70-411 DNS Zones

Failed the 411 for the second time on Friday. Getting close, I can feel it!

The 3 weak areas on my results match exactly what I felt needed working on so I guess that's a positive.
They are Direct Acces, Service Authentication and DNZ.

I really need to drill in the differences between secondary zones, stub zones and conditional forwarders and which situations you should be configuring each over the others.

Any tips, processes you guys did for any of the 3 areas above would be hugely appreciated as well.

Find more posts tagged with

Comments

lukea

hey

you've probably seen this, but a good overview of DNS Zones:
https://technet.microsoft.com/en-us/library/cc771898(v=ws.11).aspx

Conditional forwarders: https://technet.microsoft.com/en-us/library/cc794735(v=ws.10).aspx

The way I look at it, you'd set DNS Forwarders to say your ISP DNS entries (or Google..). You'd then set a conditional forwarder if you wanted a specific lookup to a certain DNS name.
As the above shows, "For example, you can configure a DNS server to forward all the queries it receives for names ending with widgets.contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers"

Another snippet from online resource: "Conditional forwarders are useful when DNS queries for certain domains must be redirected by a local DNS server to other known DNS servers, typically servers authoritative for the domain in the query. The process of creating a conditional forwarder depends on the version of Windows running on the DNS server on which they are created."
Conditional Forwarders and Stub Zones in Windows DNS | Dell US

Hope that's of some use, good luck with the next exam

I'm doing 70-417 at some point, need to cram 410,411 and 412 all together

madurham

Thanks lukea. I do not envy you! Good luck man.

So with a conditional forwarder, would the client then start using the destination DNS spoecified in the conditional forwarder or is it to inform the DNS server where to go first and the client receives the result from the original DNS server?

I also forgot to add in delegations as well. Why would you use a delegation? Is it not the same as a stub zone?

All these questions, I really havent got a hold of DNS.

lukea

sometimes TechNet can be confusing for a resource, but from my notes I had this as a resource
https://technet.microsoft.com/en-us/library/cc771640(v=ws.11).aspx

In all honesty in the environment(s) I've worked in for the last 10 years or so, I've only ever needed AD Primary and nothing more, so my experience of it is very limited. This is why sometimes I hate these exams, as 90% isn't necessarily real world exposure

poolmanjim

Secondary Zones - Effectively these are read-only copies of primary zones hosted on another DNS server. They are used to speed up queries at other locations.

Stub Zones - These are unique zones that really hold very little data in the actual zone. You have name server records and what they call "glue" A records. The goal of these is to provide DNS lookups to zones you don't control. They do require some level of zone transfers as the target environment has to send over these records. They have the benefit of being somewhat dynamic as they receive the zone transfer data from the target.

Conditional Forwarders - These are special forwarders. Forwarders always involve a recursive query. Normally, if DNS doesn't find the answer to a question and it has forwarders configured, it will reach out to its forwarders and see if they know. If the forwarders don't know they reach out to their forwarders, and so on until no one has forwarders anymore. When you run out of forwarders in the chain then the DNS Server will do an iterative query and ask the Root Hints (the internet) for help. Conditional forwarders fall into the middle of the forwarders list. You know that contoso.com will have the right servers configured to resolve www.contoso.com. Instead of depending on Root Hints to do a long and drawn out iterative query to find it, you configure a conditional forwarder for Contoso.com so that any traffic for Contoso.com just goes straight to them. Conditional forwarders are static: you set them and they will not auto update. If the other domain changes their DNS servers, you have to manually make the change.

Conditional Forwarders vs Stub Zones - Both are used typically in acquisitions or when trying to work with another organization. Both shorten the query times by avoiding long winded Root Hints (iterative) queries. Stub Zones are typically used when you control both ends of the environment (acquisitions) but not always. Stub Zones require a zone transfer between the domains for the information to be traded. Conditional forwarders can over come this need of a zone transfer as you simply supply authortiative DNS servers for the zone you want to hit. The downside to conditional forwarders is they are static.

A decent page on the difference between conditional forwarders and stub zones: http://www.dell.com/support/article/us/en/4/SLN156306/conditional-forwarders-and-stub-zones-in-windows-dns?lang=EN

madurham

poolmanjim wrote: »

Conditional Forwarders vs Stub Zones - Both are used typically in acquisitions or when trying to work with another organization. Both shorten the query times by avoiding long winded Root Hints (iterative) queries. Stub Zones are typically used when you control both ends of the environment (acquisitions) but not always. Stub Zones require a zone transfer between the domains for the information to be traded. Conditional forwarders can over come this need of a zone transfer as you simply supply authortiative DNS servers for the zone you want to hit. The downside to conditional forwarders is they are static.

A decent page on the difference between conditional forwarders and stub zones: Conditional Forwarders and Stub Zones in Windows DNS | Dell US

This is so handy. Thanks