A Quick DNS Question

Hi all,

Is this correct:

Stub Zone: When clients in abc.com query for a server in child.abc.com, dns server in abc.com will provide clients with ip addresses of dns servers in child.abc.com. (Client will contact child.abc.om DNS server directly)

Zone Delegation: Same as above, clients contact child.abc.com DNS server directly.

Conditional Forwarding: abc.com's DNS server will forward the request for child.abc.com on the client's behalf.

Thanks very much.

Find more posts tagged with

Comments

royal

See that's exactly what I was saying a long time ago in several other threads. That stub zones would actually send a referral back to the clients and the clients would then go query the authoritative server directly. On the other hand, conditional forwarders would actually do the recursion themselves. So basically, if the WAN firewall only permitted port 53 to come from external-facing DNS server, then you'd have to use conditional forwarder. Some user on this forum posted a link saying this was incorrect (I was going to read it but completely forgot to). I wonder why we are both thinking the same thing and if it's actually true or not. Where did you hear this information?

Here's the link to the thread where nzchris posts to show that this is incorrect:
http://www.techexams.net/forums/viewtopic.php?t=20680

Like I said, I haven't read it yet, but I'll read it tonight when I have more time

royal

Also, as I re-read that post, look at nzchris' last post, he said he believes that the dns server will still do recursion for both stub zone and conditional. But now that I see you posting the same thing I've been preaching months ago, it makes me think that what I was saying months ago is actually correct. That a stub zone will actually refer the client, and that the conditional forwarder will cause the dns server to do recursion. I've looked at many sites and cannot find confirmation, unfortunately.

georgemc

I believe it depends on whether it's an iterative or recursive query.

Stub zone resolution

When a DNS client performs a recursive query operation on a DNS server hosting a stub zone, the DNS server uses the resource records in the stub zone to resolve the query. The DNS server sends an iterative query to the authoritative DNS servers specified in the NS resource records of the stub zone as if it were using NS resource records in its cache. If the DNS server cannot find the authoritative DNS servers in its stub zone, the DNS server hosting the stub zone attempts standard recursion using its root hints.

The DNS server will store the resource records it receives from the authoritative DNS servers listed in a stub zone in its cache, but it will not store these resource records in the stub zone itself; only the SOA, NS, and glue A resource records returned in response to the query are stored in the stub zone. The resource records stored in the cache are cached according to the Time-to-Live (TTL) value in each resource record. The SOA, NS, and glue A resource records, which are not written to cache, expire according to the expire interval specified in the stub zone's SOA record, which is created during the creation of the stub zone and updated during transfers to the stub zone from the original, primary zone.

If the query was an iterative query, the DNS server returns a referral containing the servers specified in the stub zone.

http://technet2.microsoft.com/WindowsServer/f/?en/library/78ad7115-a502-41b4-a969-2d0032549c591033.mspx

Edit: Click on the link at the bottom of the last paragraph to find the above quote. I couldn't link directly to it.

So, the way I understand this is that if a CLIENT (as opposed to another DNS server) make a request (a recursive query, since most host resolover's can't understand a referal) to a DNS server. The DNS server will perform recursion for the host by querying the NS in the stub zone.

For an iterative query though, the DNS server with the stub zone will reply with a referral to the NS listed in the stub zone.

I cobbled these thoughts together based on the quote above and information in the book "DNS on Windows Server 2003" by Matt larson, Crickt Liu & Robbie Allen. Pgs. 26-29.

I had to look this up because I honestly did not know and this thread got me to thinking. Although i must admit I was leaning more toward the way icroyal believed it to be.

I sure hope this is helpful to someone...

Georgemc

redred

Hey guys, thanks for the great information. I remember reading it somewhere and/or by watching some cbts. It is just that I remember how stub zones and conditional forwarders do their jobs. I am not completely sure if zone delegation refers clients too like stub zones, but I guess it does too.