DNS implementations in Windows Server 2008 environments can have four types of deployments. The most productive is the dynamic DNS server which is integrated with every DC in the network. Read-write DCs will also contain read-write DNS servers. In remote sites where a DC may be present for availability purposes, read-only DCs will also include read-only DNS servers. External networks will include at least one primary standalone DNS which will be maintained manually. If more DNS are required they should be secondary, read-only DNS servers. Read-only DNS servers are more secure than read-write servers and should be deployed in areas that demand the highest security levels.
To read more about DNS Processes and Interactions in Windows Server 2008 environments go here.
