Complete Guide to Active Directory DNS

The Domain Name System (DNS) is a central part of the Internet, Intranet, and Its core functionality to provide a way to convert domain names to IPs (for example  to ) and vice versa (for example to

Active Directory Domain Services (ADDS) uses DNS services so that clients can locate domain controllers and communicate with each other. DNS Services are normally installed during the setup of Active Directory Domain Services setup.

What is the Difference between DNS and Active Directory?

Active Directory is a centralized management platform to manage permissions and access of users, computer, printer, and other network resources.
DNS stands for Domain Name System which supports conversion of a domain name to IP and IP to a domain name, it also enables the communication between network resources using a domain name instead of remembering complex IPs. In addition to this, DNS assists clients to locate domain controllers for authentication.

DNS Zones and Records

DNS Zone stores DNS resource records information, here is a list of zones in Active Directory-integrated DNS.

Primary Zone
The primary zone is the main zone and has a writeable copy of zone data. You can create/remove/edit DNS records in this zone. You can find the primary zone data file in text format in the following location in Windows Server hosting DNS role.


Secondary Zone
The secondary zone is a read-only copy of the primary zone. Any change made to the primary zone reflects the secondary zone. It can help to reduce the load on the primary zone by replying to the DNS queries (for example DNS in branch office).

Stub Zone
Stub zone enables DNS Server to resolve records from another domain. Its read-only and stores partial zone data such as SOA, NS, and A records.

Forward Lookup Zone
A forward lookup zone is used to provide conversion from hostname/domain to IP.

Reverse Lookup Zone
It’s quite opposite to the forward lookup zone and provides IP address to hostname/domain resolution.

List of DNS Records

A Records
Basic and most common records and used to point a hostname or domain to an IP address.
Example: —>

CNAME Records
CNAME records are also common and used to point one domain or subdomain to another domain or subdomain
Example: —>

MX Records
MX records are used to identify the mail server for email delivery. You can also mention priority in the records so which mail server should be used first.

TXT Records
TXT Records are used to store text-based information. This type of record mostly used for SPF data and verify domain ownership.

AAAA Records
AAAA records used to resolve to hostname to IPv6 IP address.

PTR Records
PTR records are mostly used in the reverse lookup zone which points IP to the hostname.

SRV Records
SRV Records are used to point to a service, you need to provide the hostname and port number where that service is running.

Benefits to DNS Integration with Active Directory

Here are a few primary advantages of using Active Directory Integrated Zones

  • Faster, secure, and more efficient replication between domain controllers.
  • Zones are automatically added to the new domain controllers whenever added to the Active Directory domain.
  • Better Security if a secure dynamic update feature is enabled.

Active Directory DNS Best Practices

  • Use at least two DNS servers for redundancy in each site.
  • All domain computers must use internal DNS servers.
  • Use Active Directory-integrated DNS zones for better security and smooth replication between DNS Servers.
  • DNS server should use allow the secure dynamic update to improve security.
  • Setup DNS Order on Domain Controller. Domain controller’s own IP should be its primary DNS and 2nd domain controller’s IP should be its Secondary DNS.
  • Configure Aging and Scavenging of DNS records.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More