Creating a Pinpoint DNS Zone


I saw an interesting question floating around a discussion alias earlier today–how to return different IP addresses for the same hostname from different DNS servers for users that are in different regions (for example, have DNS servers on the east coast return “1.2.3.4” for my.domain.com and DNS servers on the west coast return “5.6.7.8” for same name–the trick being that domain.com is an internal Active Directory DNS zone).  The usual suspects for answers crop up–global DNS load balancers, host files, but today we’re going to look at pinpoint zones as a solution to this problem.

What is a pinpoint zone, you ask?  Think about it like Split-Brain DNS, only on a micro-level.

With pinpoint DNS, you are creating a primary DNS zone in your namespace for the purposes of controlling replication traffic and delivery to only people who are using that DNS server.  The solution is both elegant and old-school–hearkening back to the days before AD DNS (yes, I’m well aware the ISC BIND is alive and well) and the concepts of primary/master and secondary/slave zones (concepts which may be foreign to Active Directory admins).

In a nutshell, we are creating a Standard/Primary DNS zone named the same as the hostname you want to answer for (in this case, my.domaincom) with a single host and then choosing which DNS servers will receive a replica of this zone.  The zone will have a single A record for @, which will resolve to 1.2.3.4 for our east coast users and 5.6.7.8 for our west coast users.

Configure First Primary DNS Server

  1. Launch the DNS Management Console and connect to your primary DNS server.
  2. Right-click Forward Lookup Zones and select New Zone.
  3. On the New Zone Wizard page, click Next.
  4. Ensure that the radio button Primary Zone is selected (it is selected default).
  5. If the DNS server is also a Domain Controller, the Store the zone in Active Directory checkbox will be selected by default. CLEAR IT and click Next.
  6. In the Zone name text box, enter the FQDN of the new zone (in our example, my.domain.com, and click Next).
  7. The radio button Create a new file with this file name is selected by default. Click Next.
  8. The radio button Do not allow dynamic updates is selected by default. Click Next.
  9. Click Finish.
  10. Expand Forward Lookup Zones and select your newly created zone (my.domain.com is what we are configuring).
  11. Right-click on the new zone (my.domain.com) and select Properties.
  12. Select the Zone Transfers tab.
  13. The Allow zone transfers checkbox is selected by default. Select the Only to the following servers radio button.
  14. Click Edit.
  15. In the Allow Zone Transfers dialog box, click the blank line that says <Click here to add an IP Address or DNS name> and enter the addresses (one per line) for the additional DNS servers you want to host this zone.
  16. Click OK when done to close the Allow Zone Transfers dialog box.
  17. Click OK to close the DNS zone properties dialog box.
  18. Right-click on the new zone (my.domain.com) and select New  Host (A or AAAA)…
  19. In the New Host dialog box, leave the Name field blank (the record will be created with an “@”, meaning it answers for the name of the zone that it’s in).
  20. In the New Host dialog box, enter the IP address for this host (1.2.3.4, in our example) and click the Add Host button.

Configure First Secondary DNS Server

  1. Launch the DNS Management Console and connect to your secondary DNS server.
  2. Right-click Forward Lookup Zones and select New Zone.
  3. On the New Zone Wizard page, click Next.
  4. Select the radio button for Secondary Zone and click Next.
  5. In the Zone name text fox, enter the FQDN of the zone you created in step 6 above and click Next.
  6. On the Master DNS Servers page, enter the IP address of the Primary DNS Server (the server used in Step 1 under “Configure Primary DNS Server”) and press Enter.
  7. Click Next.
  8. Click Finish.
  9. Repeat for each additional secondary DNS server to configure.

Configure Second Primary DNS Server

  1. Follow steps 1-19 outlined for the first Primary DNS server.
  2. Replace the IP address in step 20 with the IP address of the second host you want to use (in our example, 5.6.7.8).

Configure Second Secondary DNS Server

  1. Follow steps 1-5 outlined for the first Secondary DNS server.
  2. Replace the IP address in step 6  with the IP address used for the second Primary DNS server.
  3. Complete steps 7-9.

If you have a lot of secondary DNS servers to configure, I’ve put together a script, available on the TechNet Gallery.  In the same screenshot below, I added three hosts as potential secondary DNS servers (a DC in my own forest, a DC in a different forest, and an invalid host).  As you can see, 5.4.3.2 was found to be invalid and excluded from configuration, and the DC in a different forest returned an error (Permission Denied).

new-pinpointdnszone

 

Comments (4)

  1. P_rashant says:

    Thanks, it’s really nice article.
    Can we configure multiple DNS alternate Zone.

    Thanks

    1. What do you mean “multiple DNS alternate Zone”? If you’re talking about creating multiple pinpoint zones in your environment, yes. Since they’re really just single-host Standard Primary/Secondary zones, you can have as many different ones as you have servers (but I’d be cautious, since it becomes difficult to troubleshoot if you have too many different configurations).

  2. Thanks
    i used that before
    its very cool “Trick”

Skip to main content