what is a zone?

i hear Active Directory Zone, Primary and Secondary Zones!

what is a zone precisely? Is it just a DNS and domain controller that has the Active Directory database which is composed of the user accounts, computer accounts, publised folders, etc.???

Find more posts tagged with

Comments

x_Danny_x

nevermind

though DNS servers can contain Active Directory Zone database files right? Active Directory has the IP address to name data resolution correct??

Just like a DNS has a primary or secondary database file right?

also when talking about Active Directory Zone database file, that is not the same thing as a the Global Catalog file that is stored in a Domain Controller right??

also if a computer wants to get access to resources outside its DNS zone, the DNS server has to forward the request to the DNS server that contains the Zone database file which has the IP to name resolution of the computer that has the resources! Im I correct!??

rossonieri#1

ok, slow down.
maybe you are confuse about internet DNS and AD DNS.
internet DNS created and maintain by your ISP if you dont wish to do so -> meaning : you register your internet domain and let your ISP maintain it - generally it function as public accessed address only ( CNAME like www, ftp, mx, etc - and doesnt contain any A / host record in it - unless you do so and will not do a dynamic update ), but your AD DNS must be created and maintain/administer by yourself when you create your AD domain - and normally, your AD DNS is internal access only, to keep it safe from outside access.

hard to understand really.
about root domain and child domain, a child domain can be in a separate zone then its root but as long as it has a contigious namespace inherit from the parent -> talking about zone delegation here. After you create your separate child domain on your DC, you delegate the zone to DNS server in that child domain zone.
if you are not creating a separate zone, then you could administer a child domain below the root zone from the root NS server.

about AD integrated, primary/secondary :
AD integrated zone is created when you create your AD domain and must be on a DC,

while primary zone can be on DC/stand alone server which hold the SOA and NS record for the zone.

secondary zone is you download the zone from the DNS server which hold the primary/AD integrated zone.

the key point is this -> take a good look in your DNS.mmc, if there is a greyed child domain zone below the root zone -> that child domain is administer by the root DNS server.

and if you see a totally separate but contigious zone below the root, and not greyed - that zone must be delegated zone, unless not to do so.

x_Danny_x

rossonieri#1 wrote:

ok, slow down.
maybe you are confuse about internet DNS and AD DNS.
internet DNS created and maintain by your ISP if you dont wish to do so -> meaning : you register your internet domain and let your ISP maintain it - generally it function as public accessed address only ( CNAME like www, ftp, mx, etc - and doesnt contain any A / host record in it - unless you do so and will not do a dynamic update ), but your AD DNS must be created and maintain/administer by yourself when you create your AD domain - and normally, your AD DNS is internal access only, to keep it safe from outside access.

hard to understand really.
about root domain and child domain, a child domain can be in a separate zone then its root but as long as it has a contigious namespace inherit from the parent -> talking about zone delegation here. After you create your separate child domain on your DC, you delegate the zone to DNS server in that child domain zone.
if you are not creating a separate zone, then you could administer a child domain below the root zone from the root NS server.

about AD integrated, primary/secondary :
AD integrated zone is created when you create your AD domain and must be on a DC,

while primary zone can be on DC/stand alone server which hold the SOA and NS record for the zone.

secondary zone is you download the zone from the DNS server which hold the primary/AD integrated zone.

the key point is this -> take a good look in your DNS.mmc, if there is a greyed child domain zone below the root zone -> that child domain is administer by the root DNS server.

and if you see a totally separate but contigious zone below the root, and not greyed - that zone must be delegated zone, unless not to do so.

I understand about internet DNS and AD DNS on that they are different!

Companies have DNS servers resolving Name to IP addresses! My question is, Does a AD DNS server have that capability?????? Does a AD DNS server holds the Name Space records????

If so, then you dont need a Primary DNS server right??

What is SOA??

I already know that the AD DNS has the accounts of computers and users, published folders and printers so it be searched and found

Thanks for your info man about the zones! you cleared things up alot. I just got one question now.

About what you said on "separate but contigious zone" Do you mean that the delegated zone has an exact copy of Active Directory from the parent zone??

Just like a secondary DNS server gets a read only copy of the Name Space records from the primary DNS server.

rossonieri#1

i'm getting confuse here,
DNS = naming service just like WINS
forward lookup -> which converts name to ip addr ->example : www.abc.com = 10.?.?.?
reverse lookup -> ip to name -> x.x.x.in-addr.arpa ->example :
10.?.?.?->www.abc.com

DNS doesnt contain any user/computer/folder account, simply name to ip only.

if you say user/computer/shared folder pointer then maybe you r trying to say AD User and Computer / ADUC. the mechanism is like this :
Domain Controller/DC->global catalog->LDAP->AD database/NTDS.dit

x_Danny_x

yes thats what Im saying! Thanks man, thanks alot!!

so in Active Directory Domain, you have DNS servers who do IP to Name resolution and also Domain Controllers that have Active Directory!

Im I correct now on that?

about the zones, I think I figure them out!

The zones just help ease of Administration for a huge Domain! so you replicate compies of the database to other DNS servers and create a zone on them!

hc2ab

I'm not familiar with the topic.

As far as I know. DNS is for forward and reverse resolution. And DNS is just a requirement for AD to function.

SOA is just another resource record like a-record, cname which I believe is mandatory...
It contains information about the primary name server, email contact authority of whom responsible for the name server, the timeout/expiration time for secondary name server...

as for zone, It's a grouping of resource record which I believe must have continuous name space. For example if your DNS server is responsible for the example.com zone, it will have lookup for www.example.com, email.example.com...

all this information you should be able to find in your text book, google, and documents in www.microsoft.com.

x_Danny_x

well I just figure something out! When they say Secondary Zone, they really mean a Server who holds a copy of the database file from the Primary Server who has authorization of the Zone!

Everytime they said a Secondary Zone, I thought they were saying a whole new complete zone!

Anyway my measure up exams here in New Horizons dont give me the key word "Delegation" on the questions! So I have to figure out if they are talking about two seperate zones or one by reading the question!

The thing is the questions answer are solutions for problems to make a Server a Secondary server or make a Primary Server!

Especially if your dealing with Offices who are connected to the main office! You have to tell if your office is part of the main office's zone or it has a completely different zone all together!

That is the problem!

Thanks for the people who posted in this thread!