Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS AD Integrated/Primary zone

Posted on 2009-04-19
14
Medium Priority
?
574 Views
Last Modified: 2012-05-06
I need some explanations about DNS zones:
1- if a Zone is AD Integrated , does that mean there is an AD domain with the same name or the answer is that it can be or it can't be are both correct answers?
2-I know that an AD Integrated zone in one DNS server can be an AD Integrated in another DNS server,it can be a secondary zone in another dns server, but I am not sure if it can be a primary zone in another DNS server, though I believe I have seen that.

Thanks


0
Comment
Question by:jskfan
  • 7
  • 5
  • 2
14 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24179646
>>  if a Zone is AD Integrated , does that mean there is an AD domain with the same name or the answer is that it can be or it can't be are both correct answers?

An Active Directory integrated zone is any zone which is stored in the Active Directory database, and is therefore automatically replicated between all DNS servers in the domain. An AD-integrated zone does not necessarily have to have a domain name in the forest; ANY DNS zone can be Active Directory-integrated.

>> I know that an AD Integrated zone in one DNS server can be an AD Integrated in another DNS server,it can be a secondary zone in another dns server, but I am not sure if it can be a primary zone in another DNS server, though I believe I have seen that.

An AD-integrated zone is just that - AD-integrated. It replicates between all the DNS servers in the domain/forest (depending on the topology), so to the best of my knowledge there is no primary/secondary concept.

-Matt
0
 

Author Comment

by:jskfan
ID: 24179923
so if I right-click on a Zone which is AD Integrated zone, and go to properties/Name servers tab.
All the servers there should be authiritative for this AD Integrated zone. Coorect?
in other words, if I open a DNS console on those servers I should see that zone as AD Integrated too???
0
 

Author Comment

by:jskfan
ID: 24179980
I still think you can create a primary or secondary zone from an existing AD Integrated zone
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 58

Expert Comment

by:tigermatt
ID: 24180152

The servers listed on the Name Servers tab of any DNS zone are the servers which will be authoritative for that zone. In cases of an AD-integrated zone, they are probably also the servers to which that zone is replicated.

You can convert an Active Directory-integrated zone back to a Primary/Secondary zone, but you wouldn't want to. That would then mean you need to play with things like zone transfers -- and it would be just another thing which will have to be configured with replication, and another thing to fail (which would have a huge impact on the network).

-Matt
0
 

Author Comment

by:jskfan
ID: 24180220
what I am seeing is a zone that when I see it from one DNS server it shows as AD Integrated zone, when I see it from the other DNS server it shows as Secondary.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24180229

Is it listed as AD-integrated on the second server?
Are both servers members of the same domain?

-Matt
0
 

Author Comment

by:jskfan
ID: 24180234
No each server is a member of different domain.
0
 

Author Comment

by:jskfan
ID: 24180262
so if a another DNS server from a different domain can hold a primary or a secondary zone which is an AD Integrated zone from another domain. Correct?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 1000 total points
ID: 24180307

Each server being part of a different domain could cause the behaviour you are seeing. Servers within the same domain will ALL automatically receive a copy of all AD-integrated zones without any additional work required.

Yes - servers from other domains can hold secondary zones of an AD-integrated zone. You can also trigger DNS zones to be replicated to all DNS servers in the forest, rather than all servers in the domain (the default).

-Matt
0
 

Author Comment

by:jskfan
ID: 24180360
<<<Yes - servers from other domains can hold secondary zones of an AD-integrated zone. >>>
Can hold primary zones of an AD-integrated zone too. correct?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24180384

Possibly. I'm not too sure myself.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1000 total points
ID: 24182453

> Can hold primary zones of an AD-integrated zone too. correct?

Only if they're within the same forest. Otherwise, no.

Or if it did it wouldn't be a synchronised copy of the AD Integrated Zone, it would be "Split Brain". That is, named the same but otherwise unrelated to the AD Integrated Zone.

Chris
0
 

Author Comment

by:jskfan
ID: 24193239
<<Only if they're within the same forest. Otherwise, no.>>

if they are in one domain if I have mycompany.com as ADIntegrated, an I create a primary or secondary zone named  COMP.com.Can  I replicate from ADInteg to the primary or secondary. OR do they have to have the same name?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24193318

A Secondary zone must have the same name as the Primary zone. You wouldn't be able to replicate the data to a zone of a different name within DNS, only by using Scripts and such outside of DNS.

For note, AD Integrated Zones are Primary Zones. Replicating them using AD allows us to have multiple Primary Servers. With the Standard Primary Zones you would only have one Primary and a number of Secondaries.

Chris
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question