Information Technology Reference
In-Depth Information
The records in a stub zone, like other Active Directory-integrated zones and secondary zones,
are updated regularly through Active Directory replication and zone transfers. Reasons for using
stub zones include the following:
•
Maintenance of zone delegation information
—If changes are made to addresses of the
name servers hosting a delegated zone, the NS records on the parent DNS server must be
updated manually. If a stub zone is created for the delegated zone on the parent DNS
server, the NS records are updated automatically. The use of a stub zone effectively elimi-
nates manual maintenance of the delegated zone's NS records.
•
In lieu of conditional forwarders
—If changes are made to addresses of domain name
servers that are conditionally forwarded, the IP addresses for the conditional forwarder
records must be changed manually. If a stub zone is created instead of using a conditional
forwarder, the NS records in the stub zone are updated automatically. In addition, because
stub zones can be Active Directory integrated, creating them on all DNS servers isn't nec-
essary, as it is with conditional forwarders.
•
Faster recursive queries
—When a DNS server receives a query for a resource record in the
stub zone, it can perform a recursive query by using the stub zone's NS records rather than
accessing a root server.
•
Distribution of zone information
—When a network consists of many zones, distribution
of those zones is necessary to make the entire DNS namespace accessible throughout the
network. Typically, this distribution requires secondary zones or Active Directory-integrated
zones. Stub zones can be used strategically to reduce the number of secondary zones or full
Active Directory-integrated zones; reducing the number of these zones cuts down network
traffic caused by zone transfers and replication.
9
A
zone transfer
copies all or part of a zone from one DNS server to another and occurs as a result
of a secondary server requesting the transfer from another server. The server requesting the zone
transfer is sometimes called the slave, and the server providing the zone information is sometimes
called the master. The master server can host a primary or secondary zone, but the slave server
always hosts a secondary zone. Although Active Directory-integrated zones use Active Directory
replication to transfer zone information, you can configure standard zone transfers if the target
is a standard secondary zone. Zone transfers can be initiated in two ways:
•
Refresh interval
—As discussed, a secondary zone server requests zone information from
another server (a primary or another secondary master) when the zone's refresh interval
expires, which is every 15 minutes by default.
•
DNS notify
—A master server can be configured to send a DNS notify message to secondary
servers when zone information changes. The secondary server can then request the zone
transfer immediately without waiting for the refresh interval to expire.
Zone transfers are configured in the Zone Transfers tab of a zone's Properties dialog box
(see Figure 9-15), which has the following options:
•
Allow zone transfers
—When this check box is selected, zone transfers are enabled. By
default, zone transfers in Active Directory-integrated zones are disabled. In standard
zones, zone transfers are enabled for all other name servers listed for that zone. Options
for configuring zone transfers are as follows:
• To any server: Allows any server to request a zone transfer. This option isn't recom-
mended for most environments, as it allows any host to request network information,
which is not secure.
• Only to servers listed on the Name Servers tab: This option is the default for standard
zones.
• Only to the following servers: You can specify servers to which zone information can be
transferred.
Search WWH ::
Custom Search