Zone delegation problem

!30!30 Member Posts: 356
Hello to all !

I'm preparing for my 70-291 exam , I work in a lab , with 2 computer's (home lab) , I have an computer with windows 2003 server Enterprise edition on it , and the another one , has windows XP , and a virtual PC with windows 2003 server enteprise edition.

I have created a domain name " domain.ro " , on the virtual machine , ( computer 1 ) and deplyed it with DNS server role ( its the first DC to ) , and ( zone intergated in AD ).The another computer ( computer 2 ) with windows 2003 seerver to , I join it to the domain ( " domain.ro " where the DC is computer 1 ).I make it an DNS to ( with a forward and reverse lookup this one is a secondry zone , and computer 1 is the primary zone ).That's all good I replcaited from the root master the primry zone , on computer 1.

I dont really udnerstand what zone delegation mean's ? What I do was creating on the DNS server on computer 1 a new forward zone named zone.domain.ro .. and delegated it on DC computer 1.. and the ping cmputer1.zone.domain.ro .. and computer2.zone.domain.ro .. form both computer each other and worked.. but I really don't understand what is the porpuse of zone delegation.. I read the definition and know how to make a zone delegation but I don't understand the point..

Maybe somone can explain me , Thanks in advance to all !
Optimism is an occupational hazard of programming: feedback is the treament. (Kent Beck)

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    All Active Integrated zones are Primary Zones. If you configured your 1st Domain Controller with DNS (required), that DNS server is an Active Directory Integrated zone. If you have a second domain controller, you're not going to have a secondary copy of the Active Directory Zone. That's the beauty of Active Directory Integrated zones, all Domain Controllers with DNS will have a read/write copy (primary) of the Active Directory Integrated Zone.

    To properly get a second domain controller running with a copy of the active directory integrated zone, when you run dcpromo, have the dns ip on the 2nd DC pointing to the 1st DC so it can pull DNS records. When Active Directory is running after the reboot, go ahead and install DNS, but keep the dns ip set to the 1st DC. Don't install any zones. When you DCpromo'd and since you had the primary dns ip set to your 1st DC, the 1st DC learned about the 2nd DC. This means that your 1st DC will try to contact your 2nd DC for Active Directory Replication. This is why you doin't want to install any zones on the 2nd DC. Once Active Directory replication begins on the 1st DC, it will contact your new DC, and it will detect that DNS service is installed on your new DC and it will automatically copy over the entire Active Directory Integrated Zone copy as well as copy over all SRV records and automatically create a new NS record inside active Directory. After you notice the Active Directory Zone installed on the 2nd DC, you can point the primary dns ip to itself (which I don't like to do. I would point DC1's primary dns to the 2nd DC and vice versa. If you point them to themselves, they'll take forever at Preparing Network Connections because it has to wait for DNS Service as well as other stuff to fully load. If you criss-cross the DNS information, Preparing Network Connections will go by fast because it can obtain DNS information very fast because the other DC with DNS is already up and running.

    As for delegations, that just allows a zone to know about another zone. Lets say for instance, you have abc.com and you have created child.abc.com. Queries between abc.com and child.abc.com are not going to work. You can create a delegation on abc.com for child.abc.com which basically stores a NS record in the delegation which contains information about the authoritative server for child.domain.com. This means, when a DC/workstation from the abc.com domain sends out a ping for someone in the child.comabc.com, the authoritative server for the abc.com will notice that it has a delegation for the child.abc.com and it'll have the NS record stored in the delgation which will then return information to that client which pinged telling them the authoritative server for the child.abc.com and then the client will then directly query the authoritative server for the child.abc.com domain. Delegations are static. If information ever changes, you will have to manually change the information stored in the delegation. Stub zones also do the same thing as delegations, except it is an actual zone which also contains the SOA record from the other zone which allows them to be dynamically updated.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
Sign In or Register to comment.