PHWinfo - Afficher un message - Active Directory Integrated zones questions

16/07/2006, 16h07

Tom wrote:
> Kevin, many thanks. I still am a bit confused on the matters of
> replication scope and the name servers tab, at least from a practical
> standpoint. Consider this scenario:
>
> Two domains (domainA - parent, domainB - child) each with
> "domain-wide DNS server replication scope". No forwarders to the
> other domain and no stub zones for the other domain in each domain
> respectively. So, if on the name servers tab of the local name
> servers in each domain one were to add the names/ip address of DNS
> servers in the other domain, which because of the "domain-wide
> replication scope" each domain would not have a full copy of the
> other domains zone, this would have what effect?

> Based on our
> question/answer session I say none. Is even possible to add a name
> server to the zones name server tab that does not actually have a
> full copy of the zone?

It is possible to add an NS record for a DNS server that does not have the
full zone. However, if that server has a Stub zone, you could end up with
unexpected results, I can tell you that if the zone has an NS record for a
particular DNS, and you attempt to add a stub zone for the domain to the
server listed in the NS record, the stub will not load.

>
> If there were full copies of each domains zone in the other domain
> when both domains use "domain-wide" replication scope it is possible
> that each domain holds a non-AD Integrated copy of the other domains
> zone that was transferred using a "zone transfer" (from the AD
> Integrated "primary" to the standard "secondary")?

Zone transfer tab has nothing to do with AD replication, and you cannot have
a standard zone of any type and an AD zone for the same name on a DNS
server.
So if the zone is in AD, don't add the zone (for any type) on another DC
within the AD zone's replication scope. There are no, ifs, ands, buts or
exceptions to this rule, one DNS server can only load one zone for a name.
The Best thing to do is to make a plan and stick to it. A Secondary zone for
a Primary of any type (ADI or Standard) that is dynamic is not the best
plan, you'll get continual zone transfers causing 3000 and 9999 events. If
its a Standard Primary Dynamic zone you'll get continual 3150 leading to
3000 and 9999 events.

If this could be
> the case, then these name servers holding "secondary" copies of the
> zone should be listed in the Name Servers tab in the other domain too?

Secondary zones should have NS records for themselves.

You asked about Stub zones, which have only the NS records for the
Authoritative servers with the Full zone.
This has nothing to do with the Replication scope for zones stored in Active
Directory. While Active Directory integrated Primary (aka Master or
Multi-Master) will usually have an NS record for all Domain Controllers they
are on Stub zones do not have NS records for the server they exist on
anywhere, they have only NS records for the Authoritative servers.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

16/07/2006, 16h07	#6
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Active Directory Integrated zones questions Tom wrote: > Kevin, many thanks. I still am a bit confused on the matters of > replication scope and the name servers tab, at least from a practical > standpoint. Consider this scenario: > > Two domains (domainA - parent, domainB - child) each with > "domain-wide DNS server replication scope". No forwarders to the > other domain and no stub zones for the other domain in each domain > respectively. So, if on the name servers tab of the local name > servers in each domain one were to add the names/ip address of DNS > servers in the other domain, which because of the "domain-wide > replication scope" each domain would not have a full copy of the > other domains zone, this would have what effect? > Based on our > question/answer session I say none. Is even possible to add a name > server to the zones name server tab that does not actually have a > full copy of the zone? It is possible to add an NS record for a DNS server that does not have the full zone. However, if that server has a Stub zone, you could end up with unexpected results, I can tell you that if the zone has an NS record for a particular DNS, and you attempt to add a stub zone for the domain to the server listed in the NS record, the stub will not load. > > If there were full copies of each domains zone in the other domain > when both domains use "domain-wide" replication scope it is possible > that each domain holds a non-AD Integrated copy of the other domains > zone that was transferred using a "zone transfer" (from the AD > Integrated "primary" to the standard "secondary")? Zone transfer tab has nothing to do with AD replication, and you cannot have a standard zone of any type and an AD zone for the same name on a DNS server. So if the zone is in AD, don't add the zone (for any type) on another DC within the AD zone's replication scope. There are no, ifs, ands, buts or exceptions to this rule, one DNS server can only load one zone for a name. The Best thing to do is to make a plan and stick to it. A Secondary zone for a Primary of any type (ADI or Standard) that is dynamic is not the best plan, you'll get continual zone transfers causing 3000 and 9999 events. If its a Standard Primary Dynamic zone you'll get continual 3150 leading to 3000 and 9999 events. If this could be > the case, then these name servers holding "secondary" copies of the > zone should be listed in the Name Servers tab in the other domain too? Secondary zones should have NS records for themselves. You asked about Stub zones, which have only the NS records for the Authoritative servers with the Full zone. This has nothing to do with the Replication scope for zones stored in Active Directory. While Active Directory integrated Primary (aka Master or Multi-Master) will usually have an NS record for all Domain Controllers they are on Stub zones do not have NS records for the server they exist on anywhere, they have only NS records for the Authoritative servers. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ https://secure.lsaol.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================