|
Home > Archive > microsoft.public.cert.exams.mcse > August 2002 > Question on DNS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| tanpoh 2002-08-14, 11:23 am |
| Can anybody help, I am quite confuse with the three type of DNS zone.
1) Active Directory-integrated zone, 2) Standard Primary zone & 3) Standard
Secondary zone.
I am not clear on whether a Active-integrated zone has a secondary DNS
zone?
I understand that the standard Primary DNS zone transfer data to the
standard secondary DNS zone.
| |
| Karim M Ladhu 2002-08-14, 11:23 am |
| The relation between a Primary and Secondary DNS Zone if you are
familiar with NT4 is pretty much like the relationship between a
Primary and Backup Domain Controller (PDC/BDC) Where the
Primary DNS Server contains the Master and only changeable version
of the database, which is then replicated to the Secondary Zone primarily
for Fault Tolerance, Load Balancing and Bandwidth Conservation.
Within an AD Intergrated zone, there is no Secondary Zone, all zones
are primary zones - this is known as a Multimaster Zone.
You also benefit from the Secure Update feature - which prevents
rogue machines taking over mappings from other machines.
Hope this helps,
Karim Ladhu
"tanpoh" <tnhin@singnet.com.sg> wrote in message
news:aje000$ivl$1@reader01.singnet.com.sg...
> Can anybody help, I am quite confuse with the three type of DNS zone.
>
> 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
Standard
> Secondary zone.
>
> I am not clear on whether a Active-integrated zone has a secondary DNS
> zone?
>
> I understand that the standard Primary DNS zone transfer data to the
> standard secondary DNS zone.
>
>
>
>
>
| |
| Roger Abell [MVP] 2002-08-14, 7:23 pm |
| Think of AD-integrated and standard as two types of
primary zone, with AD-integrated available only in an
MS environment on DCs.
Either type of primary may, but need not, have one or
more secondaries.
--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"tanpoh" <tnhin@singnet.com.sg> wrote in message
news:aje000$ivl$1@reader01.singnet.com.sg...
> Can anybody help, I am quite confuse with the three type of DNS zone.
>
> 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
Standard
> Secondary zone.
>
> I am not clear on whether a Active-integrated zone has a secondary DNS
> zone?
>
> I understand that the standard Primary DNS zone transfer data to the
> standard secondary DNS zone.
>
>
>
>
| |
|
| There is no secondary with AD integrated. They are multi master zones. It
keeps the info in AD and replicates it with the directory.
Jim
"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:#P75XF$QCHA.2520@tkmsftngp10...
> Think of AD-integrated and standard as two types of
> primary zone, with AD-integrated available only in an
> MS environment on DCs.
>
> Either type of primary may, but need not, have one or
> more secondaries.
>
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
> Associate Expert - Windows XP ExpertZone
> http://www.microsoft.com/windowsxp/expertzone
>
> "tanpoh" <tnhin@singnet.com.sg> wrote in message
> news:aje000$ivl$1@reader01.singnet.com.sg...
> > Can anybody help, I am quite confuse with the three type of DNS zone.
> >
> > 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
> Standard
> > Secondary zone.
> >
> > I am not clear on whether a Active-integrated zone has a secondary DNS
> > zone?
> >
> > I understand that the standard Primary DNS zone transfer data to the
> > standard secondary DNS zone.
> >
> >
> >
> >
>
>
| |
| Jeff Preou 2002-08-15, 12:23 am |
| That doesn't actually stop you from configuring a secondary zone,
though, does it ? If you wanted to. For some reason.
On Wed, 14 Aug 2002 19:38:38 -0700, "Jim" <junk@junk.com> wrote:
>There is no secondary with AD integrated. They are multi master zones. It
>keeps the info in AD and replicates it with the directory.
>
>Jim
>
>"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
>news:#P75XF$QCHA.2520@tkmsftngp10...
>> Think of AD-integrated and standard as two types of
>> primary zone, with AD-integrated available only in an
>> MS environment on DCs.
>>
>> Either type of primary may, but need not, have one or
>> more secondaries.
>>
>> --
>> Roger Abell
>> MS MVP (Windows Platform), MCSE, MCDBA
>> Associate Expert - Windows XP ExpertZone
>> http://www.microsoft.com/windowsxp/expertzone
>>
>> "tanpoh" <tnhin@singnet.com.sg> wrote in message
>> news:aje000$ivl$1@reader01.singnet.com.sg...
>> > Can anybody help, I am quite confuse with the three type of DNS zone.
>> >
>> > 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
>> Standard
>> > Secondary zone.
>> >
>> > I am not clear on whether a Active-integrated zone has a secondary DNS
>> > zone?
>> >
>> > I understand that the standard Primary DNS zone transfer data to the
>> > standard secondary DNS zone.
>> >
>> >
>> >
>> >
>>
>>
>
| |
|
| Well, if memory serves me right, you have to specify the primary zone when
you create the secondary, so if you did not create a primary, but created a
AD integrated zone instead, then you would not have anything to put in the
primary zone field when you tried to create the secondary zone. AD
integrated zones don't update secondary zones.
Jim
"Jeff Preou" <news@preou.com> wrote in message
news:4egmluc79qoppa89lm2c0ned4
jpl0dnism@4ax.com...
> That doesn't actually stop you from configuring a secondary zone,
> though, does it ? If you wanted to. For some reason.
>
>
> On Wed, 14 Aug 2002 19:38:38 -0700, "Jim" <junk@junk.com> wrote:
>
> >There is no secondary with AD integrated. They are multi master zones.
It
> >keeps the info in AD and replicates it with the directory.
> >
> >Jim
> >
> >"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> >news:#P75XF$QCHA.2520@tkmsftngp10...
> >> Think of AD-integrated and standard as two types of
> >> primary zone, with AD-integrated available only in an
> >> MS environment on DCs.
> >>
> >> Either type of primary may, but need not, have one or
> >> more secondaries.
> >>
> >> --
> >> Roger Abell
> >> MS MVP (Windows Platform), MCSE, MCDBA
> >> Associate Expert - Windows XP ExpertZone
> >> http://www.microsoft.com/windowsxp/expertzone
> >>
> >> "tanpoh" <tnhin@singnet.com.sg> wrote in message
> >> news:aje000$ivl$1@reader01.singnet.com.sg...
> >> > Can anybody help, I am quite confuse with the three type of DNS zone.
> >> >
> >> > 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
> >> Standard
> >> > Secondary zone.
> >> >
> >> > I am not clear on whether a Active-integrated zone has a secondary
DNS[c
olor=darkred]
> >> > zone?
> >> >
> >> > I understand that the standard Primary DNS zone transfer data to the
> >> > standard secondary DNS zone.
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >
>[/color]
| |
| Roger Abell [MVP] 2002-08-15, 2:23 am |
| One indicates whatever DC(s) that has(have) the zone
AD-integrated to be the master(s) for the secondary.
Like I said, think of AD-integrated and standard as
two differing forms of primary. IOW it is not that
> . . . so if you did not create a primary, but created a
> AD integrated zone instead
One defines a standard primary or an AD-integrated primary.
Either is a primary. Any primary can master to a secondary.
(BTW, a secondary can master to another secondary.)
Having secondaries of AD-integrated zones is very useful and
often done in larger environments. They do update secondaries.
The big difference is that if the zone has been AD-integrated
then if there are multiple DCs running DNS in that domain,
then you have multiple DNS servers that are primary for the
zone (that you could choose to use as a master to the secondary).
OK. Here is a question.
You have three domains in a forest.
The forest root has its own DNS zone AD-integrated
in its own DCs. The DNS zones for each of the child
domains have been delegated to the respective child
domain where they are each AD-integrated on the DCs
of their domain.
Now, the requirement (not necessarily a good one) is
that all DNS servers in the forest must hold copies of
all zones used by the forest. This way, every DNS
server will be able to immediately resolve any DNS
name used within the forest.
How can this be accomplished?
--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Jim" <junk@junk.com> wrote in message news:Os2gjICRCHA.1448@tkmsftngp11...
> Well, if memory serves me right, you have to specify the primary zone when
> you create the secondary, so if you did not create a primary, but created
a
> AD integrated zone instead, then you would not have anything to put in the
> primary zone field when you tried to create the secondary zone. AD
> integrated zones don't update secondary zones.
>
>
> Jim
>
> "Jeff Preou" <news@preou.com> wrote in message
> news:4egmluc79qoppa89lm2c0ned4
jpl0dnism@4ax.com...
> > That doesn't actually stop you from configuring a secondary zone,
> > though, does it ? If you wanted to. For some reason.
> >
> >
> > On Wed, 14 Aug 2002 19:38:38 -0700, "Jim" <junk@junk.com> wrote:
> >
> > >There is no secondary with AD integrated. They are multi master zones.
> It
> > >keeps the info in AD and replicates it with the directory.
> > >
> > >Jim
> > >
> > >"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> > >news:#P75XF$QCHA.2520@tkmsftngp10...
> > >> Think of AD-integrated and standard as two types of
> > >> primary zone, with AD-integrated available only in an
> > >> MS environment on DCs.
> > >>
> > >> Either type of primary may, but need not, have one or
> > >> more secondaries.
> > >>
> > >> --
> > >> Roger Abell
> > >> MS MVP (Windows Platform), MCSE, MCDBA
> > >> Associate Expert - Windows XP ExpertZone
> > >> http://www.microsoft.com/windowsxp/expertzone
> > >>
> > >> "tanpoh" <tnhin@singnet.com.sg> wrote in message
> > >> news:aje000$ivl$1@reader01.singnet.com.sg...
> > >> > Can anybody help, I am quite confuse with the three type of DNS
zone. [colo
r=darkred]
> > >> >
> > >> > 1) Active Directory-integrated zone, 2) Standard Primary zone & 3)
> > >> Standard
> > >> > Secondary zone.
> > >> >
> > >> > I am not clear on whether a Active-integrated zone has a secondary
> DNS
> > >> > zone?
> > >> >
> > >> > I understand that the standard Primary DNS zone transfer data to[/color]
the[c
olor=darkred]
> > >> > standard secondary DNS zone.
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >
> >
>
>[/color]
| |
| 70-228 2002-08-15, 3:23 am |
| "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> Having secondaries of AD-integrated zones is very useful and
He aint just whistling Dixie here. Win2k Standard Primary DNS is weak
security wise. You can't set ip ranges for updates and that sort of thing
like you can with Unix DNS (usually). The only was to get solid security
IMHO is AD integrated zones. If they couldn't update secondary zones frankly
I think many would find it hard to justify using Windows 2000 DNS at all...
| |
| Whatever 2002-08-15, 6:23 am |
| circa Wed, 14 Aug 2002 19:38:38 -0700, in
microsoft.public.cert.exam.mcse, Jim (junk@junk.com) said,
> There is no secondary with AD integrated.
>
That's untrue.
| |
| Whatever 2002-08-15, 6:23 am |
| circa Wed, 14 Aug 2002 23:08:48 -0700, in
microsoft.public.cert.exam.mcse, Jim (junk@junk.com) said,
>
> Well, if memory serves me right, you have to specify the primary zone when
> you create the secondary, so if you did not create a primary, but created a
> AD integrated zone instead, then you would not have anything to put in the
> primary zone field when you tried to create the secondary zone. AD
> integrated zones don't update secondary zones.
>
AD integrated DNS servers are completely capable of having standard
secondaries.
|
|
|
|
|