You can manage settings for each zone by accessing the properties of the zone by rightclicking the zone and selecting the Properties menu option from the menu that appears.
The General tab of the Properties page allows you to modify the replication scope, type, dynamic updates, aging, and the status of the zone.
Ensure that each internal DNS zone is Active Directory integrated, use proper replication scope and supports only Secure Dynamic Updates.
Configure zone transfers and replication
The General tab allows you to configure the replication scope of the zone, as shown in Figure 2-16:
The replication scope options can be seen by clicking Change button next to Replication field. The replication scope options available are:
- To all DNS servers in the forest: Replicates zone data to all the DNS Server service in the AD DS forest. It replicates zone data to the ForestDNSZones partition and provides the broadest replication scope.
- To all DNS servers in the domain: Replicates zone data to all DNS Server in the Active Directory domain. It replicates zone data to the DomainDNSZone partition.
- To all domain controllers in the Active Directory domain: Replicates zone data to all domain controllers in the Active Directory domain to support Windows 2000 servers.
- To all domain controllers in the scope of this directory partition: Replicates zone data according to the replication scope of the application directory partition, as shown in Figure 2-17.
The Domain based DNS zone should replicate to all the DNS servers in the domain and the Forest based DNS zone should replicate to all the DNS servers in the forest.
While selecting the replication scope of the zone keep in mind that the broader the replication scope, the greater the network traffic is caused by replication. For example the data replication of AD DS–integrated DNS zone to all DNS servers in the forest produces more network traffic as compared to the replication of DNS zone data to all DNS servers in a single AD DS domain in that forest.
While replication, the AD DS-integrated DNS zone data stored in an application directory partition is not replicated to the global catalog for the forest whereas to provide support to Windows 2000, the data stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog.
The Zone Transfers tab allows you to enable/disable the zone transfers and set the name servers to which you allow this zone to be transferred upon request. If the zone is integrated then the zone transfers are not required.
You can enable zone transfers by selecting Allow zone transfers option, as shown in Figure 2-18. The zone transfer can be allowed to:
- To any server: allows zone transfer to any server.
- Only to servers listed on the Name Servers tab: Allow zone transfers only to the DNS servers that are listed on the Name Servers tab
- Only to the following servers: Allow zone transfers only to specific DNS servers listed in this tab.
The WINS tab allows you to assign WINS lookups if you cannot use GNZs. The Sate of Authority (SOA) tab allows you to modify the identification information of the zone, as shown in Figure 2-19.
For example if you want to change the value of the serial number you can increment the serial number that is assigned to the zone when it is created. You can modify the Primary server of the zone, which is the server where the zone was first created. You can also modify the responsible person who operates the zone. To modify the responsible person, you need to first create the responsible person. You can modify the various time based settings for the record. Usually the default values are acceptable.
The Name Servers tab allows you to add Name Servers to the zone. Add at least two name servers in a domain as a best practice. You can add the Name Servers by clicking the Add button on the tab.