Planning DNS Zones

Applies To: Windows Server 2008, Windows Server 2008 R2

When you first partition your namespace into zones, review the traffic patterns in your current or proposed network. Although Domain Name System (DNS) is designed to help reduce broadcast traffic between local subnets, it does create some traffic between servers and clients that should be reviewed. This is particularly true in cases where DNS is used on routed networks. To review DNS traffic, you can use DNS server statistics or the DNS performance counters that are provided with System Monitor.

In addition to traffic routing, consider the impact of the following common types of DNS-related communication, especially when you are operating across slow-speed links on a wide area network (WAN):

  • Server-to-server traffic that is caused both by zone transfers with other DNS servers and by DNS interoperability with other servers (for example, when Windows Internet Name Service (WINS) lookup is enabled)

  • Client-to-server traffic that is caused by both query loads and dynamic updates that are sent by DNS client computers or DHCP servers providing dynamic updating for earlier-version DNS clients that do not support dynamic updates

For small, flat namespaces, you might use full replication of all DNS zones to all DNS servers in your network. For large, vertical namespaces, this is neither possible nor recommended. In larger networks, it is often necessary to study, test, analyze, and revise your zone plans based on observed or estimated traffic patterns. After careful analysis, you can partition and delegate your DNS zones based on the requirements for providing efficient and fault-tolerant name service to each location or site.

The DNS Server service supports incremental zone transfers between servers that replicate a standard zone. This feature can reduce DNS replication traffic considerations, and you should review it in zone planning.

You might also want to explore the use of caching-only servers, which do not host DNS zones. Caching-only servers are a good option at small remote sites that have a stable and minimal use for DNS name service but are located across a WAN where the transfer of a large zone over a slower link can consume large amounts of resources.