Just finished the DNS chapter...

genXrcist

What a fun chapter that was! What makes this part difficult is that you not only have to learn the concepts and the how-to, but you have to learn a whole new set of vocabulary too!

Watched the CBT Nugget videos on DNS 1st and then carefully read through the entire chapter in my Sybex book. Walked through the scenario examples on my lab equipment and even setup/installed DNS.

Scored an 85% on the practice test and I'm feeling pretty good about it. I'll probably re-watch the videos again and then peruse the chapter 1 more time to really have a deep understanding.

From all the tips I've heard on TE this seems to be the area that one must know like the back of their hand. Thanks for the advice!

Mishra

DNS is definitely a must. Have you browsed through the technet articles by any chance?

aquageek

genXrcist wrote: »

What a fun chapter that was! What makes this part difficult is that you not only have to learn the concepts and the how-to, but you have to learn a whole new set of vocabulary too!

Oh my God, I know what you mean. I got totally lost in the dungeon of a chapter and had to battle a hoarde of word-demons to escape. I did however earn 2589 XP points and raise to a level 8 Cleric so I guess I can't complain too much.

Insane.

genXrcist

Mishra wrote: »

DNS is definitely a must. Have you browsed through the technet articles by any chance?

I had not but good idea for another great resource! I was also gonna check out that link dynamik posted just a few days ago, gotta find that one...

genXrcist

I found this on the Internet and thought it made a lot of sense. Just wanted to run it by the experts here to see if it holds water...

"Delegation - Similar to what the root servers do to the top level domains (com, org, net etc.). They "know" there's something down there, they "know" who's the DNS server that's holding that information (i.e authoritive for that domain), and that's about it.

In order to delegate a domain, the DNS tha'ts delegating needs to hold the parent domain. For example, DNS holding the petri.co.il zone CAN delegate to the sales sub-domain under petri.co.il. It CANNOT delegate to the cnn.com domain.

Oh, and they do not need the sub-domain's permissions to do that.

Stub Zone - Like in delegation, the DNS server "knows" there's something out there, and "knows" who's the DNS server that's authoritive for that domain. Like delegation, stub zones DO NOT REQUIRE the cooperation of the "other" DNS server.

Unlike delegation, the DNS tha'ts holding the stub zone does NOT need to hold the parent domain or any other domain for that matter. For example, DNS holding the petri.co.il zone CAN have a stub zone to practically any other domain in the world, as long as the authoritive DNS of the "other" domain "knows" about this and authorizes the part-time zone transfer.

Conditional Forwarding - Like in delegation, the DNS server "knows" there's something out there, and "knows" who to forward the query to (this does NOT necessarily have to be the DNS server that's authoritive for that domain). Like with delegation, conditional forwarding does NOT require the cooperation of the "other" DNS server, and no zone transfer takes place.

Also, unlike delegation and just like with stub zones, the DNS that's holding the stub zone does NOT need to hold the parent domain or any other domain for that matter. For example, you can configure conditional forwarding of your queries to any DNS server in the world, as long as you think it "knows" better than you about a specific target domain.

Unlike regular forwarding, where ALL the queries that the DNS is not authoritive for or does not have information for in its cache are forwarded to ONE external DNS server (most likely - the ISP's DNS server), conditional forwarding is done for a specific domain. Just like stub zones, this allows much more flexibility between organizations that have some sort of relationship between them but without the need to establish any sort of replication between them."

aquageek

genXrcist wrote: »

I found this on the Internet and thought it made a lot of sense. Just wanted to run it by the experts here to see if it holds water...

<Snip>

...need to establish any sort of replication between them."

That's a nice summary, thanks for posting it. I'd also like to know if it's accurate.

genXrcist

You're welcome! Perhaps this could be your Staff of Understanding. I played D&D back in the day but it's been so long that I can't even come up with a good analogy. Guess I just rolled a 1 huh? heh

As for the summary, I guess I thought I understood the three (even though my book doesn't talk about conditional forwards) but this really seems to click for me.

dynamik

I don't know what it's referring to with the part-time zone transfer for stub zones. All stubs use are the records for the NS servers, which are freely available anyway. The paragraph above it says that it does not require support of the other DNS server, so that seems contradictory.

With delegations, know that they must follow the hierarchy and the entries are manually configured. So you would use a delegation for a child domain where you wanted to have control over which name servers were used.

Stub zones automatically update the available name servers, which requires less maintenance but also gives you less control. These wouldn't work if you're afraid of unauthorized name servers popping up and want to only use the ones you specify. Stubs are also not restricted to the hierarchy, or even the domain. A practical use is that maybe you have child domains that are multiple levels deep, and you do not want a dns query to have to travel up and down the hierarchy, and then back again. You can create stub zones so that those child domains will query each others' name servers directly.

aquageek

(ooh, a Staff of Comprehension, I like that!)

So really all a stub zone contains is data that's a catalog of DNS servers?

dynamik

DNS Stub Zones in Windows Server 2003

Take a look at the second to the last image.

genXrcist

Thanks for the info Dynamik!