[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 474
  • Last Modified:

Secondary DNS Zone replicating from Active Directory Integrated Zones

I'm about to take an exam which covers DNS in Server 2008 and although I understand most of the subject as presented in a book I'm reading I have a few quick questions.

Across two child domains in the same forest it is possible for the DNS server in each domain to have a *Secondary* AD zone created that replicates from a Primary AD Integrated Zone in the trusted domain - is that statement true? Does it still use the Zone Transfers tab?

A Stub Zone will cache results but will it ever answer queries from its cache?

In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

Thanks

AdoBeebo
0
AdoBeebo
Asked:
AdoBeebo
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

> is that statement true?

Yes, although the Secondary Zone is not stored in Active Directory.

> Does it still use the Zone Transfers tab?

Yes, no replication can occur with a trusted domain (external to the forest) so it must use Zone Transfers.

> A Stub Zone will cache results but will it ever answer queries from its cache?

Yep. No point in caching if the cache can't be used :)

> In Stub Zones is the glue A record present to allow Stub Zones to find the name server in zones
> that it is querying a name for? If so, what's wrong with the NS record for the zone, or have I misunderstood?

The NS records state who is responsible for a particular zone. Glue helps you find the servers the NS records point to.

For example, you might have these in a stub zone:

bobsdomain.com.  IN NS  ns1.bobsdomain.com.
bobsdomain.com.  IN NS  ns1.otherdomain.com.

The Glue helps you find those two name servers by placing these records within the zone:

ns1.bobsdomain.com.  IN A  1.2.3.4
ns1.otherdomain.com.  IN A 1.2.3.5

Note that the two name servers do not have to be within the same domain, the glue is still present even though it is for a server that doesn't live in the same domain. Glue ships along with NS records to prevent circular lookups which can cause deadlock.

Chris
0
 
AdoBeeboAuthor Commented:
wicked thanks, 70-642 here I come :)
0
 
Chris DentPowerShell DeveloperCommented:

Good luck :)

Chris
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now