Choosing a Propagation Method

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After you decide which zone each DNS server hosts, decide how to propagate the zones among the servers. Propagated zones provide higher availability, improve query response time, and reduce network traffic produced by name queries. However, propagated zones require storage space and increase network traffic. If your network is distributed and managed at different sites, use subdomains for these sites. If you do not have a distributed network, avoid using subdomains when possible.

In Windows Server 2003, zones are propagated by means of file-based zone transfer or Active Directory replication. If you use file-based zones, file-based zone transfer is the method of propagation. If you have Windows Server 2003 and Windows 2000 Active Directory–integrated zones, use Active Directory replication.

File-Based Zone Transfer

Windows Server 2003 and Windows 2000 DNS support both incremental and full zone transfer of file-based zones. Incremental zone transfer is the default method, but if this method is not supported by a third-party DNS server that is involved in the transfer, DNS servers running Windows Server 2003 and Windows 2000 transfer the full zone.

Incremental zone transfer, described in RFC 1995:Incremental Zone Transfer in DNS, provides better use of available network bandwidth. Rather than sending the entire contents of the zone file, the primary server only transfers the incremental changes in the zone. This reduces the impact of DNS zone transfers on network traffic. Without incremental zone transfers, the primary server transfers the entire zone file to the secondary server every time a DNS zone is updated.

Windows Server 2003 DNS uses full zone transfer when zones must be transferred to DNS servers that do not support incremental zone transfer, such as DNS servers running on Windows NT 4.0 or earlier versions of BIND 8.

Active Directory Replication

Active Directory replication propagates zone changes between domain controllers. Replication processing differs from DNS full zone transfers, in which the DNS server transfers the entire zone. Replication processing also differs from incremental zone transfers, in which the server transfers all changes made since the last change.

Active Directory zone replication provides the following additional benefits:

• Network traffic is reduced because the domain controllers only send the final result of all changes.

• When a zone is stored in Active Directory, replication occurs automatically. No additional configuration is required.

• When Active Directory zone replication occurs between sites, zone data that is greater than the default transfer size is automatically compressed before it is transferred. This compression decreases the network traffic load.

After careful analysis, you can partition and delegate your DNS zones based on what is required for providing efficient and fault-tolerant name service to each location or site.

If you are using Active Directory–integrated zones in a Windows Server 2003 domain, you must select an Active Directory–integrated zone replication scope. When selecting a replication scope, note that network traffic increases as you broaden the replication scope. For example, if you choose to replicate Active Directory–integrated DNS zone data to all DNS servers in the forest, this produces greater network traffic than replicating the DNS zone data to all DNS servers in a single Active Directory domain in that forest. Balance your need to minimize replication traffic against your need to minimize zone query traffic. The DNS administrators in your organization are responsible for managing zone replication.

Table 3.8 lists the replication options for Active Directory–integrated zone data.

Table 3.8   Replication Options for Active Directory–Integrated Zone Data