DNS zone transfers between AD integrated and non-AD secondary servers
Posted on 2008-10-02
In our Active Directory forest, we have a number of AD integrated primary zones replicated to each DNS server in the forest. The 5 DNS servers in my domain are also domain controllers, running Server 2003. AD domain level is 2003 Native.
Another IT team manages the web farm and they maintain a handful of DNS servers in their network (all Linux based). I want to setup the Linux DNS servers as secondary servers, where they can pull a read only copy of 2 of the zones. These 2 zones do not have zone transfers currently enabled. One is AD integrated primary and the other is a secondary zone, pulling from a master zone in another external (trusted) domain (separate AD forest).
Question 1: Please confirm my theory that the Linux DNS servers should have no problem hosting a copy of the 2nd zone from my DNS servers, where this zone exists as a secondary, non-AD integrated zone.
Question 2: Since zone transfers are not currrently enabled for either zone, zone replication occurs naturally through AD replication for the first zone. For the second zone (secondary) there are no other DNS servers using it as a master server, so no need to allow zone transfers. When I enable zone transfers for the first AD zone, I intend to use "Allow Zone transfers" and "Only to the following servers" and then list ONLY the IPs of the Linux DNS servers. Question is, will AD replication of the DNS zone continue to occur for the AD integrated name servers (other DC's/DNS servers in the forest), or do I have to list their IPs in the Zone Transfer tab as well? And of course I plan to list the IPs of the Linux DNS servers on the Notify dialog box too.
Thanks for looking!