Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Creating a Forward Lookup Zone

Updated: May 9, 2008

Applies To: Windows Server 2008

When the Domain Name System (DNS) server role is installed as part of creating a domain controller by installing Active Directory Domain Services (AD DS), the forward lookup zones that are required to support the domain are automatically created. Creating a forward lookup zone is only necessary when you create a DNS server that is not running on a domain controller or if you need to create a DNS domain that is not part of your Active Directory domain structure.

When you create a forward lookup zone, you must designate the zone as a primary, secondary, or stub zone:

  • A primary zone is a zone that is maintained on this server.

  • A secondary zone is a copy of a zone that is maintained on the primary server for the zone. Secondary zones help provide load balancing and fault tolerance for DNS zones.

  • A stub zone source only for information about the authoritative name servers for this zone because it contains only pointers to other DNS servers that are authoritative for the zone.

For more information about zone types, see Managing a Forward Lookup Zone.

Although a zone and a domain are logically separate, creating a zone begins with creating a domain. After you create a zone, you can then add additional domains (that is, subdomains) to the zone. Typically, the name of the zone and the name of the first domain in the zone are the same. After you add a subdomain to a zone, you can then manage and include it as part of the original zone records, or you can delegate it away to another zone that you create to support the subdomain. See Delegating a Zone for more information about zone delegation.

When you create a zone, you can choose whether or not to allow dynamic updates (that is, automatic updates to the zone that occur when clients add their own resource records to or remove their resource records from the zone. You can configure Active Directory–integrated zones to accept only secure dynamic updates.

To complete this task, perform the following procedure:

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft