Understanding Zones

Applies To: Windows Server 2008, Windows Server 2008 R2

In addition to dividing your Domain Name System (DNS) namespace into domains, you can also divide your DNS namespace into zones that store name information about one or more DNS domains. A zone is the authoritative source for information about each DNS domain name that is included in the zone.

A zone starts with a single DNS domain name. If other domains are added below the initial domain, these domains can either be part of the same zone or belong to another zone. That is, when you add a subdomain, you can either include it as part of the original zone, or you can delegate it away to another zone that you create to support the subdomain.

For example, the following illustration shows the microsoft.com domain, which contains domain names for Microsoft. When the microsoft.com domain is first created at a single server, it is configured as a single zone for all of the Microsoft DNS namespace. If, however, the microsoft.com domain must use subdomains, those subdomains must be included in the zone or delegated away to another zone.

In this illustration, the example.microsoft.com domain has a new subdomain—the example.microsoft.com domain—delegated away from the microsoft.com zone and managed in its own zone. However, the microsoft.com zone must contain a few resource records to provide the delegation information that references the DNS servers that are authoritative for the delegated example.microsoft.com subdomain.

If the microsoft.com zone does not use delegation for a subdomain, any data for the subdomain remains part of the microsoft.com zone. For example, the subdomain dev.microsoft.com is not delegated away, but it is managed by the microsoft.com zone.

Zone replication and transfers

Because of the important role that zones play in DNS, they must be available from more than one DNS server on the network so that they can provide availability and fault tolerance. Otherwise, if only a single server is available and that server is not responding, queries for names in the zone can fail. So that additional servers can host a zone, zone transfers are required for replication and synchronization of all copies of the zone that are used at each server that is configured to host the zone.

When a new DNS server is added to the network and it is configured as a new secondary server for an existing zone, it performs a full initial transfer of the zone to obtain and replicate a full copy of resource records for the zone. Most earlier DNS server implementations use this same method of full transfer for a zone when the zone requires updating after changes are made to the zone. For DNS servers running Windows Server 2003 and Windows Server 2008, the DNS Server service supports incremental zone transfer, a revised DNS zone transfer process for intermediate changes. Incremental transfers provide a more efficient method of propagating zone changes and updates. Unlike in earlier DNS implementations in which any request for an update of zone data required a full transfer of the entire zone database, with incremental transfer the secondary server can pull only those zone changes that it needs to synchronize its copy of the zone with its source, either a primary or secondary copy of the zone that is maintained by another DNS server.