How to Create a Secondary DNS Zone in Windows Server 2003?
Secondary DNS zone is a read only copy of the primary DNS zone. This means that whenever an administrator wants to modify the database of DNS server he needs to manipulate primary DNS zone only. Since secondary DNS zone is just a read-only copy replication process is one way i.e. from the server which has primary DNS zone to the server that has secondary DNS zone. You can configure secondary DNS zone on a DNS server by following the steps given below:
- Log on to the DNS server using administrative privileges.
- Click on Start button.
- From the start menu go to Administrative Tools and from the submenu click on DNS.
- From the opened snap in expand the name of your computer (which is PCTIPS-3000 in this case).
- From the left pane right-click on Forward Lookup Zone and click on New Zone.
- On Welcome to the New Zone Wizard page click on Next button.
- On the Zone Type page select Secondary zone radio button and click on Next button.
- On Zone Name page type the name of the primary DNS zone for which this secondary DNS zone is being created (TESTDOMAIN.COM in this case) and click on Next button.
- On Master DNS Servers page in IP address text box type the IP address of the primary DNS server and click on Add button. The IP addresses specified here will work as the primary DNS servers for this secondary DNS zone and will replicate their data to this server.
- Once done click on Next button.
- On Completing the New Zone Wizard page go through the summary carefully and when satisfied with the configuration click on Finish button.
Production Environment:
Since secondary DNS zone is a read only copy and replica of primary DNS zone in most cases it is placed at the perimeter network. The reason behind this is that since perimeter network is supposed as comparatively risky area secondary DNS zone can reduce the possibility of malicious attacks as no hacker could poison it by placing false data in the server.