Solved

Secondary DNS Zone replicating from Active Directory Integrated Zones

Posted on 2009-05-12
3
427 Views
Last Modified: 2012-05-06
I'm about to take an exam which covers DNS in Server 2008 and although I understand most of the subject as presented in a book I'm reading I have a few quick questions.

Across two child domains in the same forest it is possible for the DNS server in each domain to have a *Secondary* AD zone created that replicates from a Primary AD Integrated Zone in the trusted domain - is that statement true? Does it still use the Zone Transfers tab?

A Stub Zone will cache results but will it ever answer queries from its cache?

In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

Thanks

AdoBeebo
0
Comment
Question by:AdoBeebo
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

> is that statement true?

Yes, although the Secondary Zone is not stored in Active Directory.

> Does it still use the Zone Transfers tab?

Yes, no replication can occur with a trusted domain (external to the forest) so it must use Zone Transfers.

> A Stub Zone will cache results but will it ever answer queries from its cache?

Yep. No point in caching if the cache can't be used :)

> In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones
> that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

The NS records state who is responsible for a particular zone. Glue helps you find the servers the NS records point to.

For example, you might have these in a stub zone:

bobsdomain.com.  IN NS  ns1.bobsdomain.com.
bobsdomain.com.  IN NS  ns1.otherdomain.com.

The Glue helps you find those two name servers by placing these records within the zone:

ns1.bobsdomain.com.  IN A  1.2.3.4
ns1.otherdomain.com.  IN A 1.2.3.5

Note that the two name servers do not have to be within the same domain, the glue is still present even though it is for a server that doesn't live in the same domain. Glue ships along with NS records to prevent circular lookups which can cause deadlock.

Chris
0
 
LVL 3

Author Closing Comment

by:AdoBeebo
Comment Utility
wicked thanks, 70-642 here I come :)
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Good luck :)

Chris
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now