PHWinfo - Afficher un message - Non authoritative domain on Windows Server 2003

01/11/2006, 14h31

Inline
> If I create a primary zone with one record for each server pointing to the
> private IP address, will my DNS announce itself as authoritative to other
> DNSs in Internet for this public domain?
No it won't because the server only servs internal requests.
Note: I only stated the Primary zone as an option, however there're many
ways to do this, you can configure conditional forwarding, stub zones,
etc...
- Forwarding: DNS server will forward any query it can't answer, Checks zone
data and cache then forwards. ("All other Domains" option - pointing to TLD
DNS Servers) all queries will go to tld DNS server (including Internet
resolution queries), if the link with tld is down then queries will fail for
domains but the DNS server will attempt to use its root hints to resolve the
these queries (unless you select the option don't use recursion for this
domain- this can represent security problems because the DNS goes to public
network trying to resolve all queries that isn't authoritative for).
-Please note, only a failure to respond will cause the DNS client to switch
Preferred DNS servers; receiving an authoritative but incorrect response
does not cause the DNS client to try another server. As a result,
configuring a Domain Controller with itself and another DNS server as
Preferred and Alternate servers s to ensure that a response is received,
but it does not guarantee accuracy of that response. DNS record update
failures on either of the servers may result in an inconsistent name
resolution experience
- Conditional Forwarding: you can have better control by defining which DNS
servers will the server contact for zones that the server isn't
authoritative for, and if the link is down to any particular domain/site,
that doesn't mean that other queries will fail as long as you have the link
up to these domains/sites. Each domain name used for forwarding associated
with a forwarders list, Checks zone data and cache for answer, then uses
forwarders list to resolve, DNS server compares queried name to list of
domain name conditions
- Stub zones: Stub zones contain a read-only copy with specific records
(SOA, NS and related A) the big advantage of stub zones is that they'll
refresh automatically, a server hosting stub zone contacts zone master for
zone transfer, A master server may be a primary or secondary server for
actual zone, you don't need to allow zone transfer for stub zones to work
(Careful- Stub zones do not remove the requirement for delegations, Stub
zone data doesn't transfer during zone transfers like delegation information
does, Can be dangerous to use instead of delegation, If parent zone is
transferred without delegation information, how will server find child
zones?). Typically contiguous namespaces will not benefit using stub zones,
only disjoint namespaces may benefit using stub zones.
- Secondary Zones: also contains a Read-Only copy of the zone, all queries
can be resolved locally, but you need to allow zone transfer on each zone.
- Active Directory Integrated Zones (require that the DNS is also a DC),
the zone is replicated with AD replication, is better from security
perspective, you can always choose by replicate them across the domain or
forest. This can have a significant impact on your replication traffic if
you choose to replicate all zones across the forest.
The _msdcs.domain.tld contain information about Global catalog and other
domain/forest important records and they only exist in parent (root) DNS
server, so is always a good practice to replicate the root
_msdcs.domain.tld across the forest.

--
I hope that the information above s you
Good Luck

Jorge Silva
MCSA
Systems Administrator

"Chino" <chino75@fastwebnet.it> wrote in message
news:ei7mka$62k$1@newsread.albacom.net...
>> Hi
>> If I understand you correctly you want that your internal DNS server
>> resolve your public domain to the private IPAddress, correct?
>> If yes all you have to do is to create an
>> Primary Zone, and create the records that point to the private internal
>> Ip address of your Domain.
>
> Yes, this is what I want to do.
> If I create a primary zone with one record for each server pointing to the
> private IP address, will my DNS announce itself as authoritative to other
> DNSs in Internet for this public domain?
> I don't want to do that, because the public domain is owned by our
> provider and it must remain the same.
> Please confirm, and thank you very much!
>

01/11/2006, 14h31	#9
Jorge Silva Messages: n/a Hébergeur:	Re: Non authoritative domain on Windows Server 2003 Inline > If I create a primary zone with one record for each server pointing to the > private IP address, will my DNS announce itself as authoritative to other > DNSs in Internet for this public domain? No it won't because the server only servs internal requests. Note: I only stated the Primary zone as an option, however there're many ways to do this, you can configure conditional forwarding, stub zones, etc... - Forwarding: DNS server will forward any query it can't answer, Checks zone data and cache then forwards. ("All other Domains" option - pointing to TLD DNS Servers) all queries will go to tld DNS server (including Internet resolution queries), if the link with tld is down then queries will fail for domains but the DNS server will attempt to use its root hints to resolve the these queries (unless you select the option don't use recursion for this domain- this can represent security problems because the DNS goes to public network trying to resolve all queries that isn't authoritative for). -Please note, only a failure to respond will cause the DNS client to switch Preferred DNS servers; receiving an authoritative but incorrect response does not cause the DNS client to try another server. As a result, configuring a Domain Controller with itself and another DNS server as Preferred and Alternate servers s to ensure that a response is received, but it does not guarantee accuracy of that response. DNS record update failures on either of the servers may result in an inconsistent name resolution experience - Conditional Forwarding: you can have better control by defining which DNS servers will the server contact for zones that the server isn't authoritative for, and if the link is down to any particular domain/site, that doesn't mean that other queries will fail as long as you have the link up to these domains/sites. Each domain name used for forwarding associated with a forwarders list, Checks zone data and cache for answer, then uses forwarders list to resolve, DNS server compares queried name to list of domain name conditions - Stub zones: Stub zones contain a read-only copy with specific records (SOA, NS and related A) the big advantage of stub zones is that they'll refresh automatically, a server hosting stub zone contacts zone master for zone transfer, A master server may be a primary or secondary server for actual zone, you don't need to allow zone transfer for stub zones to work (Careful- Stub zones do not remove the requirement for delegations, Stub zone data doesn't transfer during zone transfers like delegation information does, Can be dangerous to use instead of delegation, If parent zone is transferred without delegation information, how will server find child zones?). Typically contiguous namespaces will not benefit using stub zones, only disjoint namespaces may benefit using stub zones. - Secondary Zones: also contains a Read-Only copy of the zone, all queries can be resolved locally, but you need to allow zone transfer on each zone. - Active Directory Integrated Zones (require that the DNS is also a DC), the zone is replicated with AD replication, is better from security perspective, you can always choose by replicate them across the domain or forest. This can have a significant impact on your replication traffic if you choose to replicate all zones across the forest. The _msdcs.domain.tld contain information about Global catalog and other domain/forest important records and they only exist in parent (root) DNS server, so is always a good practice to replicate the root _msdcs.domain.tld across the forest. -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Chino" <chino75@fastwebnet.it> wrote in message news:ei7mka$62k$1@newsread.albacom.net... >> Hi >> If I understand you correctly you want that your internal DNS server >> resolve your public domain to the private IPAddress, correct? >> If yes all you have to do is to create an >> Primary Zone, and create the records that point to the private internal >> Ip address of your Domain. > > Yes, this is what I want to do. > If I create a primary zone with one record for each server pointing to the > private IP address, will my DNS announce itself as authoritative to other > DNSs in Internet for this public domain? > I don't want to do that, because the public domain is owned by our > provider and it must remain the same. > Please confirm, and thank you very much! >