stub zones and conditional forwarding

[Darren]

Hi,
Does Stub zones build up large cache records and facilitate name resolution
using cache records as does conditional forwarder ? The reason I ask is
because I am trying to differentiate among the two methods and possibly
determine which method would more efficient in terms of speedy name
resolution ..

TIA.

 

[Ace Fekay [MVP]]

In

Hi,
Does Stub zones build up large cache records and facilitate name
resolution using cache records as does conditional forwarder ? The
reason I ask is because I am trying to differentiate among the two
methods and possibly determine which method would more efficient in
terms of speedy name resolution ..

TIA.

Nope, a Stub just says, here - for your query, go to the name server listed
to get your answer. You can also look at your cache list by choosing
'Advanced" in the View options in the DNS console. That will show you
everything.

What exactly are you designing? Is it a parent-child scenario or a business
partner scenario? It depends on your scenario for which is best to choose.

Ace
--
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

 

[Darren]

Hello Ace Thank you for your response..
In response to your question . We have recently acquired a company through a
recent acquisition
A single domain/forest which also runs DNS 2003 . We will be migrating all
servers etc to our corp environment Win2003 single domain/forest. In the
interim ,I would like to resolve all servers and PCs for the new company
from our corp. environment.
I have created a stub zone for the new company on the corp. DC AD and chose
the option to replicate to all DNS servers however when I try pinging a
server in the new company I unable to resolve the servername, for example,
I type "ping server1" I get no response..... I would assume the stub zone
should be able to forward the request on to the authorative DNS server , BUT
this seem to be not working as I thought it would. I don't want to enter
the suffix for the new company on all PCs ..
Any idea would certainly be appreciated..
TIA

 

[Darren]

forgot to mention. I have also tried another approach. I have deleted the
stub zone on our corp DNS server and tried using conditional forwarding...
I have entered the FQDN of the new company along with DNS server IP
address for the new company under the "Forwarder TAB" however when I tried
pinging once agian I received the same results.. unable to resolve ..
There has to be something I'm missing here..

Thanks again

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello Ace Thank you for your response..
In response to your question . We have recently acquired a company
through a recent acquisition
A single domain/forest which also runs DNS 2003 . We will be
migrating all servers etc to our corp environment Win2003 single
domain/forest. In the interim ,I would like to resolve all servers
and PCs for the new company from our corp. environment.
I have created a stub zone for the new company on the corp. DC AD and
chose the option to replicate to all DNS servers however when I try
pinging a server in the new company I unable to resolve the
servername, for example, I type "ping server1" I get no
response..... I would assume the stub zone should be able to forward
the request on to the authorative DNS server , BUT this seem to be
not working as I thought it would. I don't want to enter the suffix
for the new company on all PCs ..
Any idea would certainly be appreciated..

You will have to add the new company's DNS suffix to all your client
machines. You can do this with Group Policies on WinXP and Win2k3, Win2k
will have to be done in each machine's TCP/IP settings.
The Group Policy is here:
Computer Configuration
-Administrative templates
-Network
-DNS Client
DNS Suffix Search list

There is another way, if you are using WINS, you can configure the zones
from both Domains to search their respective WINS servers for unknown hosts.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Darren]

Hello Kevin
I was contemplating on NOT adding the suffix to my clients, but since you
have mentioned this is needed I would assume for conditional OR stub zone to
work , suffix MUST be addded to my clients . So can I assume that adding the
suffix is a prerequisite for name resolution when using stub zone or
conditional forwarding.
Also if you can think of a better solution in regards to my requirement.
Just wanted to make sure I am going about this the right way..

Thanks again

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello Kevin
I was contemplating on NOT adding the suffix to my clients, but since
you have mentioned this is needed I would assume for conditional OR
stub zone to work , suffix MUST be addded to my clients . So can I
assume that adding the suffix is a prerequisite for name resolution
when using stub zone or conditional forwarding.
Also if you can think of a better solution in regards to my
requirement. Just wanted to make sure I am going about this the right
way..

Stub zones and Conditional Forwarding give you the ability to resolve names
for other domains without forwarding all queries to the DNS server, and
without having to go through the Root. But that queries must be qualified as
DNS domain names, "server1" does not qualify as a DNS Domain name. You need
a DNS suffix appended before it qualifies as a DNS name.
Your problem is that the suffix that is appended now, is not the suffix
where the name "server1" exists, it does not matter where the zone is hosted
before you can find a name in the zone you have to search the DNS server for
the Fully-qualified name of the host, e.g. server1.otherdomain.com, having a
suffix of mydomain.com is NOT going to help you find a host in
otherdomain.com.

That said, and as I mentioned, if you are using WINS on both Networks,
configure the two WINS servers to replicate with each other.. Then, on the
Properties of the zone listed in the DNS suffix search list on both
networks, (Or just yours), select the WINS tab, enter the IP address of the
WINS server.
This does two things, it will populate Network Places with the machines from
both networks, and allow you to search your DNS zone for hosts on the other
network. For this to work, all client must be WINS clients.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Herb Martin]

In

Nope, a Stub just says, here - for your query, go to the name server
listed to get your answer. You can also look at your cache list by
choosing 'Advanced" in the View options in the DNS console. That will show
you everything.

I think you will find the above is incorrect. When an ordinary "DNS client"
asks a (recursive) query of the DNS server with a Stub the server itself
will follow
the path, resolve the record and cache it.

When another DNS Server makes an iterative query the DNS Server will
give it the Stub answers and the querying DNS server will do the work
itself.

 

[Herb Martin]

Hello Kevin
I was contemplating on NOT adding the suffix to my clients, but since you
have mentioned this is needed I would assume for conditional OR stub zone
to work , suffix MUST be addded to my clients . So can I assume that
adding the suffix is a prerequisite for name resolution when using stub
zone or conditional forwarding.

No, adding suffixes to the NIC IP properties is practically always
an option and have NOTHING to do with whether your DNS
servers can resolve records.

Those suffixes merely make it possible for your users to use partial,
or incomplete names, and for the resolving to try various combinations
of suffixes automatically.

Additional suffixes are merely about CONVENIENCE (or allowing your
users to be lazy.)

Note: It is important that you set the PRIMARY DNS Suffix correctly
in the System Control Panel, but even this isn't really about resolution
but necessary for things like proper dynamic REGISTRATION.

 

[Sean Cai [MSFT]]

Hello Darren,

Thank you for posting in the Microsoft newsgroup!

From your post, my understanding on this issue is: you want to know whether
Stub zone is more efficient or conditional forwarder is. If I'm off base,
please feel free to let me know.

Thank everyone for their key in. it's greatly appreciated.

I think your question has only better answer.

You can refer to the following articles and deploy the better method for
your environment:
Understanding forwarders
http://technet2.microsoft.com/WindowsServer/en/library/1cd13da9-ed0a-4814-b0
bb-e46e8ac1e3211033.mspx?mfr=true
Understanding stub zones
http://technet2.microsoft.com/WindowsServer/en/library/648f2efd-0ad4-4788-80
c8-75f8491f660e1033.mspx?mfr=true
Contrasting stub zones and conditional forwarders
http://technet2.microsoft.com/WindowsServer/en/library/78ad7115-a502-41b4-a9
69-2d0032549c591033.mspx?mfr=true

I hope the information above can address your concerns. If anything is
unclear, please feel free to let us know.

Have a good day!

Sean Cai, MCSE2000
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

 

[Sean Cai [MSFT]]

R:The cu want to know the better DNS modle for his environment
A:N/A
C:N/A
Rrovided some information.

close as nan

 

[Darren]

Thanks everyone for all the excellent feedback..

 

[Ace Fekay [MVP]]

In

I think you will find the above is incorrect. When an ordinary "DNS
client" asks a (recursive) query of the DNS server with a Stub the
server itself will follow
the path, resolve the record and cache it.

When another DNS Server makes an iterative query the DNS Server will
give it the Stub answers and the querying DNS server will do the work
itself.

I was trying to simplify it. But thanks for the specific steps it takes.

 

[Ace Fekay [MVP]]

In

Thanks everyone for all the excellent feedback..

So Darren, what will you be deciding for a resolution? To resolve a single
name (NetBIOS) between the infrastructures, it would be easier to use WINS
partnerships between the two forests/domains instead of populating a search
sufffix on all machines.

Curious as to what you decided...

Ace

 

[Ace Fekay [MVP]]

In Herb Martin <[email protected]> stated, which I commented on below:

I know you like to be more specific with explanations, Herb, and I agree
with your reasoning. My previous reply to Darren conerning stubs was just to
simplify things. However, I would like to offer a more specific Stub Zone
explanation for Darren, which is of course in addition to Sean Cai's
response and helpful links.

Windows 2003 DNS Stub Zones:
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

Understanding stub zones
http://technet2.microsoft.com/WindowsServer/en/library/648f2efd-0ad4-4788-80c8-75f8491f660e1033.mspx

Ace

 

[Herb Martin]

In Herb Martin <[email protected]> stated, which I commented on below:

I know you like to be more specific with explanations, Herb, and I agree
with your reasoning. My previous reply to Darren conerning stubs was just
to simplify things.

It is best when simplifying to avoid actual errors (like when you explicitly
stated
the stub will redirect an "ordinary DNS client" to the other DNS servers).

Just use general explanations such as "A stub will know how to find the
actual
servers holding the records" or something similar -- if you do this without
specifying
that the Stub or the Client, or another server, does the actual resolution
work you
will have both simplified and remained accurate, i.e., not misleading.

 

[Ace Fekay [MVP]]

In

It is best when simplifying to avoid actual errors (like when you
explicitly stated
the stub will redirect an "ordinary DNS client" to the other DNS
servers).

Of course in haste. DNS does not 'redirect'.