Random DNS question...
knownhero
Member Posts: 450
Hey Guys,
Was looking through old, old, OLD posts on this forum and came across someone that listed some questions but never gave an asnwer too. Just wondering if mine where right:
1) If you want to eliminate zone transfer traffic, what options do you have?
Conditional Forwarder
2) What is the difference between a standard and AD-integrated zone?
Dynamically updated
3) When would you choose a delegation over a stub zone?
If you want things done Dynamically you'd choose the Stub Zone
4) What is the advantage of a conditional forwarder?
Speed
Was looking through old, old, OLD posts on this forum and came across someone that listed some questions but never gave an asnwer too. Just wondering if mine where right:
1) If you want to eliminate zone transfer traffic, what options do you have?
Conditional Forwarder
2) What is the difference between a standard and AD-integrated zone?
Dynamically updated
3) When would you choose a delegation over a stub zone?
If you want things done Dynamically you'd choose the Stub Zone
4) What is the advantage of a conditional forwarder?
Speed
70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
MCSE - SharePoint 2013 :thumbup:
Road map 2017: JavaScript and modern web development
MCSE - SharePoint 2013 :thumbup:
Road map 2017: JavaScript and modern web development
Comments
2. SECURE dynamic update. NON-AD can still dynamically update, but it isn't secure (no DC to authenticate) so it is highly not recommended. Also, an AD integrated zone can have multiple primary zones, and rather than using zone transfers, the zone information will be transferred as part of the DC replication (which is apparently more efficient). Also remember, that you have 3 options of how to replicate the DNS information when AD integrated.
3. I'm still not positive on this myself.
4. Conditional forwarder is good at minimizing the WAN traffic. Rather than trying to keep an entire update of a zone on your lan, you can just redirect everyone over to where that zone is hosted. Takes the work off your local dc's and mininmizes your queries over the WAN.
I don't know how you can do this without manually updating each zone. Zone transfers are used to update the same zone across multiple servers. You can't forward a zone that a server is hosting to another server. You could also be referring to not hosting all zones on all servers and forwarding select domains to other servers. If so, you could use conditional forwarders, delegations, or stub zones.
You can perform dynamic updates with standard primary zones. AD-integrated zones allow secure dynamic updates and perform replication through AD replication instead of using zone transfers.
Yes, with delegations you have to manually update the name servers while stub zones will update themselves. Control vs. ease-of-use. If I remember right, delegations also have to follow the domain hierarchy while a stub zones can refer to any other domain. For example, instead of a.b.domain.com having to go up and down the hierarchy, and back, to resolve x.y.domain.com, you can just have a stub configured to contact those name servers directly.
If I had to use one word, I'd use "precision." This allows you to forward queries for specific domains to specific DNS servers. You might also see an increase in performance since you're offloading iterative queries to, say, an ISP DNS server, but that's a characteristic of forwarding in general. That's not what's unique about conditional forwarders.
Correct. You can only delegate down. To get back up you would use a forwarder.
I think what they mean by this is AD Integrated Zones, because the zone information is replicated along with AD technically there are no zone transfers.
Yes, but he was asking about traffic, which you'll still have regardless of the method in which it's transferred (albeit it's more efficient with AD).
Agreed, but the way I recall seeing questions phrased on test prep software was that using AD integrated zones eliminated zone transfer traffic because AD needed to replicate any way. But I think this comes down to what the person asking the question actually intends.
For this I did mean secure.. I missed it out
MCSE - SharePoint 2013 :thumbup:
Road map 2017: JavaScript and modern web development
You're playing the "Right way, wrong way, and one Microsoft way" card?
Kind of. It's not DNS zone xfer traffic, technically it's AD replication traffic.
Well why not? This is BS.
It is a very similar to the situation I had last night. A user calls in that she can't VPN. After some troubleshooting, she had a new laptop that wasn't connected to her wireless network. She just expected it to work...
Robert hordes all the magic and uses it for PoSh/SQL garbage...
A few years back I had a remote user complain that her laptop would not turn on. I asked her if she charged it with the ac adapter. She told me that she thought it was getting charged through the wireless network and she didn't think she had to plug it in to the wall. Seriously.
Not just speed, but management of traffic to a specific domain. For example, you want to make sure that when users visit yahoo.com they hit e.yahoo.com in the farm and not f.yahoo.com. I actually had to do this once.
Well it is wireless. Why would a laptop with wireless capabilities need to be plugged into the wall? Thats just stupid. Who was in charge of this false advertising?
You should have installed a plutonium battery in it that will power it for years, either that or it will blow up on her. And that is a risk I am willing to take.
I had a consultant once call up saying "We have moved all over servers to a new location and havent changed anything on our system, now we cant get email."
To which I replied. "You do know you now have new IP's. Id recommend checking your NAT"
30 minutes later.
Phone rings
"It's working" - Hang up
No thank you or anything
MCSE - SharePoint 2013 :thumbup:
Road map 2017: JavaScript and modern web development
She had cleaned around behind her computer and rearranged the wires. Her monitor was plugged up but nothing else. The power strip was plugged to itself and she claimed the computer was broke.
Oh I agree, and it makes me mad.
If a computer is a part of your job, you need to know how to use it. No, i dont expect you to administrate an AD domain or anything, but know where something like the start button is. Know how to turn the thing on and off, etc.
Thats like a mechanic not knowing how to use a socket wrench.
One of our "Professors" ( he teaches 70-640 class) recently asked me how did I reset a user account on Windows 2008R2 server install. I thought he is "testing me" at first, but after giving him step-by-step explanation I realized that he is not joking. His incompetence just insulted me. I got so angry that could not hold myself, told him to go f** himself. Now he is upset, and won't talk to me. I guess its time to look for another job.
But when you access locally, you get the most privileges. So if there is read/write on the share, but only read on the NTFS, you will get read/write. I called him out on this (wasn't positive, this was prior to any certification, but it just didn't sound right). So we debated in front of the class for 10 minutes, and he said that I was wrong.
This is a guy that claims to have MCSE, CCNA, and went to Chicago to get his MCITP:EA. Why he went to Chicago, I'm not sure. There are plenty of testing centers around us. (Didn't know better at the time). He claims to have taken 1 test each day of the week, failed one of them (because he spent the day before studying for the wrong test) so he then took that one again. So now he has an MCITP:EA (except he called it MCSE on 2008, again didn't question it because I had no idea)
The funny thing is, I have never seen proof of a single certification, he has all the MCSE books, but they are still in plastic wrap, and he is dumber than a box of rocks.
Brain **** much?
MCSE - SharePoint 2013 :thumbup:
Road map 2017: JavaScript and modern web development
Nope, pretty sure it is lies much. I don't even think a dumper could do that.