Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:
- You want to delegate management of part of
your DNS namespace to another location or department in your
- You want to divide one large zone into
smaller zones to distribute traffic loads among multiple servers,
improve DNS name resolution performance, or create a
more-fault-tolerant DNS environment.
- You want to extend the namespace by adding
numerous subdomains at once, for example, to accommodate the
opening of a new branch or site.
If, for any of these reasons, you can benefit from delegating zones, it might make sense to restructure your namespace by adding additional zones. When you are deciding how to structure zones, use a plan that reflects the structure of your organization.
When you delegate zones within your namespace, remember that for each new zone that you create, you need delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone.
When a standard primary zone is first created, all the resource record information is stored as a text file on a single DNS server. This server acts as the primary master for the zone. Zone information can be replicated to other DNS servers to improve fault tolerance and server performance.
When you are structuring your zones, there are several good reasons to use additional DNS servers for zone replication:
- Added DNS servers provide zone redundancy,
which makes it possible for DNS names in the zone to be resolved
for clients if a primary server for the zone stops responding.
- Added DNS servers can be placed so as to
reduce DNS network traffic. For example, adding a DNS server to the
opposing side of a low-speed, wide area network (WAN) link can be
useful in managing and reducing network traffic.
- Additional secondary servers can be used to
reduce loads on a primary server for a zone.
Example: Delegating a subdomain to a new zone
As shown in the following illustration, when a new zone for a subdomain (example.microsoft.com) is created, delegation from the parent zone (microsoft.com) is needed.
In this example, an authoritative DNS server computer for the newly delegated example.microsoft.com subdomain is named that is based on a derivative subdomain that is included in the new zone (ns1.na.example.microsoft.com). To make this server known to other servers outside the new delegated zone, two resource records are necessary in the microsoft.com zone to complete delegation to the new zone.
These resource records include the following:
- A name server (NS) resource record to effect
the delegation. This resource record advertises that the server
named ns1.na.example.microsoft.com is an authoritative server for
the delegated subdomain.
- A host (A or AAAA) resource record (also
known as a glue record) is necessary to resolve the name of the
server that is specified in the NS resource record to its IP
address. The process of resolving the host name in this resource
record to the delegated DNS server in the name server (NS) resource
record is sometimes referred to as glue chasing.