Solved

DNS zone transfers between AD integrated and non-AD secondary servers

Posted on 2008-10-02
2
1,577 Views
Last Modified: 2010-04-21
In our Active Directory forest, we have a number of AD integrated primary zones replicated to each DNS server in the forest. The 5 DNS servers in my domain are also domain controllers, running Server 2003. AD domain level is 2003 Native.

Another IT team manages the web farm and they maintain a handful of DNS servers in their network (all Linux based). I want to setup the Linux DNS servers as secondary servers, where they can pull a read only copy of 2 of the zones. These 2 zones do not have zone transfers currently enabled. One is AD integrated primary and the other is a secondary zone, pulling from a master zone in another external (trusted) domain (separate AD forest).

Question 1: Please confirm my theory that the Linux DNS servers should have no problem hosting a copy of the 2nd zone from my DNS servers, where this zone exists as a secondary, non-AD integrated zone.

Question 2: Since zone transfers are not currrently enabled for either zone, zone replication occurs naturally through AD replication for the first zone. For the second zone (secondary) there are no other DNS servers using it as a master server, so no need to allow zone transfers. When I enable zone transfers for the first AD zone, I intend to use "Allow Zone transfers" and "Only to the following servers" and then list ONLY the IPs of the Linux DNS servers. Question is, will AD replication of the DNS zone continue to occur for the AD integrated name servers (other DC's/DNS servers in the forest), or do I have to list their IPs in the Zone Transfer tab as well? And of course I plan to list the IPs of the Linux DNS servers on the Notify dialog box too.

Thanks for looking!
0
Comment
Question by:shmaxolin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 100 total points
ID: 22625177

Question 1:

I can confirm that, done it before and it's not a problem provided that the BIND server in question supports Service Records (should if it's remotely modern).

Question 2:

Replication will continue regardless of the Zone Transfer settings you apply. The zone doesn't use DNS to replicate within AD.

No problem adding the Notify.

Chris
0
 
LVL 1

Author Closing Comment

by:shmaxolin
ID: 31502405
Thank you very much for the prompt response!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question