Stub Zones

Can someone please enlighten me on what a Stub Zone is and what scenario best to use them? I have read the Microsoft Press explanation but just cant picture it in my useless mind at the moment.

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

Mishra

Stub Zones only hold A records(for that specific zone), SOA, and NS records. Because they only pick up those records, they are useful across slow WAN links due to decreased bandwidth needed for zone replication.

Stub zones can be integrated with active directory.

You probably won't need a stub zone unless you have a large DNS environment or really slow WAN links.

Check this article out to help.

http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

billybob01

Thanks Mishra.

colebert

So across a slow WAN link how much more useful would a stub zone be vs a conditional forwarder? I have always been confused about that.

dynamik

billybob01 wrote:

Can someone please enlighten me on what a Stub Zone is and what scenario best to use them? I have read the Microsoft Press explanation but just cant picture it in my useless mind at the moment.

Are you referring to the MS Press book? Chapter 4, Lesson 3 and Chapter 5, lessons 4 and 5 go into stub zones and delegations. A stub zone is basically a delegation that auto-updates, so the information it has is always current. You have to manually update delegations. Stub zones and delegations are used to find name servers in other domains.

http://technet2.microsoft.com/windowsserver/en/library/648f2efd-0ad4-4788-80c8-75f8491f660e1033.mspx?mfr=true

Mishra

colebert wrote:

So across a slow WAN link how much more useful would a stub zone be vs a conditional forwarder? I have always been confused about that.

Finally, is there anything you need to watch out for regarding using conditional forwarding? Two things come to mind First, conditional forwarding is suitable if you are dealing with a fixed DNS infrastructure. That means in a merger or supply-chain scenario you must be sure the other company doesn't plan on changing their DNS infrastructure by decommissioning old name servers, deploying new ones, or changing the IP addresses of existing ones. If they do change their infrastructure and don't inform you of this, then your name server may suddenly find itself forwarding queries to non-existing name servers resulting in failed name queries and frustrated users flooding help desk with calls. In that case, it might be better to create stub zones on your name servers for zones for which the other company's name servers are authoritative. That's because stub zones automatically update themselves with the current list of name servers in the zone while configuring forwarders is a process that has to be done manually. Same thing in a large enterprise that has a complex Active Directory forest--if you aren't sure that administrators in other divisions of your company are going to tell you in advance when they change their DNS infrastructures, don't implement conditional forwarding--use stub zones instead.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

billybob01

So a Stub Zone is kind of like a reference to other Authoritive DNS Servers, or used as a link between zones? (i think)

colebert

But with the current A records of systems that the authoritive servers currently have...?

Or just the A records of systems connected to the DNS server w/ that particular domain (of which the stub is a part of)...?

dynamik

I'll give you an example. You're running DNS for domain.com. Now you've decided to add child.domain.com, which has it's own DNS servers that manage DNS for that domain. How are people in domain.com going to resolve DNS queries for resources in child.domain.com? All you need to do is create a stub zone in domain.com for child.domain.com. That stub zone will grab the NS and A (glue) records of the DNS servers in child.domain.com, and will use those to resolve queries for that domain.

Mishra

Q: What exactly is a DNS Stub Zone and why would you need one?
A: A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. Here is an example stub zone scenario from the Windows Server 2003 DNS Help topic "Understanding stub zones.": A DNS server authoritative for the parent zone, example.com, has delegated a subdomain, widgets.example.com, to separate DNS servers. When the delegation for the domain widgets.example.com was originally performed, the parent zone contained only two NS records for the widgets.example.com zone's authoritative DNS servers. Later, administrators of the child zone configured additional DNS servers as authoritative for the zone but did not notify the administrators of the DNS server hosting the parent zone, example.com. As a result, the DNS server hosting the parent zone, example.com, is unaware of the new DNS servers authoritative for its child zone, widgets.example.com, and continues to query the only two authoritative DNS servers of which it is aware. This situation is remedied by configuring the DNS server authoritative for the parent zone, example.com, to host a stub zone for the delegated domain, widgets.example.com. When the administrator of the authoritative DNS server for example.com updates the stub zone, it queries the stub zone's master servers to obtain the authoritative DNS server resource records for widgets.example.com. Consequently, the DNS server authoritative for the parent zone will learn about the new DNS servers authoritative for the widgets.example.com child zone and be able to perform recursion to all of the child zone's authoritative DNS servers.

Here is another good example.