Updates from QA Training

Creating an Active Directory Integrated DNS Zone

In traditional DNS, the DNS records are stored inside files, this works. With Windows 2012 we have the ability to store the DNS records in Active Directory, this in turn leads to secure storage, more efficient replication and a multi master DNS model.


Bryan O'Connor | 16 April 2013

In traditional DNS, the DNS records are stored inside files, this works. With Windows 2012 we have the ability to store the DNS records in Active Directory, this in turn leads to secure storage, more efficient replication and a multi master DNS model.

One of the courses I teach is the Microsoft Windows 2012 Installing and Configuring course, the Microsoft designation is the 20410B .

In the presentation, we look at creating an Active Directory Integrated DNS zone in Microsoft Windows Server 2012.

A DNS server can store zone data in the AD DS database provided that the DNS server is an AD DS domain controller. When the DNS server stores zone data in this way, this creates an Active Directory Integrated zone.

The benefits of an Active Directory-integrated zone are significant:

Multi master updates. Unlike standard primary zones which can only be modified by a single primary serve Active Directory Integrated zones can be written to by any writable domain controller to which the zone is replicated. This builds redundancy into the DNS infrastructure. In addition, Multi master updates are particularly important in geographically distributed organizations that use dynamic update zones, because clients can update their DNS records without having to connect to a potentially geographically distant primary server.

Replication of DNS zone data by using AD DS replication. One of the characteristics of Active Directory replication is attribute level replication in which only changed attributes are replicated. An Active Directory Integrated zone can leverage these benefits of Active Directory replication, rather than replicating the entire zone file as in traditional DNS zone transfer models.

Secure dynamic updates. An Active Directory-integrated zone can enforce secure dynamic updates.

Granular security. As with other Active Directory objects, an Active Directory-integrated zone allows you to delegate administration of zones, domains, and resource records by modifying the access control list (ACL) on the zone.

The demonstration is available at the BryanQA Youtube site

Bryan O'Connor

Senior Technical Instructor

Bryan O’Connor is a Senior Technical Instructor at QA, teaching VMware, Microsoft and CompTIA courses. In the past, Bryan has also been certified by Novell as a MCNI (Master Certified Novell Instructor). Bryan started in the world of IT in 1986 and has worked in a variety of roles ranging from PC support technician to Network design and consultancy, to Virtualisation consultant. At last count, Bryan held over 40 professional VMware, Microsoft, Novell and CompTIA certifications. Bryan has advised many large organisations on their IT and project management needs to allow them to benefit from the increase in productivity provided by computer systems. In addition to teaching, Bryan does a variety of jobs in QA, including supporting the sales staff and setting up the classrooms. Outside of QA, Bryan enjoys spending time with his wife Tracey and their two daughters Meagan and Jessica, unless there’s a grand prix on the TV when he enjoys paying Tracey, Meagan and Jessica to disappear for the day.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.