William Stanek - Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Each zone has separate properties you can configure. These properties set general zone parameters by using the SOA record, change notification, and WINS integration. In the DNS Manager console, you set zone properties by doing one of the following:

■Press and hold or right-click the zone you want to update, and then tap or click Properties.

■Select the zone, and then tap or click Properties on the Action menu.

The Properties dialog boxes for forward and reverse lookup zones are identical except for the WINS and WINS-R tabs. In forward lookup zones, you use the WINS tab to configure lookups for NetBIOS computer names. In reverse lookup zones, you use the WINS-R tab to configure reverse lookups for NetBIOS computer names.

An SOA record designates the authoritative name server for a zone and sets general zone properties, such as retry and refresh intervals. You can modify this information by following these steps:

1.In the DNS Manager console, press and hold or right-click the zone you want to update, and then tap or click Properties.

2.Tap or click the Start Of Authority (SOA) tab, and then update the text boxes shown in Figure 9–8.

FIGURE 9–8In the zone’s Properties dialog box, set general properties for the zone and update the SOA record.

You use the text boxes on the Start Of Authority (SOA) tab as follows:

■ Serial NumberA serial number that indicates the version of the DNS database files. The number is updated automatically whenever you make changes to zone files. You can also update the number manually. Secondary servers use this number to determine whether the zone’s DNS records have changed. If the primary server’s serial number is larger than the secondary server’s serial number, the records have changed, and the secondary server can request the DNS records for the zone. You can also configure DNS to notify secondary servers of changes (which might speed up the update process).

■ Primary ServerThe FQDN for the name server followed by a period. The period is used to terminate the name and ensure that the domain information isn’t appended to the entry.

■ Responsible PersonThe email address of the person in charge of the domain. The default entry is hostmaster followed by a period followed by your domain name, meaning hostmaster@your_domain.com. If you change this entry, substitute a period in place of the @ symbol in the email address and terminate the address with a period.

■ Refresh IntervalThe interval at which a secondary server checks for zone updates. The default value is 15 minutes. You reduce network traffic by increasing this value. However, keep in mind that if the interval is set to 60 minutes, NS record changes might not be propagated to a secondary server for up to an hour.

■ Retry IntervalThe time the secondary server waits after a failure to download the zone database. If the interval is set to 10 minutes and a zone database transfer fails, the secondary server waits 10 minutes before requesting the zone database once more.

■ Expires AfterThe period of time for which zone information is valid on the secondary server. If the secondary server can’t download data from a primary server within this period, the secondary server lets the data in its cache expire and stops responding to DNS queries. Setting Expires After to seven days enables the data on a secondary server to be valid for seven days.

■ Minimum (Default) TTLThe minimum time-to-live (TTL) value for cached records on a secondary server. The value can be set in days, hours, minutes, or seconds. When this value is reached, the secondary server causes the associated record to expire and discards it. The next request for the record needs to be sent to the primary server for resolution. Set the minimum TTL to a relatively high value, such as 24 hours, to reduce traffic on the network and increase efficiency. Keep in mind that a higher value slows down the propagation of updates through the Internet.

■ TTL For This RecordThe TTL value for this particular SOA record. The value is set in the format Days: Hours: Minutes: Seconds and generally should be the same as the minimum TTL for all records.

Zone transfers send a copy of zone information to other DNS servers. These servers can be in the same domain or in other domains. For security reasons, Windows Server 2012 R2 disables zone transfers. To enable zone transfers for secondaries you’ve configured internally or with ISPs, you need to permit zone transfers and then specify the types of servers to which zone transfers can be made.

Although you can allow zone transfers with any server, this opens the server to possible security problems. Instead of opening the floodgates, you should restrict access to zone information so that only servers you’ve identified can request updates from the zone’s primary server. This enables you to funnel requests through a select group of secondary servers, such as your ISP’s secondary name servers, and to hide the details of your internal network from the outside world.

To allow zone transfers and restrict access to the primary zone database, follow these steps:

1.In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.

2.Tap or click the Zone Transfers tab, as shown in Figure 9–9.

FIGURE 9–9Use the Zone Transfers tab to allow zone transfers to any server or to designated servers.

3.To restrict transfers to name servers listed on the Name Servers tab, select the Allow Zone Transfers check box, and then choose Only To Servers Listed On The Name Servers Tab.

4.To restrict transfers to designated servers, select the Allow Zone Transfers check box and then choose Only To The Following Servers. Then tap or click Edit as appropriate to display the Allow Zone Transfers dialog box. Tap or click in the IP Address list, enter the IP address of the secondary server for the zone, and then press Enter. Windows then attempts to validate the server. If an error occurs, make sure the server is connected to the network and that you’ve entered the correct IP address. If you want to copy zone data from other servers in case the first server isn’t available, you can add IP addresses for other servers as well. Tap or click OK.

5.Tap or click OK to save your changes.

You set properties for a zone with its SOA record. These properties control how DNS information is propagated on the network. You can also specify that the primary server should notify secondary name servers when changes are made to the zone database. To do this, follow these steps:

1.In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.