Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS zone transfers between AD integrated and non-AD secondary servers

Posted on 2008-10-02
2
Medium Priority
?
1,617 Views
Last Modified: 2010-04-21
In our Active Directory forest, we have a number of AD integrated primary zones replicated to each DNS server in the forest. The 5 DNS servers in my domain are also domain controllers, running Server 2003. AD domain level is 2003 Native.

Another IT team manages the web farm and they maintain a handful of DNS servers in their network (all Linux based). I want to setup the Linux DNS servers as secondary servers, where they can pull a read only copy of 2 of the zones. These 2 zones do not have zone transfers currently enabled. One is AD integrated primary and the other is a secondary zone, pulling from a master zone in another external (trusted) domain (separate AD forest).

Question 1: Please confirm my theory that the Linux DNS servers should have no problem hosting a copy of the 2nd zone from my DNS servers, where this zone exists as a secondary, non-AD integrated zone.

Question 2: Since zone transfers are not currrently enabled for either zone, zone replication occurs naturally through AD replication for the first zone. For the second zone (secondary) there are no other DNS servers using it as a master server, so no need to allow zone transfers. When I enable zone transfers for the first AD zone, I intend to use "Allow Zone transfers" and "Only to the following servers" and then list ONLY the IPs of the Linux DNS servers. Question is, will AD replication of the DNS zone continue to occur for the AD integrated name servers (other DC's/DNS servers in the forest), or do I have to list their IPs in the Zone Transfer tab as well? And of course I plan to list the IPs of the Linux DNS servers on the Notify dialog box too.

Thanks for looking!
0
Comment
Question by:shmaxolin
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 400 total points
ID: 22625177

Question 1:

I can confirm that, done it before and it's not a problem provided that the BIND server in question supports Service Records (should if it's remotely modern).

Question 2:

Replication will continue regardless of the Zone Transfer settings you apply. The zone doesn't use DNS to replicate within AD.

No problem adding the Notify.

Chris
0
 
LVL 1

Author Closing Comment

by:shmaxolin
ID: 31502405
Thank you very much for the prompt response!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question