Active Directory DNS zones
Almost everyone who has played with Active Directory knows that DNS is important. In fact, DNS is so important to Active Directory that it simply is a must for Active Directory to work.
By default Active Directory creates a Active Directory integrated DNS zone. This is quite a clever method for replicating within an Active Directory domain as any changes to DNS are replicated to other DNS servers using Active Directory replication technology.
It also means that there is no such thing as a primary or secondary DNS server. A change can be made on any DNS server and that change will be replicated to the other DNS servers for that domain.
All well and good so far.
But take the following scenario that I wanted to setup:
A test network with Active Directory DNS intergrated zones.
A live network with Active Directory intergrated zones.
From the live network there needs to be resolution of servers in the test network and the test network servers need to re able to resolve things on the internet.
On the test network its quite possible to set the DNS forwarders to be the ISP's DNS servers but that would be a waste of bandwidth as the DNS server on the production network is already doing this task. Therefore the test network DNS server can have it's forwarders setup to use the production DNS servers.
The second problem is how do we get name resolution from the production network into the test network? There are two ways of doing this:
1. Create a stub zone
2. Create a secondary zone.
One of the neat things you can do even with Active Directory integrated zones is to create a secondary zone from an Active Directory zone. This allows for a read-only copy of that zone to exist on the production network. As soon as the Active Directory integrated copy is updated (via dynamic DNS for example) our secondary zone has a copy of that entry.
By default Active Directory creates a Active Directory integrated DNS zone. This is quite a clever method for replicating within an Active Directory domain as any changes to DNS are replicated to other DNS servers using Active Directory replication technology.
It also means that there is no such thing as a primary or secondary DNS server. A change can be made on any DNS server and that change will be replicated to the other DNS servers for that domain.
All well and good so far.
But take the following scenario that I wanted to setup:
A test network with Active Directory DNS intergrated zones.
A live network with Active Directory intergrated zones.
From the live network there needs to be resolution of servers in the test network and the test network servers need to re able to resolve things on the internet.
On the test network its quite possible to set the DNS forwarders to be the ISP's DNS servers but that would be a waste of bandwidth as the DNS server on the production network is already doing this task. Therefore the test network DNS server can have it's forwarders setup to use the production DNS servers.
The second problem is how do we get name resolution from the production network into the test network? There are two ways of doing this:
1. Create a stub zone
2. Create a secondary zone.
One of the neat things you can do even with Active Directory integrated zones is to create a secondary zone from an Active Directory zone. This allows for a read-only copy of that zone to exist on the production network. As soon as the Active Directory integrated copy is updated (via dynamic DNS for example) our secondary zone has a copy of that entry.
Labels: Technical
posted by Gary Williams at
Wednesday, July 05, 2006
0 Comments:
Post a Comment
<$I18N$LinksToThisPost>:
Create a Link
<< Home