DNS Delegation Zone

Is there any difference  between creating a zone delegation through a wizard or just right click on the zone create a New Domain  and add NS Record that point to the zone that clients need to query.
what's the differeence between Zone Delegation and Stub Zone?

Thanks
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bluntTonyHead of ICTCommented:
Use the wizard to create a delegation. You do not only need an NS record pointing to the DNS name of the name server for the delegated zone, but you also need a 'Glue' A record which gives the IP address of that server. Otherwise you're in a catch 22 where you know the DNS name of the server to query for that zone, but before you can contact that server you need to query it for it's own IP address. When you use the Delegatiobn Wizard, it creates this Glue A record from the information you give, but it is not visible in the console as a record.
A delegation and a stub zone basically serve the same purpose, only a stub zone can be integrated into AD, and will be periodically updated with the information about the names servers for the zone in question. If you create a delegation, and the name servers in that zone change, you have to manually update your delegation. When you use a stub zone, the information about the changes is updated in the stub zone automatically.
0
jskfanAuthor Commented:
so both delegation and stub zone, are pointers to the DNS server that can answer queries for a certain zone.
Does not sound this like forwarder...?
Sorry there are many DNS terms that act similarly and it's hard to tell which is different fron which
0
Chris DentPowerShell DeveloperCommented:

Delegations can only be created from a parent zone, so you must own the parent. Delegation is the correct way to hand off responsibility for a sub-domain to a different set of servers.

Stub Zone and Conditional Forwarder are very similar, I would say that isn't quite true of the Delegation (because of the parent zone requirement).

All 3 of these are about saying a domain / zone is hosted elsewhere. Just different methods to achieve that.

For example...

Delegation - A zone called domain.com on one set of servers can delegate sub.domain.com to another set. The Delegation contains NS Records and Glue for the sub.domain.com zone. If the parent zone is stored in AD then so is the delegation.

Stub Zones - Dynamically update NS Records, very useful where you can reach the Name Servers by the IP addresses of the hosts in the NS Records. I have bumped into situations where this isn't the case (internal networking vs external networking), Stub Zones fail here. For AD, Stub Zones can be DS Integrated.

Conditional Forwarders - A static list of servers to forward the request to. Does not have to look anything like the servers listed in the NS Record. As with the others, this can be AD Integrated.

Chris
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

jskfanAuthor Commented:
-Delegation: it creates an NS Record, but no A rocord  or at least not visible.
In this case it should be the same as right click on the parent zone create a New Domain  and add NS Record that point to the server authoritative for the sub-zone. Correct? Or would you say that doing so, would not enable the computers from the parnet zone to see the records in the sub-zone?
-Stub zone: the A record for the server in NS tab is created and visible, it updates automatically the NS record.  I noticed the icon of the Stub zone, looks like if I remember like a secondary zone icon.
is there a way to tell this is a stub zone just by looking at the icon?

-Forwarding zone: I believe it can serve the same purpose as of Delegation or stub (but manual update if changes happen)I thing it's used mostly  for caching. correct?

0
Chris DentPowerShell DeveloperCommented:

> -Delegation: it creates an NS Record, but no A rocord  or at least not visible.

It's not visible. You can see whether or not it exists by opening up the properties for the delegation and checking the name servers. If the IP lists with a * then it's resolved, and no A record is present in the zone (this is Glue).

> In this case it should be the same as right click on the parent zone create a New Domain  

Correct.

>  I noticed the icon of the Stub zone

They're all the same for me. The only place it differs is in the Type column.

> Forwarding zone:

If the server is acting as a resolver (clients use it to resolve names) then names from all of the above methods will be cached.

Chris
0
jskfanAuthor Commented:
<<It's not visible. You can see whether or not it exists by opening up the properties for the delegation and checking the name servers. If the IP lists with a * then it's resolved, and no A record is present in the zone (this is Glue).>>

There is an IP but don't see the a*

<<They're all the same for me. The only place it differs is in the Type column.>>
what should it say in the type for the stub zone?

0
Chris DentPowerShell DeveloperCommented:

> There is an IP but don't see the a*

This means no Glue:

[192.168.1.1*]

And this means there is Glue:

[192.168.1.1]

So if you don't have a * then you have the A record in the zone (even if you don't see it in the display).

> what should it say in the type for the stub zone?

Stub :) Or "Active Directory-Integrated Stub" if you set it to store in AD.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.