When implementing a DNS infrastructure in an Active Directory domain, the DNS zone data is automatically replicated to all DNS servers because by default, a zone will be replicated to all DNS servers within a domain. Active Directory-integrated zones offer a reliable data replication system, requires less configuration and its easier to implement and maintain than standard zones. One important aspect of AD-integrated zones are the application directory partitions. These are directories stored in AD which contain data that is replicated to certain DNS servers. By creating replication purposes for certain DNS servers, you create a robust and secure DNS infrastructure by eliminating DNS traffic that is not needed. Suppose you have a zone that must be replicated only on two DNS servers rather than copying the zone data to all DNS servers within your domain. You would use a custom directory partition in which you’d enlist only those servers.
When you create an Active Directory-integrated zone, two application directory partitions are build automatically: DomainDnsZones and ForestDnsZones:
The DomainDnsZones partition will replicate its data to all Domain Controllers running the DNS service that are part of the same domain. The ForestDnsZones will replicate the information to all Domain Controllers running the DNS service from the whole forest. If you delete by mistake these zones, you can recreate them by right clicking the server’s name and selecting Create Default Application Directory Partitions:
Depending on your infrastructure requirements, you can create custom directory partitions that will host information sent to particular DC from different subdomains. The new partition will be hosted on the server in which it was created. You’ll have to enlist other DC to replicate the zone within the domain. Note that the directory partition will manage the replication scope.
We will create a new AD-integrated zone an then we will add it to a new directory partition. Login on one of the DC running the DNS service, open a command prompt and type the following:
dnscmd . /createdirectorypartition Partition1.ppscu.com
The “.” specifies that the directory partition will be created on the present server. By changing the “.” with a server’s name you can create a directory partition on a remote server.
Now let’s create a new forward lookup zone named ppscu.com. Create the primary zone and select the option to Store the zone in Active Directory:
In the Active Directory Zone Replication Scope, select the option to replicate information to all domain controllers specified in the scope of this directory partition and select our newly created directory partition:
Our new zone will appear in the DNS console and inside it the newly created directory partition:
Other DNS server will be able to receive zone data only if they are enlisted in the directory partition. Open a command prompt and type in the following:
dnscmd [servername] /enlistdirectorypartition Partition1.ppscu.com
I’ve added my DNS server named DC01.test.org so if I connect to this server, the new zone should appear there. As you can see, I’ve created the zone on VM1 and stored the zone data in the Partition1.ppscu.com and then I’ve enlisted DC01 to the directory partition and the zone was copied to this server:
Only these two servers will receive DNS information from the ppscu.com zone.
I think that’s about it for this post folks, wish you all the best and stay tuned for the following article!