Question regarding DNS planning

Lets say we have a few child domains

Contoso.com
west.contoso.com east.contoso.com
ca.west.contoso.com fl.east.contoso.com


Now I know we can create a forwarder to contoso.com and on the contoso.com dns server create delegations or stubzones of all the child domains so if ca.west.contoso.com needed to resolve a dns name in fl.east.contoso.com, it'll be able to because it's forwarding to contoso.com which contains the delegation/stubzone for the fl.east.contoso.com zone.

My question is, is it really good to do this if these child domains were in different parts of the world or country. For instance, ca.west.contoso.com is in california and fl.east.contoso.com is in florida. Is it best design to have a forwarder to your root namespace that will contain stub zones for all the child domains so the child domains can resolve hosts inside eachother's zones?

I know that if you're trying to query for something outside of your namespace, since you'll have the forwarder, it';ll check the contoso.com zone and if it doesn't find anything then the contoso.com dns server will do recursion and then respond back wtih the answer to the dns server which did the original query.

I'm just wondering if there's another way to do this more efficiently.
“For success, attitude is equally as important as ability.” - Harry F. Banks

Comments

  • agustinchernitskyagustinchernitsky Member Posts: 299
    Well, MS always suggests using a DNS hierarchy with root zones. But, its up to you really.

    Stub zones, in this case, would be good to speedup resolution between ca.west.contoso.com and fl.east.contoso.com... if they use each others resources often.

    Now, for the rest of the child domains and root domain, yes, you can use forwarding to get to contoso.com dns, where you will have delegated or stub zones. If contoso.com is a root server, then just add the IP to your root hints.

    The question is: root servers or not...
  • royalroyal Member Posts: 3,353
    Well from what I've learned, if you're using yourself as the root, doesn't the internet stop at you as if you are the internet. If you get a query and if you can't answer out of your own zone files, you always go to the root servers on the internet to resolve. If you're using your own root setup, then you can't really do that anymore. So if you wanted to be able to get out to the internet, then the root choice would be out of the question, right? You'd typically have to either either setup all delegations/stubs on one of the servers and have all other servers forward to it and let that main dns server do recursion for resolving unauthoritative queries or you could just setup single stubs/delegations on those specific child servers to other servers on a need by need basis if they were to use resources on other child domains. Am I correct?
    “For success, attitude is equally as important as ability.” - Harry F. Banks
Sign In or Register to comment.