Solved

DNS zone transfers between AD integrated and non-AD secondary servers

Posted on 2008-10-02
2
1,528 Views
Last Modified: 2010-04-21
In our Active Directory forest, we have a number of AD integrated primary zones replicated to each DNS server in the forest. The 5 DNS servers in my domain are also domain controllers, running Server 2003. AD domain level is 2003 Native.

Another IT team manages the web farm and they maintain a handful of DNS servers in their network (all Linux based). I want to setup the Linux DNS servers as secondary servers, where they can pull a read only copy of 2 of the zones. These 2 zones do not have zone transfers currently enabled. One is AD integrated primary and the other is a secondary zone, pulling from a master zone in another external (trusted) domain (separate AD forest).

Question 1: Please confirm my theory that the Linux DNS servers should have no problem hosting a copy of the 2nd zone from my DNS servers, where this zone exists as a secondary, non-AD integrated zone.

Question 2: Since zone transfers are not currrently enabled for either zone, zone replication occurs naturally through AD replication for the first zone. For the second zone (secondary) there are no other DNS servers using it as a master server, so no need to allow zone transfers. When I enable zone transfers for the first AD zone, I intend to use "Allow Zone transfers" and "Only to the following servers" and then list ONLY the IPs of the Linux DNS servers. Question is, will AD replication of the DNS zone continue to occur for the AD integrated name servers (other DC's/DNS servers in the forest), or do I have to list their IPs in the Zone Transfer tab as well? And of course I plan to list the IPs of the Linux DNS servers on the Notify dialog box too.

Thanks for looking!
0
Comment
Question by:shmaxolin
2 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 100 total points
Comment Utility

Question 1:

I can confirm that, done it before and it's not a problem provided that the BIND server in question supports Service Records (should if it's remotely modern).

Question 2:

Replication will continue regardless of the Zone Transfer settings you apply. The zone doesn't use DNS to replicate within AD.

No problem adding the Notify.

Chris
0
 
LVL 1

Author Closing Comment

by:shmaxolin
Comment Utility
Thank you very much for the prompt response!
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Script for Password Expire Notifications 7 61
Public DNS 2 28
Folder NTFS Permissions 14 66
Active Directory screwed 9 28
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now