AD Integrated Zone over standard Primary zone
jescab
Inactive Imported Users Posts: 1,321
When do you use Active Directory Integrated Zone over the standard Primary zone? Is there something special that will tell you which one to use?
GO STEELERS GO - STEELERS RULE
Comments
-
Danman32
Member Posts: 1,243
Active directory integrated has the zone replicate using the AD replication mechanism. Also being AD integrated has all zome replicas be masters, as AD is a multi-master model of replication.
In order to be AD integrated, the zone has to be on a DC.
A standard primary zone has its database stored as a text file. There can only be one standard primary zone for a domain. Zone changes can only be made on a primary zone. The replicas of such a zone would be secondary zones that are read-only except for zone transfers from the primary zone. A standard zone does not have to be on a DC or even a member server. Heck, it doesn't even have to be on an MS OS.
An AD integrated zone can act as a standard primary for the purposes of zone transfers to standard secondary zones -
agustinchernitsky
Member Posts: 299
AD integrated is used when you install DNS on a DC. The key benefit is that it stores everyting in AD and it uses AD replication model to propagate changes... and... it generates the least admin effort!
You normally use non-AD integrated zones when you have a standalone server (ie for a public network).
So, if they ask you:you have installed a root DC and you want install another DC as backup. You also want to configure in this new DC the DNS servers for redundancy, what to do:
1.- Create a STD primary zone on the second DC DNS service
2.- Create a STD secondary zone on the second DC DNS service
3.- Create a Stub zone on the second DC DNS service
4.- Create a AD integrated zone on the second DC DNS service
What would you answer? -
RTmarc
Member Posts: 1,082 ■■■□□□□□□□
Unless you have NT4.0 as a DC, there is really no reason to ever use Standard-Primary over ADI. There are a few circumstances where a Standard-Primary should be used but I doubt you will ever see that; it deals with perimeter networks and DMZs.
-
Danman32
Member Posts: 1,243
One can install a standard primary/secondary zone on a DC.
When there are AD replication issues, thats what I have clients do until the AD issues are fixed. Otherwise you can get a chicken or egg situation. DNS can't replicate properly if AD isn't replicating properly since DNS uses AD replication. AD can't replicate properly because DNS information is not properly replicated, so AD has a conflict in where to find its resources.
One additional benefit of AD integrated is security. The data is in AD which is fairly secure, as opposed to being stored in a text file. Zone transfers occur over AD replication (since it is part of AD database), so standard zone transfers can be disabled. -
agustinchernitsky
Member Posts: 299
I completely forgot about security... good point.
When in AD integrated mode, you can choose to allow secure dynamic updates. -
Danman32
Member Posts: 1,243
agustinchernitsky wrote:I completely forgot about security... good point.
When in AD integrated mode, you can choose to allow secure dynamic updates.
Yes, that too. I almost added that to my post. -
nadda
Member Posts: 1 ■□□□□□□□□□
I find it in Google:
diflucan 150 mg diflucan pill cheap diflucan alcohol diflucan diflucan online diflucan oral suspension diflucan and man buy diflucan generic diflucan over the counter diflucan and pregnancy diflucan buy diflucan how long does it take diflucan to work diflucan medication fluconazole diflucan cheapest diflucan diflucan and infant
