Complete Guide to Active Directory DNS
The Domain Name System (DNS) is a central part of the Internet, Intranet, and Its core functionality to provide a way to convert domain names to IPs (for example www.Google.com to 220.127.116.11 ) and vice versa (for example 18.104.22.168 to www.Google.com).
Active Directory Domain Services (ADDS) uses DNS services so that clients can locate domain controllers and communicate with each other. DNS Services are normally installed during the setup of Active Directory Domain Services setup.
What is the Difference between DNS and Active Directory?
Active Directory is a centralized management platform to manage permissions and access of users, computer, printer, and other network resources.
DNS stands for Domain Name System which supports conversion of a domain name to IP and IP to a domain name, it also enables the communication between network resources using a domain name instead of remembering complex IPs. In addition to this, DNS assists clients to locate domain controllers for authentication.
DNS Zones and Records
DNS Zone stores DNS resource records information, here is a list of zones in Active Directory-integrated DNS.
The primary zone is the main zone and has a writeable copy of zone data. You can create/remove/edit DNS records in this zone. You can find the primary zone data file in text format in the following location in Windows Server hosting DNS role.
The secondary zone is a read-only copy of the primary zone. Any change made to the primary zone reflects the secondary zone. It can help to reduce the load on the primary zone by replying to the DNS queries (for example DNS in branch office).
Stub zone enables DNS Server to resolve records from another domain. Its read-only and stores partial zone data such as SOA, NS, and A records.
Forward Lookup Zone
A forward lookup zone is used to provide conversion from hostname/domain to IP.
Reverse Lookup Zone
It’s quite opposite to the forward lookup zone and provides IP address to hostname/domain resolution.
List of DNS Records
Basic and most common records and used to point a hostname or domain to an IP address.
Example: www.Google.com —> 22.214.171.124
CNAME records are also common and used to point one domain or subdomain to another domain or subdomain
Example: Help.Google.com —> Support.Google.com
MX records are used to identify the mail server for email delivery. You can also mention priority in the records so which mail server should be used first.
TXT Records are used to store text-based information. This type of record mostly used for SPF data and verify domain ownership.
AAAA records used to resolve to hostname to IPv6 IP address.
PTR records are mostly used in the reverse lookup zone which points IP to the hostname.
SRV Records are used to point to a service, you need to provide the hostname and port number where that service is running.
Benefits to DNS Integration with Active Directory
Here are a few primary advantages of using Active Directory Integrated Zones
- Faster, secure, and more efficient replication between domain controllers.
- Zones are automatically added to the new domain controllers whenever added to the Active Directory domain.
- Better Security if a secure dynamic update feature is enabled.
Active Directory DNS Best Practices
- Use at least two DNS servers for redundancy in each site.
- All domain computers must use internal DNS servers.
- Use Active Directory-integrated DNS zones for better security and smooth replication between DNS Servers.
- DNS server should use allow the secure dynamic update to improve security.
- Setup DNS Order on Domain Controller. Domain controller’s own IP should be its primary DNS and 2nd domain controller’s IP should be its Secondary DNS.
- Configure Aging and Scavenging of DNS records.