Clarity on dns zones

kenny504

Just need some clarity on dns zones...

under what scenario will i choose to use a secondary zone?
what exactly is a caching only zone?
why stub zone over delegation or vice versa.

I read up on all these but still not crystal clear..

Any help???

Thanks, kenny.

royal

kenny504 wrote:

under what scenario will i choose to use a secondary zone?

When you want a server to be authoritative for a zone by having a full read-only copy of the zone. Another good reason is to have stealth primary server. Basically this means that on your internal network, you will have a primary zone that sends data to about 1 or more secondary zone servers in your dmz. You use this method because you don't want someone being able to break into that dns server and modifying your dns since it's a read-only copy. You make the modifications to the stealth primary on the internal network and the data gets sent to public external dns primary read-only servers.

Another situation is if your internal network has a DC with DNS and your dmz has a public-facing primary zone on it. You might want your internal DC/DNS server to know about all the records on the public-facing dns server. One way you could do this is by creating a secondary zone on your internal DC/DNS server to obtain a read-only copy of the zone on your public-facing dns server.

kenny504 wrote:

what exactly is a caching only zone?

This simply means that it has a copy of root hints loaded. It doesn't host any zones per se, but since it has a copy of the root hints loaded, it can still perform recursion by going out to the internet to resolve names. It then caches these names like any other dns server, but since it's only resolving names and caching them, they are called caching servers.

kenny504 wrote:

why stub zone over delegation or vice versa.

Stub zones are dynamic and delegations are not. Stub zones can also be used for delegating name space. When you create a stub zone it stores a copy of the targeted zone's SOA record which tells the stub zone what is the primary NS server as well as how long records should be cached for and how often the stub zone should be checked for updates. When the stub zone contacts the Primary NS server, it'll find the listing of all other NS servers and update the stub zone accordingly. With the regular delegation, you have to add the NS servers manually based upon the namespace you provide.