Solved

understanding DNS

Posted on 2009-04-05
4
197 Views
Last Modified: 2012-05-06
1-What's the benefits of using stub zone over secondary zone?
-What the difference between creating a stub zone and making it AD integrated or just primary?
-If I created a stub zone, can I right-click and created host records in it just like any other zone?

2-what protocol or machanism that DNS uses to transfer primary to secondary zone, or AD Integrated to secondary zone, Does it use RPC, KCC,etc..?
3-Which scavenging setting will override, the one set up at the DNS server level or at the zone level?
4-what 's the difference between the DNS zone of the child domain created through the DC promo wizard and the DNS zone of the child domain created at the DNS server in the parent domain by right-clicking and selecting New Domain?
0
Comment
Question by:jskfan
  • 2
  • 2
4 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24075421

1. Stub is much lighter than a Secondary and is much more like a Conditional Forwarder than a Secondary Zone.

Advantages of a Stub Zone are:

 - Does not require permission to Transfer a zone
 - Is able to adapt if the Name Server records for a zone change

Disadvantages of a Stub Zone are:

 - Requires the servers listed in the NS records for the zone to answer the request

When comparing that to a Secondary zone, the server hosting the Secondary zone answers the request for the client directly. Secondary Zones allow for a much greater degree of fault tolerance.

2. It uses a Zone Transfer request on TCP Port 53. The operation is entirely within DNS, it doesn't touch on any external protocols or applications (such as RPC, or the KCC, etc).

The actual operation of Zone Transfers is discussed in RFC 1034, then again in  RFC 1995 which discusses Incremental Zone Transfers (changes only rather than entire zones):

http://www.ietf.org/rfc/rfc1034.txt
http://www.ietf.org/rfc/rfc1995.txt

3. You can set the Aging Defaults at the server level, however those are the defaults only. The Aging properties set on the zone itself take precedence over the server defaults.

4. There shouldn't be any difference at all. Both just create containers for the child domain to store data in DNS.

Chris
0
 

Author Comment

by:jskfan
ID: 24075587
1- so resolving request through stub zone is much more slower, because it needs to connect the servers in the NS tab.
can you right-click and created host records in it just like any other zone?
Does not require permission to Transfer a zone, what does that mean?



0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24075612

It can be, it depends how quickly the authoritative servers respond. Do bear in mind that responses from that system will be cached for the duration of the record TTL, so it may not be much of a reduction in speed.

> can you right-click and created host records in it just like any other zone?

No... Stub Zones only contain NS records. They should be read-only.

> Does not require permission to Transfer a zone, what does that mean?

To Transfer a Zone you must have explicit permission to perform the action on the Primary server. By default that isn't permitted.

Stub Zones only take the NS Records rather than the full zone so don't require that right (because we can easily query the NS records for a zone) making them a useful alternative to Conditional Forwarders.

Chris
0
 

Author Comment

by:jskfan
ID: 24075641
Thanks Chris for the clarification!
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question