Delegated zones - question for an MCSE or MCSA..

Discussion in 'MCSE' started by David Fox, Oct 13, 2004.

  1. David Fox

    David Fox Guest

    A practice test that came with the MS Press 70-291 book says the
    following, and I'm not really convinced that it is right, so I'd like
    to hear an mcse's opinion:

    A dns server that is hosting a delegated zone must also contain a
    secondary zone for the parent domain, so that computers in the
    delegated zone can resolve names for hosts in the parent domain.
    (that's my convoluted wording, not the book's)

    I don't see why the secondary zone would be necessary. Computers in
    the delegated domain would just ask their dns server (ie, the one in
    that delegated zone) for the address of a host, and that dns server
    should just perform recursion as usual, whether the destination host
    is in the parent domain or anywhere else in the world. Am I wrong?

    Thank you!
    David Fox, Oct 13, 2004
    #1
    1. Advertising

  2. That is correct. After you delegate a zone to a child domain the dns servers
    in the child domain will be authoritative for the child domain, however they
    may not be able to use recursion to find the parent domain unless the top
    domain in the forest tree is configured to be the root domain and the child
    domain controllers have their root hints configured with the domain names
    and IP addresses of the dns servers authoritative for it. See the link below
    to a KB article on AD dns FAQ. With Windows 2003 conditional forwarding and
    stub zones can often be used in place of secondary zones if you do not need
    the redundancy or load balancing of secondary zones. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382


    Question: How do I set up DNS for a child domain?

    Answer: To set up DNS for a child domain, create a delegation record on the
    parent DNS server for the child DNS server. Create a secondary zone on the
    child DNS server that transfers the parent zone from the parent DNS server.
    Set the child DNS server to point to itself only.

    For additional information, click the article number below to view the
    article in the Microsoft Knowledge Base:
    255248 How to Create a Child Domain in Active Directory and Delegate the DNS
    Namespace to the Child Domain

    "David Fox" <> wrote in message
    news:...
    >A practice test that came with the MS Press 70-291 book says the
    > following, and I'm not really convinced that it is right, so I'd like
    > to hear an mcse's opinion:
    >
    > A dns server that is hosting a delegated zone must also contain a
    > secondary zone for the parent domain, so that computers in the
    > delegated zone can resolve names for hosts in the parent domain.
    > (that's my convoluted wording, not the book's)
    >
    > I don't see why the secondary zone would be necessary. Computers in
    > the delegated domain would just ask their dns server (ie, the one in
    > that delegated zone) for the address of a host, and that dns server
    > should just perform recursion as usual, whether the destination host
    > is in the parent domain or anywhere else in the world. Am I wrong?
    >
    > Thank you!
    Steven L Umbach, Oct 13, 2004
    #2
    1. Advertising

  3. David Fox

    Kurt Guest

    Agreed. A delegated zone essentially establishes a forwarder, except in the
    reverse direction. Just because the higher level server is configured to
    proxy requests for the downlevel zone to the delegated server for that zone
    does not mean that the delegated server will know to poll the domain parent
    server for names in it's zone. If it is a publicly registered zone, the root
    servers (from root hints) would point it in the right direction, otherwise I
    would think the secondary zone would be required.

    ....kurt


    "Steven L Umbach" <> wrote in message
    news:JW0bd.354206$mD.44896@attbi_s02...
    > That is correct. After you delegate a zone to a child domain the dns

    servers
    > in the child domain will be authoritative for the child domain, however

    they
    > may not be able to use recursion to find the parent domain unless the top
    > domain in the forest tree is configured to be the root domain and the

    child
    > domain controllers have their root hints configured with the domain names
    > and IP addresses of the dns servers authoritative for it. See the link

    below
    > to a KB article on AD dns FAQ. With Windows 2003 conditional forwarding

    and
    > stub zones can often be used in place of secondary zones if you do not

    need
    > the redundancy or load balancing of secondary zones. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
    >
    >
    > Question: How do I set up DNS for a child domain?
    >
    > Answer: To set up DNS for a child domain, create a delegation record on

    the
    > parent DNS server for the child DNS server. Create a secondary zone on the
    > child DNS server that transfers the parent zone from the parent DNS

    server.
    > Set the child DNS server to point to itself only.
    >
    > For additional information, click the article number below to view the
    > article in the Microsoft Knowledge Base:
    > 255248 How to Create a Child Domain in Active Directory and Delegate the

    DNS
    > Namespace to the Child Domain
    >
    > "David Fox" <> wrote in message
    > news:...
    > >A practice test that came with the MS Press 70-291 book says the
    > > following, and I'm not really convinced that it is right, so I'd like
    > > to hear an mcse's opinion:
    > >
    > > A dns server that is hosting a delegated zone must also contain a
    > > secondary zone for the parent domain, so that computers in the
    > > delegated zone can resolve names for hosts in the parent domain.
    > > (that's my convoluted wording, not the book's)
    > >
    > > I don't see why the secondary zone would be necessary. Computers in
    > > the delegated domain would just ask their dns server (ie, the one in
    > > that delegated zone) for the address of a host, and that dns server
    > > should just perform recursion as usual, whether the destination host
    > > is in the parent domain or anywhere else in the world. Am I wrong?
    > >
    > > Thank you!

    >
    >
    Kurt, Oct 13, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris Gumm

    OT: DMZ Zones

    Chris Gumm, Jul 20, 2003, in forum: Cisco
    Replies:
    1
    Views:
    493
    mrtravel
    Jul 20, 2003
  2. Kent A
    Replies:
    3
    Views:
    714
  3. John Miller

    MCSA 2000 -> MCSA 2003 -?-> MCSE 2003

    John Miller, Jan 15, 2007, in forum: Microsoft Certification
    Replies:
    3
    Views:
    522
    John Miller
    Jan 15, 2007
  4. Giuen
    Replies:
    0
    Views:
    871
    Giuen
    Sep 12, 2008
  5. Sam
    Replies:
    9
    Views:
    471
Loading...

Share This Page