Filter
Top Products
Note: Only DNS servers running on domain controllers can load DS integrated
zones.
The Replication Model
Since DNS zone information is now stored in Active Directory service, whenever an
update is made to a DNS server, it simply writes the data to Active Directory and
continues performing its usual functions. Active Directory service is now responsible
for replicating the data to other domain controllers. The DNS servers running on
other DCs will poll the updates from the DS.
Because Active Directory service uses the multi-master replication model, DNS
updates can be written to any DS integrated DNS server, and the data will
automatically be replicated across all the domain controllers. The multi-master
replication model, however, does have some caveats that are worth discussing. The
ability to write to Active Directory service from multiple domain controllers at the
same time can create a conflicting situation where the changes are made to the
same object on two different DNS servers. The conflict will eventually be resolved in
favor of the last update made to the object based on the timestamps of the updates.
The same rule is applied in the case where two or more nodes with the same name
are created on two or more DNS servers. Until the conflict is resolved and the DNS
server, containing invalid update, polls the valid data from the DS, it is possible that
requests for the same object made to two different DNS servers will be resolved
differently. This is why the ADS database is called loosely consistent.
Note: This subsection described the replication model between different copies of
the DS integrated zones only. There are implemented two other replication models
corresponding to the zone transfer between non-DS-integrated primary and
secondary zone files and between DS integrated primary and secondary zone files,
described below in the sections on “Protocol Description” and “IXFR and DS
Integration” respectively.
Zone Type Conversions
It is possible to convert any type of existing DNS zone to any other type. The issues
surrounding the primary zone conversions are of the most interest.
If a DS integrated zone is converted to an original (non-DS-integrated) primary zone
file, the DNS server loading the new primary zone must become the single primary
of the zone for the update. Therefore, the converted zone has to be deleted from
Active Directory service (namely from all DC databases previously authoritative for
this zone) so that the outdated or incorrect information is not being replicated.
Controlling Access to Zones
Active Directory service integration provides another valuable feature—the Secure
Dynamic DNS Updates. The DS maintains the Access Control Lists (ACL)
specifying groups or users who are allowed to modify the DS-integrated zones.
Windows 2000 White Paper
13