Create and Configure a DNS Zone in Windows Server 2022

As a core component of a DNS Server, a DNS Zone creates and stores DNS resource records. That means the DNS zones store all the resource records of a DNS namespace in themselves, and according to those records, the DNS Server resolves names to IP addresses upon the DNS queries by clients. The DNS Servers manage the DNS zones. It is the very fundamental configuration we must accomplish right after installing the DNS Service. Hence, this article covers how to create and configure a DNS Zone in Windows Server 2022 step-by-step. Before that, we need a comprehensive understanding of the DNS Zone types and their functions. That’s why we will first cover a brief overview of the DNS zone types and their functions. Then, we will create and configure DNS zones of all types in a separate section.

You may also like to read: Install DNS In Server 2022 Using Server Manager And Powershell.

Forward Lookup Zone and Reverse Lookup Zone

DNS Forward Lookup Zone and Reverse Lookup Zone

Broadly classifying, there are two types of zones available in a DNS Server. The first one is the Forward Lookup Zone which resolves names and, sometimes, services to IP addresses. The second one is the Reverse Lookup Zone which resolves IP addresses to names. While we always use the first type in every networking environment, we rarely use the second type for some security reasons. Furthermore, we have four types of zones that we can create and configure in each one of these two zone classes. In fact, when we talk about zone configuration, we configure one of these four types, whether in the Forward Lookup Zone or the Reverse Lookup Zone. Wherever we create them, they function accordingly. Now, let’s see each of these four zone types we can create and configure.

1. Primary DNS Zone

As the name refers, the Primary DNS Zone is the main DNS zone that a primary DNS server hosts. It stores the read/write copy of the zone data (resource records). Let’s say we have a DNS Server for our main office with a thousand clients. Now, that DNS Server hosts a primary zone and stores the DNS records of all those thousand clients with both read and write privileges.

2. Secondary DNS Zone

The Secondary DNS Zone stores a read-only copy of the Primary DNS zone. It goes hand-in-hand with the primary zone. If a change occurs in the primary zone, that change replicates in the secondary zone. We can not delete or add a new resource record in a secondary DNS zone. We use it mainly to reduce the workload on the primary DNS server, prevent a single point of failure, and reduce other resource usages like network bandwidth in a scenario where the company’s branches are connected over a WAN link.

3. Stub DNS Zone

A Stub DNS Zone is very similar to a secondary DNS zone. But, it stores a copy of resource records of only the name servers (NS) of a primary zone and not all resource records of a primary zone. Like the primary-secondary zones, we use it to reduce loads on the primary DNS Server, prevent a single point of failure, and reduce other resource usage.

4. Active Directory Integrated (ADI) DNS Zone

An active directory Integrated zone, or ADI zone for short, can be hosted only on a DNS server which is also the Domain Controller. Using the ADI zone, all the resource records automatically replicate between the two DNS servers. It is entirely bidirectional and multi-master. That means any changes on one side replicate to the other side. This type is the most secure as the replications are encrypted.

Now that we have a conceptual understanding of each DNS zone type, we will go forward and practically configure each one in a separate section.

Create and Configure a Primary DNS Zone

From the above descriptions, we understand what a Primary DNS Zone is and where we use it. We will walk through the below steps to create and configure a primary DNS zone in Windows Server 2022.

1. Open the DNS Manager console. To do so, open the Run dialogue box by pressing the Windows Key + R keys combination on your keyboard. Typednsmgmt.msccommand and press enter to open it. You can also open it by navigating through Server Manager >> Tools >> DNS.

Opening DNS Manager Using RUN Command

2. Under the Server name on the DNS Manager console, you can create a new zone of both Forward Lookup Zones and Reverse Lookup Zones. Whichever you intend to create, right-click on it and choose the New Zone option. Consequently, click on the Next button on the first screen.

Create a New Zone Option on DNS Manager

3. To create a Primary Zone, check out the first option and uncheck the last checkbox. Then, click on Next.

Selecting the Primary Zone Type on the Zone Type screen

4. On the Zone Name console, type your zone name and click on Next to continue.

Naming the New DNS Primary Zone

5. Now, configure the zone file. Choose the first option to create a new zone file, and click on the Next. The DNS zone creates a file to save the associated resource records. This file will be saved in the C:\Windows\System32\dns directory.

Naming the New Primary DNS Zone file

6. In this step, configure the Dynamic Updates. For the Primary DNS Zone, we have two options, and almost always, we choose the first active option, as shown in the picture. If we select the Do not allow dynamic updates option, we must manually update the resource records each time there is a new record, which is impossible in most cases. When it is set, click on the Next button. Finally, click on Finish on the last page.

Configure Dynamic Update for the New DNS Zone

That is all with the Primary DNS zone configuration. However, we still need to configure zone transfer.

Configure Primary DNS Zone Transfer

We learned how to create and configure a new Primary DNS zone in Server 2022. But, we still need to configure the zone transfer for our newly created primary DNS zone. The zone transfer configuration specifies the server(s) with which our primary zone must replicate its information. Follow the steps below to configure Zone Transfer.

1. Right-click on your DNS Zone and select the Properties option from the list.

Going to the Properties of a Zone

2. On the zone properties page, select the Name Servers tab and click on Add button.

Adding a New Server for Zone transfer

3. On the New Name Server Record screen, type the name or IP address of the secondary server with which you want to replicate this zone’s resource records. Use the Resolve button to resolve it. Once you have added the secondary server(s), click on the OK button. Do not care about the warning sign with the resolved server(s). Finally, close the zone’s Properties window.

Adding a New Name Server for Zone Transfer

We are all done with the primary zone. We have created and configured it, and then we configured the zone transfer. It is all set and ready to resolve names and replicate its records with the secondary DNS zone on the Server(s) we have just added.

Create and Configure a Secondary DNS Zone

A secondary DNS zone, as we described earlier, is a read-only copy of the primary DNS zone that updates itself with a replication of the Primary DNS zone records associated with it. It is also very similar in terms of configuration steps. Anyway, let’s move on and go with those steps to create and configure a Secondary DNS zone in Server 2022.

1. Open the DNS Manager console on the secondary server (Same as the Primary DNS zone described above)

2. Create a new DNS zone (Same as the step 2 of the primary DNS zone described above)

3. Choose the Secondary Zone option as shown in the below picture to create a secondary DNS zone. Then, click on the Next button.

Choosing The DNS Zone Type for Secondary DNS Zone

4. Name the Secondary DNS zone. Remember that it is mandatory that the Secondary DNS zone name must be the same as the Primary DNS zone with which you want to associate. That is what makes them correlate with each other. So our secondary DNS name becomes Zone1 as of the primary DNS zone. Click on Next when it is set.

Naming the Secondary DNS Zone

5. Specify the Master DNS Server(s) using their IP addresses or names. Once specified correctly, click on the Next button. Finally, click on the Finish button on the next page.

Choosing the Master DNS Server for Secondary DNS Zone

At this point, we have successfully created and configured the secondary DNS zone. Now, let’s verify if they work correctly.

Verify Primary-Secondary DNS Zones

We already know the purpose of the primary and secondary DNS zones. So, it is clear that all the resource records from the primary DNS zone should automatically get stored in the secondary DNS zone. Besides learning how to create and configure a DNS Zone in Server 2022, we verify this replication of resources and check if it works.

To verify this configuration, first, we manually create a new record in the primary DNS zone on the DNS server that hosts it (DC1 in our scenario). Then, we check if it is replicated in the secondary DNS zone on the DNS server that hosts our secondary zone (SRV1 in our scenario). Let’s move on step by step.

1. On the primary DNS server (DC1 in our example), right-click on the primary zone you have created and choose New Host (A or AAAA) option from the list.

Creating New Record in a DNS Zone

2. Put the name of the new record in the Name box, and put the IP address associated with that name in the IP address box. Then, click on the Add Host button. Next, click on the OK button on the message window. Finally, click on the Done button.

Adding New Host A in a Primary DNS Zone

3. On the secondary DNS server (SRV1 in our example), click on the secondary zone and see if the record you have created in the primary zone is added there. Remember that it might take a few seconds to replicate. So, refresh the DNS manager window on the secondary server.

Replicated DNS Resource Record in the Secondary Zone

This way, we can manually add a DNS record in our primary zone and check if it replicates to the secondary zone.

Create and Configure a Stub DNS Zone

Earlier in this article, we discussed the Stub DNS zone. We know where we use it and what resource records it stores. Now in this section, we dive into the steps on how we can create and configure a Stub zone in Windows Server 2022. Most of the steps are similar to the secondary zone configuration we covered above. So, to keep it short, we will refer to the secondary zone configuration steps for similar ones.

1. Open DNS Manager console (same as the Step 1 of secondary zone configuration)

2. Create a new DNS zone (Same as the step 2 of the secondary zone configuration)

3. Choose the Stub zone option on the Zone Type window.

Selecting the Stub Zone Option for New Stub Zone

4. Enter the name of the Stub zone. (Same as step 4 of the secondary zone configuration)

5. Configure zone file. (Same as the step 5 of the Primary zone configuration discussed above)

6. Add the master server (primary server which hosts the primary zone) as we did for the secondary DNS zone.

We configured a Stub Zone following these six steps. It is straightforward and requires almost the same steps as the secondary zone configuration except for steps three and five, where we specify the zone type and configure the zone file.

Create and Configure an Active Directory Integrated (ADI) DNS Zone

We are familiar with the concept of Active Directory Integrated (ADI) DNS Zones, as we discussed earlier in this article. To remind you, the ADI zones can be hosted only on the DNS servers, which are also the domain controller. With that in mind, this section covers the steps on how to create and configure an ADI DNS zone in Windows Server 2022. Let’s walk through the steps. To keep it short, we will refer to some of the above section’s steps if there are similar steps to the above sections.

1. Pull up the DNS Manager console as we did in previous sections.

2. Create a new DNS zone. (step 2 of the above sections)

3. Select the Primary zone option and check out the last checkbox option for the ADI DNS zone. Click on Next afterward.

Selecting Active Directory Integrated DNS Zone Option

4. Select the replication scope for the ADI zone in which it must replicate its resource records. We always use one of the two first options. The first one is to replicate the zone to all servers in the forest, and the second option is to replicate it to all servers in the domain. It depends on your environment and the plan accordingly. When done, click on Next.

Selecting the Replication Scope for ADI DNS Zone

5. Type a name for your ADI DNS zone and click on Next to continue.

Naming ADI DNS zone

6. Configure the Secure Dynamic Update in this step. For the ADI DNS zone, the first option is also available. Almost always, we use the first option for an ADI zone. It also depends on your plan. Click on the Next button when it is set. Then, click on Finish in the next window.

Configuring Secure Dynamic updates for ADI DNS zone

That is all the steps we walk through to create and configure an ADI DNS zone in Windows Server 2022.

Summary

To revise what we covered in this article, we started with an overview of the DNZ zones. First of all, we discussed the Forward Lookup Zone and Reverse Lookup Zone. We covered a brief overview of the four zones we can create and configure in each Forward and Reverse Lookup Zones. Next, in a step-by-step approach, we covered the primary zone creation and configuration. Likewise, we stepped into secondary zone configuration steps. Another small topic we covered was verifying primary-secondary zones. A stub zone configuration was the next section we covered. Finally, we explained the ADI DNS Zone configuration in six steps.

In the end, I would like to share my happiness in having you read our articles. Please feel free and let us know your thoughts and queries regarding our content.

Active Directory Integrated ZoneADI DNS ZoneConfigure DNS ServerConfigure DNS ZoneCreate DNS ZoneDNS ServerDNS ServiceDNS Zone TransferForward Lookup ZoneHow toPrimary DNS ZonePrimary Secondary DNS ZoneReverse Lookup ZoneSecondary DNS ZoneStub DNS ZoneWindows Server 2022
Comments (0)
Add Comment