Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS zone transfers between AD integrated and non-AD secondary servers

Posted on 2008-10-02
2
Medium Priority
?
1,629 Views
Last Modified: 2010-04-21
In our Active Directory forest, we have a number of AD integrated primary zones replicated to each DNS server in the forest. The 5 DNS servers in my domain are also domain controllers, running Server 2003. AD domain level is 2003 Native.

Another IT team manages the web farm and they maintain a handful of DNS servers in their network (all Linux based). I want to setup the Linux DNS servers as secondary servers, where they can pull a read only copy of 2 of the zones. These 2 zones do not have zone transfers currently enabled. One is AD integrated primary and the other is a secondary zone, pulling from a master zone in another external (trusted) domain (separate AD forest).

Question 1: Please confirm my theory that the Linux DNS servers should have no problem hosting a copy of the 2nd zone from my DNS servers, where this zone exists as a secondary, non-AD integrated zone.

Question 2: Since zone transfers are not currrently enabled for either zone, zone replication occurs naturally through AD replication for the first zone. For the second zone (secondary) there are no other DNS servers using it as a master server, so no need to allow zone transfers. When I enable zone transfers for the first AD zone, I intend to use "Allow Zone transfers" and "Only to the following servers" and then list ONLY the IPs of the Linux DNS servers. Question is, will AD replication of the DNS zone continue to occur for the AD integrated name servers (other DC's/DNS servers in the forest), or do I have to list their IPs in the Zone Transfer tab as well? And of course I plan to list the IPs of the Linux DNS servers on the Notify dialog box too.

Thanks for looking!
0
Comment
Question by:shmaxolin
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 400 total points
ID: 22625177

Question 1:

I can confirm that, done it before and it's not a problem provided that the BIND server in question supports Service Records (should if it's remotely modern).

Question 2:

Replication will continue regardless of the Zone Transfer settings you apply. The zone doesn't use DNS to replicate within AD.

No problem adding the Notify.

Chris
0
 
LVL 1

Author Closing Comment

by:shmaxolin
ID: 31502405
Thank you very much for the prompt response!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question