Active Directory-Integrated DNS

Active Directory–integrated DNS enables Active Directory storage and replication of DNS zone databases. Windows 2000 DNS server, the DNS server that is included with Windows 2000 Server, accommodates storing zone data in Active Directory. When you configure a computer as a DNS server, zones are usually stored as text files on name servers — that is, all of the zones required by DNS are stored in a text file on the server computer. These text files must be synchronized among DNS name servers by using a system that requires a separate replication topology and schedule called a zone transfer However, if you use Active Directory–integrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an Active Directory object and is replicated as part of domain replication.


Only DNS servers that run on domain controllers can load Active Directory–integrated zones.

To use DNS integration within Active Directory, assign the zone type Active Directory-integrated when you create the zone. (For more information about how to create zones, see Windows 2000 Server Help.) Objects that represent zone database records are created in the Microsoft DNS container within the System container (visible in the Advanced Features view in Active Directory Users and Computers), and the contents are replicated to all domain controllers in the domain. When you have Active Directory–integrated DNS zones, all Active Directory domain controllers that run Windows 2000 DNS server and are appropriately configured function as primary name servers.

When DNS data is stored in Active Directory, each DNS zone is an Active Directory container object (class dnsZone ). The dnsZone object contains a DNS node ** object (class dnsNode ) for every unique name within that zone. These unique names include the variations assigned to a specific host computer when it functions, for example, as a primary domain controller or as a Global Catalog server. The dnsNode object has a dnsRecord multivalue attribute that contains a value for every resource record that is associated with an object's name.

Figure 1.5 shows the relationship between the DNS nodes (dnsNode objects) in the Active Directory–integrated zone and the computer objects that were illustrated in Figure 1.4. When DNS is integrated with Active Directory, the DNS node for a computer corresponds to a dnsNode ** object in the directory. The resource records that are registered by the computer in DNS are represented as attribute values on the dnsNode object.


Figure 1.5 DNS Zones and DNS Nodes Stored in Active Directory

When other non-Windows 2000 DNS servers are already in place and Active Directory domains represent only part of the overall DNS namespace, standard zone transfer still can be used to synchronize zone data between Active Directory and other DNS servers (that is, using Active Directory–integrated primary DNS zones does not preclude other DNS implementations). For more information about using different DNS servers, see "Windows 2000 DNS" in the TCP/IP Core Networking Guide .

When Windows 2000 DNS server is installed on at least one domain controller and has Active Directory–integrated zones, the zone data is always replicated to every domain controller in the domain.

For more information about where to place DNS servers, see Windows 2000 Server Help and also "Windows 2000 DNS" in the TCP/IP Core Networking Guide . For more information about zone transfer and the location of zone data in Active Directory, see "Introduction to DNS" and "Windows 2000 DNS," respectively, in the TCP/IP Core Networking Guide . For more information about DNS objects in Active Directory, see Windows 2000 Server Help.