Doing things on the Internet has become a way of life, but have you ever wondered what really goes on in the background? Say, when you type google.com or espn.com, how does your browser magically display the information you’re looking for? Well, many things come together to make this possible, but the one that we’re going to talk about today is DNS and DNS zones.
What is DNS?
Every device on the Internet has a unique IP address that makes it easy for other devices to identify and communicate with a device. But this IP address is hard for humans to remember because they are a set of numbers. For example, it’s 126.96.36.199 in IPv4 and 2001:4860:4860::8888 in IPv6 for Google.
Since it’s impossible to remember the IP address for every site, the Domain Naming System (DNS) was introduced. This is a mapping system that converts every IP address into a human-readable word like google.com or espn.com.
When you type a URL in the browser, the DNS system immediately looks through its tables, converts the human-readable name into an IP address, searches for a device with this IP, downloads information from it, and displays the same to you — all within about 50 microseconds!
Since these DNS servers play such an important role in mapping, staying on top of their health and performance at all times is important.
What are DNS zones?
Your DNS server can have many zones to manage the DNS namespace better. A DNS zone is a part or region of the namespace used as an administrative area to gain more control over some DNS components, such as authoritative namespaces.
In other words, these zones are created for administrative ease and redundancy and help administrators to boost their performance and availability.
You can view the DNS zone as a horizontal platform that cuts across the different subdomains owned by a company. For example, a DNS zone would be applicable for blog.hubspot.com, reports.hubspot.com, and more. But if you view any subdomain as a site by itself that needs dedicated administration, then it requires a separate zone.
All this information about what subdomains come under a DNS zone, the records stored in each, and the contact information of the zone administrator are stored in a DNS zone file. The format is stored as per the start of authority (SOA) records, and the exact information will depend on the type of zone.
Types of DNS Zones
Broadly speaking, there are five types of DNS zones.
- Primary zone
- Secondary zone
- Active Directory-integrated zone
- Stub zone
- Reverse lookup zone
The primary zone contains the read/write copy of the zone data, and this information is stored in a text file. The biggest disadvantage of primary DNS zones is that you can change the information only in one location at a time, and this could cause problems when the associated DNS server is down.
Active Directory-integrated zone
The Active Directory-integrated zone overcomes the problems of the primary zone that is heavily reliant on a single DNS server. Here, the primary DNS zone is stored on an Active Directory and not on a DNS zone. In other words, the DNS zone file that contains information about the DNS zone stays in an Active Directory database.
As a result, the DNS zone files follow the same replication procedure as the Active Directory, and more importantly, changes can be done on multiple servers simultaneously. Redundancy is a big advantage of this zone type, as changes can be made on any DNS server. It also supports secure dynamic updates.
However, the limitation is you must install the DNS on a domain controller.
The secondary zone is a read-only copy of another primary, Active Directory-integrated, or secondary zone. Since it is only a read-only copy, you can’t make any changes to it.
Essentially, the secondary zone passes exchange requests to the primary zone, and it doesn’t require the DNS server to be in the same domain. Also, the secondary zones can be in a non-Windows environment too, and this gives you more flexibility. It’s a good option for redundancy as well.
As the name suggests, a stub zone contains partial data from another zone. It is often the records required to find an authoritative server, which could be a primary or secondary zone containing the DNS zone files.
The biggest advantage of the stub zone is that it automatically updates its records.
Reverse lookup zone
In this zone, the zone file contains a mapping from the IP address to the host. For example, if you have an IP address, you can send it to the DNS zone and get the hostname. These zones are mostly used in troubleshooting where you know the IP address from the log files and want to know the hostname.
Now that you have a good idea of DNS basics and DNS zones, let’s see how you can set up and use them.
Setting up a DNS zone
Here is the step-by-step on setting up a DNS zone on Windows Server 2019, and this process is the same for Windows Server 2016, 2012, and so on, all the way down to Windows 2000.
- Go to the DNS server and expand the left-hand pane.
- Right-click on the server and choose “New Zone.” This opens a wizard for creating a zone.
- In the second step, you’ll see the different zones, so pick the one you want.
- Finally, look at the checkbox right at the bottom. Check it if you want to replicate this zone in other domain controllers.
- In the next step, check if it’s a forward or reverse lookup zone.
- Next, name your zone, and in the next window, you’ll be informed that a zone file will be created.
- In the next window, you have the option to allow dynamic updates. By default, it’s not set up in a primary zone non-Active Directory, so change the default values as required. It’s a good idea to go with the default value to prevent DNS hacks.
- In the next screen, hit the finish button, and you’ll see a new DNS zone in your DNS server, and by default, it will have the start of authority as well as the name server records.
- Right-click on the just-created DNS zone and choose “New Host.”
- Enter the internal IP address. You can also create the reverse pointer record by checking the box at the bottom. Finally, click “Add Zone.”
- To verify, open the command prompt and type ping followed by the zone name you just created. You should see the IP you entered.
With this, your internal users can access this zone. But for external users, do a port forwarding of 443 and port 80 TCP.
Using the IPAM direct console
Other than the above method, you can also use the IPAM direct console to create DNS zones. Here’s how to go about it.
- Go to the Server Manager and click IPAM to open the console.
- Navigate to Monitor and Manage, and click DNS and DHCP Servers. In the “Server Type” option, click DNS server and you’ll see all the DNS servers managed by IPAM.
- Choose the DNS server to which you want to add a zone. Right-click on it and choose “Create DNS Zone.”
- In the dialog box, go to “General Properties” and select a zone type and category. Give a zone name and run through the other values before click OK.
This will create your DNS zone.
To conclude, DNS zones ease administration and provide the necessary redundancy and control you need to handle your DNS servers. There are many types of DNS zones, and the choice depends on what you’re looking to get with a new DNS zone. Setting it up is fairly easy as well.
Featured image: Shutterstock