Zone Delegation

Its been a long time since I took the 291 exam, and I don't really work with enterprises who have large domains, so I need some help understanding zone delegation again. Most of the AD work I do, is not related to DNS, but rather GPO and object management (file shares, user accounts etc.)

A simple question to start with, can you divide the namespace and make additional zones, without making subdomains?

Because if there are subdomains, then I just don't understand the purpose of delegations? This is all just very confusing to me.

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

Essendon

I'll try to explain this as well as I can. Some of these DNS concepts sure are quite confusing, so you are not alone!

Why would you do zone delegation?

One, if you want to divide a larger zone into smaller zones to improve name resolution (or do load balancing) and fault tolerance.
Two, if your company is opening a branch big enough to warrant having its own DNS server, instead of traversing a link for name resolution.

As an example, say there's a big zone called company.com with child domains one.company.com and two.company.com. A DNS server called NS1 is the server authoritative for the entire infrastructure. Users complain about name resolution being slow. To alleviate this problem, you set up 2 DNS servers, one in the one.company.com subdomain and the other in the two.company.com subdomain. Now you will need delegation records on the DNS servers for these subdomains that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and provide correct referral to other DNS servers and clients of the new servers being made authoritative for the new zone. Additionally, in the parent domain, you'll need an NS record and an A record of the DNS servers of the subdomains.

Hope this helps! Read this link for more info.

Dracula28

Essendon wrote: »

One, if you want to divide a larger zone into smaller zones to improve name resolution (or do load balancing) and fault tolerance.

Thanks for the explanation. I was just wondering about this part, if you want to divide a larger zone into smaller zones, do you have to create subdomains to do so, or can you just divide the zone and then append the dns suffix of the new zone to the computer's Host records in that zone?

What I mean is, if you have say three computers, and they all reside in contoso.com, they are called Server 1, Server 2, Server 3.

Since its a pretty large zone, you want to divide it into smaller zones, so you create a FLZ in Dns called west.contoso.com, and then you delete the host record for Server 3 in contoso.com, and create a host record for Server 3 in west.contoso.com

Is that possible? Dns Zones and AD domains are not the same, right? So it should be possible for computers in the contoso.com FLZ to locate server3.west.contoso.com, despite its name actually being server3.contoso.com in AD, right?

Dracula28

Also, in Sever 2008, you are able to delegation outside of your own namespace, which you were not able to do in Server 2003?