AD DS integrated zones store DNS zone data in the AD DS database
Benefits of using AD DS integrated zones:
• Replicates DNS zone information using AD DS replication • Supports multiple master DNS servers • Enhances security • Supports record aging and scavenging
Module 6: Configuring Domain Name Service for Active Directory® Domain Services
Module Overview
• Overview of Active Directory Domain Services and
DNS Integration
To all domain controllers in the AD DS domain Domain Config Schema DomainDNSZone ForestDNSZones CustomApp To all domain controllers in the replication scope for the application partition
• How Secure Dynamic DNS Updates Work
• Demonstration: Configuring AD DS Integrated Zones • How Background Zone Loading Works
What Are AD DS Integrated Zones?
• What Are AD DS Integrated Zones? • What Are Application Partitions in AD DS? • Options for Configuring Application Partitions
for DNS
• How Dynamic Updates Work
TTL class type priority weight
Example of an SRV record
port target
_ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den-dc1.contoso.msft
Domain Controllers
• How Service Resource Locator Records Are Used
• Integrating Service Resource Locator Records and
AD DS Sites
AD DS and DNS Namespace Integration
Lesson 3: Configuring Read-Only DNS Zones
• What Are Read-Only DNS Zones? • How Read-Only DNS Works • Discussion: Comparing DNS Options for Branch Offices
What Are Application Partitions in AD DS?
The AD DS database is divided into directory partitions, with each directory partition replicated to specific domain controllers • A DNS zone can be stored in the domain partition or in an application partition • Administrators can define the replication scope of custom application partitions • DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data
Domain Domain Config Schema App1 Domain Config Schema Config Schema App1 App2
Options for Configuring Application Partitions for DNS
DNS information can be stored in a variety of application partitions
1
DNS Server Resource Records
Client sends SOA query
2
3 4
DNS server sends zone name and server IP address
Client verifies existing registration DNS server responds by stating that registration does not exist Client sends dynamic update to DNS server
How Service Resource Locator Records Are Used
1 2
Locator initiates a call to Net Logon service
Locator collects information about the client Net Logon uses the information and queries DNS for SRV resource records Net Logon tests connectivity to target servers Domain controllers respond, indicating that they are operational Net Logon returns the information to clients
3
4 5 6
Integrating Service Locator Records and AD DS Sites
Local DNS Server
NYC-DC1 NYC Sesson 2: Configuring AD DS Integrated Zones
• A DNS zone as AD DS integrated • Dynamic updates on DNS zones • Dynamic update settings on a network connection • Secure dynamic updates
How Background Zone Loading Works
1
2
3
4
5
5
Windows Server 2008 Windows Vista Windows XP
How Secure Dynamic DNS Updates Work
A secure dynamic update is accepted only if the client has the proper credentials to make the update
When a domain controller with Active Directory-integrated DNS zones starts, it:
• Enumerates all zones to be loaded • Loads root hints from files or AD DS servers • Loads all zones that are stored in files rather than in AD DS • Begins responding to queries and RPCs • Starts one or more threads to load the zones that are stored in AD DS
• A user attempts to change his or her password • An Exchange 2003 server performs a directory lookup
• An administrator modifies AD DS
SRV record syntax:
Windows Vista DNS Client
Local DNS Server
Domain Controller with Active Directory Integrated DNS Zone
Demonstration: Configuring AD DS Integrated Zones
In this demonstration, you will see how to configure:
To all domain controllers that are DNS servers in the AD DS domain
To all domain controllers that are DNS servers in the AD DS forest
How Dynamic Updates Work
• A sub domain of the external
name space
• A different name space where the
domain and local are different names

Demonstration: SRV Resource Records Registered by AD DS Domain Controllers