Primary zone is a zone that can be updated directly on the DNS server where the zone resides. This means administrator can do any operations in the primary zone including modify, delete, and create DNS record. When DNS Server role is configured as part of Active Directory role configuration, Windows already configure a primary zone automatically. However if you would like to add another one, you can do so. In this post we are going to show you the tutorial to create and Configure Primary Zone in Windows DNS Server.
Create and Configure Primary Zone in Windows DNS Server
In this tutorial we are using our server (AS-DCO001, running Windows Server 2012 R2) which serves as both the Domain Controller and DNS Server. In our DNS server we already have a primary zone named mustbegeek.com which is created as part of the Active Directory installation. Now for the example, we wll create another zone named example.com in the server. Below are the steps that we performed to create the new zone:
Using DNS Manager
To start configure primary zone in Windows DNS Server, we begin by opening the DNS Manager. To open the DNS Manager, we can do it from Server Manager as shown in the picture below.
In the DNS Manager, expand the server name. You’ll see a few items there with icon similar to a folder icon. Some of the items are Forward Lookup Zones and Reverse Lookup Zones.
Now depending on the types of zone that you want to create, right click on either Forward or Reverse Lookup Zones, and select “New Zone”. In this example we are creating new zone in the Forward Lookup Zones.
Click Next on the welcome screen.
Select Primary zone as the type of zone you want to create. Optionally you can tick the option to Store the zone in Active Directory, which we did in this example. This allows the zone to be replicated across DNS servers in the domain, which we will also configure on the next step. If your’e doing this step on a standalone DNS server, you may not see this option. Click Next to proceed to the next screen.
As we enabled the option to store zone in Active Directory on the previous step, now we have to select the replication scope. In this example we select to allow replication to all DNS server on the domain level of mustbegeek.com domain. You can adjust the selection according to your needs. Click Next to continue.
In this step we define the zone name. For our case we named it example.com.
In this screen we configure whether we want to allow dynamic update to happen on the DNS records stored in this zone or not. According to your needs, you can select any option presented here. In our case we choose to allow secure dynamic updates, which is the recommended option for Active Directory. Click Next to continue to the next screen.
Now in the final screen, we can click Finish to finally create the zone. You can always click Back button before finishing, in case you want to modify some configurations on any of the previous steps.
With this, we have successfully created the zone example.com.
You can also configure primary zone in Windows DNS Server by using PowerShell cmdlets. Run the command below on an elevated PowerShell window based on the type of zones you would like to create.
Command for forward lookup zone
Add-DnsServerPrimaryZone -Name ZONE_NAME -ReplicationScope SCOPE -DynamicUpdate UPDATE_TYPE
Command for reverse lookup zone
Add-DnsServerPrimaryZone -NetworkID NETWORK_ADDRESS -ReplicationScope SCOPE -DynamicUpdate UPDATE_TYPE
The only difference is that the usage of zone name and network address. You will replace ZONE_NAME with the name of the zone to create a forward lookup zone, such as mustbegeek.com or example.com. On the other command, you will replace NETWORK_ADDRESS with the subnet of the reverse lookup zone you want to create, such as 192.168.0.0/24.
In addition, you should replace the SCOPE with value either Forest, Domain, Legacy, or Custom. Also, replace the UPDATE_TYPE with None, Secure, or NonesecureAndSecure. These parameters will determine the replication scope and determine if the zone is going to allow dynamic records or not.
As example, here is how we use PowerShell to create the same zone example.com as in the previous section.
Of course, there are other parameters than the explained above that you can use to configure primary zone in Windows DNS Server by using PowerShell.
Working with Primary Zone in Windows DNS Server
Now that you know how to configure primary zone in Windows DNS Server, the next step is to learn how to manage it. In primary zone, you can create DNS records such as A record, PTR, CNAME, MX, and plenty of others. You can perform any configuration changes or record updates directly on the server where the primary zone resides. Also, if you enable Active Directory integration, you can have all the changes replicated to other DNS server to maintain consistency.
Hope that helps you understands about primary zone in Windows DNS Server.