Delegated zones - question for an MCSE or MCSA..

A practice test that came with the MS Press 70-291 book says the
following, and I'm not really convinced that it is right, so I'd like
to hear an mcse's opinion:

A dns server that is hosting a delegated zone must also contain a
secondary zone for the parent domain, so that computers in the
delegated zone can resolve names for hosts in the parent domain.
(that's my convoluted wording, not the book's)

I don't see why the secondary zone would be necessary. Computers in
the delegated domain would just ask their dns server (ie, the one in
that delegated zone) for the address of a host, and that dns server
should just perform recursion as usual, whether the destination host
is in the parent domain or anywhere else in the world. Am I wrong?

Thank you!

David Fox

That is correct. After you delegate a zone to a child domain the dns servers
in the child domain will be authoritative for the child domain, however they
may not be able to use recursion to find the parent domain unless the top
domain in the forest tree is configured to be the root domain and the child
domain controllers have their root hints configured with the domain names
and IP addresses of the dns servers authoritative for it. See the link below
to a KB article on AD dns FAQ. With Windows 2003 conditional forwarding and
stub zones can often be used in place of secondary zones if you do not need
the redundancy or load balancing of secondary zones. --- Steve

http://support.microsoft.com/default...b;EN-US;291382


Question: How do I set up DNS for a child domain?

Answer: To set up DNS for a child domain, create a delegation record on the
parent DNS server for the child DNS server. Create a secondary zone on the
child DNS server that transfers the parent zone from the parent DNS server.
Set the child DNS server to point to itself only.

For additional information, click the article number below to view the
article in the Microsoft Knowledge Base:
255248 How to Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain

"David Fox" <> wrote in message
news: om...
>A practice test that came with the MS Press 70-291 book says the
> following, and I'm not really convinced that it is right, so I'd like
> to hear an mcse's opinion:
>
> A dns server that is hosting a delegated zone must also contain a
> secondary zone for the parent domain, so that computers in the
> delegated zone can resolve names for hosts in the parent domain.
> (that's my convoluted wording, not the book's)
>
> I don't see why the secondary zone would be necessary. Computers in
> the delegated domain would just ask their dns server (ie, the one in
> that delegated zone) for the address of a host, and that dns server
> should just perform recursion as usual, whether the destination host
> is in the parent domain or anywhere else in the world. Am I wrong?
>
> Thank you!

Steven L Umbach

Agreed. A delegated zone essentially establishes a forwarder, except in the
reverse direction. Just because the higher level server is configured to
proxy requests for the downlevel zone to the delegated server for that zone
does not mean that the delegated server will know to poll the domain parent
server for names in it's zone. If it is a publicly registered zone, the root
servers (from root hints) would point it in the right direction, otherwise I
would think the secondary zone would be required.

....kurt


"Steven L Umbach" <> wrote in message
news:JW0bd.354206$mD.44896@attbi_s02...
> That is correct. After you delegate a zone to a child domain the dns
servers
> in the child domain will be authoritative for the child domain, however
they
> may not be able to use recursion to find the parent domain unless the top
> domain in the forest tree is configured to be the root domain and the
child
> domain controllers have their root hints configured with the domain names
> and IP addresses of the dns servers authoritative for it. See the link
below
> to a KB article on AD dns FAQ. With Windows 2003 conditional forwarding
and
> stub zones can often be used in place of secondary zones if you do not
need
> the redundancy or load balancing of secondary zones. --- Steve
>
> http://support.microsoft.com/default...b;EN-US;291382
>
>
> Question: How do I set up DNS for a child domain?
>
> Answer: To set up DNS for a child domain, create a delegation record on
the
> parent DNS server for the child DNS server. Create a secondary zone on the
> child DNS server that transfers the parent zone from the parent DNS
server.
> Set the child DNS server to point to itself only.
>
> For additional information, click the article number below to view the
> article in the Microsoft Knowledge Base:
> 255248 How to Create a Child Domain in Active Directory and Delegate the
DNS
> Namespace to the Child Domain
>
> "David Fox" <> wrote in message
> news: om...
> >A practice test that came with the MS Press 70-291 book says the
> > following, and I'm not really convinced that it is right, so I'd like
> > to hear an mcse's opinion:
> >
> > A dns server that is hosting a delegated zone must also contain a
> > secondary zone for the parent domain, so that computers in the
> > delegated zone can resolve names for hosts in the parent domain.
> > (that's my convoluted wording, not the book's)
> >
> > I don't see why the secondary zone would be necessary. Computers in
> > the delegated domain would just ask their dns server (ie, the one in
> > that delegated zone) for the address of a host, and that dns server
> > should just perform recursion as usual, whether the destination host
> > is in the parent domain or anywhere else in the world. Am I wrong?
> >
> > Thank you!
>
>

Kurt