Solved

Secondary DNS Zone replicating from Active Directory Integrated Zones

Posted on 2009-05-12
3
432 Views
Last Modified: 2012-05-06
I'm about to take an exam which covers DNS in Server 2008 and although I understand most of the subject as presented in a book I'm reading I have a few quick questions.

Across two child domains in the same forest it is possible for the DNS server in each domain to have a *Secondary* AD zone created that replicates from a Primary AD Integrated Zone in the trusted domain - is that statement true? Does it still use the Zone Transfers tab?

A Stub Zone will cache results but will it ever answer queries from its cache?

In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

Thanks

AdoBeebo
0
Comment
Question by:AdoBeebo
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24368134

> is that statement true?

Yes, although the Secondary Zone is not stored in Active Directory.

> Does it still use the Zone Transfers tab?

Yes, no replication can occur with a trusted domain (external to the forest) so it must use Zone Transfers.

> A Stub Zone will cache results but will it ever answer queries from its cache?

Yep. No point in caching if the cache can't be used :)

> In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones
> that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

The NS records state who is responsible for a particular zone. Glue helps you find the servers the NS records point to.

For example, you might have these in a stub zone:

bobsdomain.com.  IN NS  ns1.bobsdomain.com.
bobsdomain.com.  IN NS  ns1.otherdomain.com.

The Glue helps you find those two name servers by placing these records within the zone:

ns1.bobsdomain.com.  IN A  1.2.3.4
ns1.otherdomain.com.  IN A 1.2.3.5

Note that the two name servers do not have to be within the same domain, the glue is still present even though it is for a server that doesn't live in the same domain. Glue ships along with NS records to prevent circular lookups which can cause deadlock.

Chris
0
 
LVL 3

Author Closing Comment

by:AdoBeebo
ID: 31580644
wicked thanks, 70-642 here I come :)
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24368997

Good luck :)

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now