When DNS zones are integrated with Active Directory, the data isn't stored in traditional text files but rather within the AD database itself. This integration occurs through a specialized directory partition specifically designed for DNS storage.
AD-integrated DNS stores information in two primary locations:
1. DomainDNSZones partition: Replicates to all DCs in the domain 2. ForestDNSZones partition: Replicates across the entire forest
Each DNS zone becomes a container object in AD with the following hierarchy:
DC=DomainDNSZones,DC=example,DC=com
CN=MicrosoftDNS
DC=yourzone.com (the DNS zone)
DC=@ (root node)
DC=www (host record)
DC=_tcp (service record)
To inspect DNS records using ADSIEdit:
1. Open ADSIEdit.msc 2. Connect to "DomainDNSZones" naming context 3. Navigate to CN=MicrosoftDNS 4. Explore zone containers and record objects
Here's how to query DNS records via PowerShell using ADSI:
$root = [ADSI]"LDAP://DC=DomainDNSZones,DC=example,DC=com"
$zone = $root.Children | Where-Object { $_.Name -eq "yourzone.com" }
$records = $zone.Children | Where-Object { $_.Name -eq "@" }
$records | Format-List *
Different DNS record types store data in distinct attributes:
A Records: dnsRecord attribute (binary format) MX Records: dnsRecord attribute with MX-specific encoding SRV Records: dnsRecord attribute with service location data
The dnsRecord attribute stores binary data that can be decoded:
$record = [ADSI]"LDAP://CN=www,CN=MicrosoftDNS,DC=DomainDNSZones,DC=example,DC=com" $bytes = $record.Properties["dnsRecord"].Value $ip = "$($bytes[12]).$($bytes[13]).$($bytes[14]).$($bytes[15])" Write-Host "IP Address: $ip"
When modifying DNS records programmatically, consider:
- Replication latency across domain controllers - Application partitions vs domain partitions - Security descriptors on DNS objects
Unlike traditional DNS that uses zone files (.dns), AD-integrated DNS stores its data directly in the Active Directory database. This implementation leverages Active Directory's multi-master replication capabilities while maintaining DNS-specific data structures within the LDAP schema.
All DNS data resides in the DomainDnsZones and ForestDnsZones application directory partitions. These partitions appear as CN (container) objects in the AD hierarchy:
DC=DomainDnsZones,DC=contoso,DC=com DC=ForestDnsZones,DC=contoso,DC=com
Each DNS zone becomes a dnsZone class object containing dnsNode objects for records. Here's the LDAP structure:
// Zone container
CN=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com
objectClass: dnsZone
// Host record example
CN=www,CN=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com
objectClass: dnsNode
dnsRecord: [binary data representing A record]
To view DNS records using ADSIEdit:
- Open
adsiedit.msc - Connect to "Configuration" naming context
- Navigate to
CN=MicrosoftDNS,DC=DomainDnsZones,DC=yourdomain,DC=com
Retrieve all DNS zones from AD:
Get-ADObject -SearchBase "DC=DomainDnsZones,DC=contoso,DC=com"
-Filter "objectClass -eq 'dnsZone'"
-Properties *
Query specific DNS records:
Get-ADObject -SearchBase "CN=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com"
-Filter "objectClass -eq 'dnsNode'"
-Properties dnsRecord
The dnsRecord attribute stores binary data in this structure:
typedef struct _DNS_RECORD {
DWORD dwFlags;
DWORD dwSerial;
DWORD dwTtlSeconds;
DWORD dwTimeStamp;
DWORD dwReserved;
[size_is(dwDataLength)] BYTE data[];
} DNS_RECORD;
AD uses these techniques for efficient DNS storage:
- Duplicate elimination for identical records
- Binary encoding compression
- Hierarchical namespace mapping to LDAP tree
DNS data replicates as part of normal AD replication, with these characteristics:
| Partition | Replication Scope |
|---|---|
| DomainDnsZones | All DCs in the domain |
| ForestDnsZones | All DCs in the forest |