DNS plays an important role in creating an effective Windows 2000 Active Directory (AD) implementation. AD requires DNS and uses it for name resolution and, with the help of a new Resource Record (RR) type called SRV Records, for service location. Because AD relies on DNS for these services, Win2K offers a more scalable and efficient solution than Windows NT 4.0, which uses WINS. A DNS database known as a zone file contains RRs to link host names with their corresponding IP addresses. Win2K DNS supports two kinds of zone files, standard and AD integrated.
Standard Zone Files
Standard zone files are traditional DNS zone files. To use standard zone files, you create a zone on the DNS server that you plan to use to perform DNS database administration. This server becomes the primary zone server where all updates, such as RR additions or deletions, occur. When you create a DNS server to function as a secondary zone server, you specify the name or IP address of the primary zone server that will provide a copy of the zone file. You can use secondary zone servers to provide load balancing and a certain degree of fault tolerance. Secondary zone servers provide only limited fault tolerance because they continue to respond to DNS queries; secondary zone servers can’t perform any updates because they only have a read-only copy of the zone file. The primary zone server periodically replicates its zone file to the secondary zone server to ensure that the secondary zone server's copy is current. With earlier versions of Microsoft DNS, the primary zone server transfers a full copy of the zone file and overwrites the existing zone file on the secondary zone server. Win2K DNS supports Incremental Zone Transfers, which means that the primary zone server sends only changes that have occurred to the zone file since the last replication.
AD Integrated Zone Files
With Win2K, you can also use AD integrated zone files to incorporate zone file information into AD. With this approach, DNS uses AD for zone file storage and replication, which has advantages over standard zone types. Because the AD integrated zone file process uses AD's replication service, you don’t need to configure a separate replication topology. AD integrated zone files also eliminate the single point of failure that arises when a standard primary server goes down. With AD’s multimaster approach, you can make DNS changes at any domain controller (DC), and the changes automatically replicate to the other DCs in the domain according to AD’s default replication topology. Although both zone types support the dynamic update protocol, dynamic DNS (DDNS), only AD integrated zones support secure dynamic updates, which let you control who can update DNS and reserve a particular name for a specific server to use.
Keep in mind is that AD integrated zone files don't replicate between domains. This limitation follows the usual AD replication model in that most information replicates only to other DCs in the same domain. This issue is especially confusing because the Microsoft Management Console (MMC) DNS snap-in lets you create zones in multiple domains with the same name.
Creating Zones and Changing Zone Types
To create a new zone, right-click either the Forward or Reverse look up folder in the MMC DNS snap-in, and chose New Zone. A wizard appears and asks what type of zone you want to create. However, note that the option to create an AD integrated zone won't appear if you haven't already run DCPROMO. In such cases, you can create a standard zone and change it after you create your AD by right-clicking the zone name in the DNS snap in and choosing Properties. You can follow this same procedure whenever you need to change zone types.