create reverse look up zones for their network I hope you have enjoyed this video from IIT free training in the next video I will look at performing a demonstration of how to create different zone files thanks for watching and see you next time
Info
Channel: itfreetraining
Views: 151,870
Rating: undefined out of 5
Keywords: DNS, DNS zones, ITFreeTraining
Id: 833Qnc-7-ug
Channel Id: undefined
Length: 11min 5sec (665 seconds)
Published: Thu Sep 12 2013
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.