What is a stub zone?
Stub zones are a way for different DNS servers from different domains to communicate DNS information to each other. Technically speaking, a stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative DNS servers for that zone. When someone wants a resource on another DNS namespace, the user first queries his or her specified DNS server. If the DNS server (or any other DNS server on the domain) cannot resolve the query, the server sends its own query to the name servers specified by the stub zone.
Why are stub zones important?
Before a trust between two different domains in two different forests can be established, DNS must be configured between domains. Stub zones provide one solution for that.
How do I create a stub zone?
The following tutorial will tell you how to create a stub zone in Windows Server 2008 R2. In my tutorial I will reference three different servers on two different domains. All of the servers are Windows Server 2008 R2 with the Active Directoy Domain Services role and the DNS server role. Servers test1 and wg-dc2-2k8 are on the domain wgtesting.com. The server called dc1 is on the domain trusttest.com.
1. Log onto the first DNS server. Open the Server Manager administration tool and expand Forward Lookup Zones under DNS. For this tutorial test1 will be the first DNS server.
2. Right click inside of the Forward Lookup Zones area and select New Zone.
3. The New Zone Wizard will appear. Select Next.
4. A list of zones will appear. Select Stub Zone and then select Next. The option to store the stub zone in active directory will only be availabe if the DNS server is also a writable domain controller - test1 is a writable domain controller as well as a DNS server. This is useful for replicating the stub zone to other domain controllers in your network.
5. The next screen of the wizard asks how active directory will replicate the zone throughout your network. You can select whether to replicate the zone to domain controllers on the whole forest or to just domain controllers for the domain. If you did not select Store the zone in Active Directory in the last step, this step will not appear; instead you would go straight to step 6. Select an option and then select Next.
6. Here you specify a zone name. The name should simply be the name of the other domain you will be creating the stub zone for. Select Next after specifying a zone name.
7. In this step, you would specify the IP of the DNS server or servers from which you want to load the zone. The option Use the above servers to create a local list of master servers allows you to get a list of all other DNS servers. In other words, you do not have to put in the IP of every DNS server on the other domain as long as the one DNS server you specify here has a record of the other DNS servers. After specifying the IP of at least one DNS server on the other domain, select Next.
8. This is the last page of the New Zone Wizard. Verify your settings and select Finish.
9. Here you can see the contents of the stub zone. It simply contains the SOA (Start of authority) record, NS (name server) resource records, and the glue A resource records for the delegated zone.
That wraps it up. Creating a stub zone is a fairly straightforward process and can be the prerequisite to creating a trust between domains. Here are a few other things to look for after creating the stub zone.
Here I have logged onto the second domain controller/DNS server, wg-dc2-2k8, on the wgtesting.com domain. Because I selected the option for the stub zone to be stored in active directory in step 4, the zone was replicated from test1 to this server since they are both on the wgtesting.com domain.
For the purpose of later creating a trust, go ahead and create a stub zone on the other domain. Repeat steps 1-9 on the other domain’s DNS server. In this case, the server is dc1 on the domain trusttest.com.
Stub zones are a way for different DNS servers from different domains to communicate DNS information to each other. Technically speaking, a stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative DNS servers for that zone. When someone wants a resource on another DNS namespace, the user first queries his or her specified DNS server. If the DNS server (or any other DNS server on the domain) cannot resolve the query, the server sends its own query to the name servers specified by the stub zone.
Why are stub zones important?
Before a trust between two different domains in two different forests can be established, DNS must be configured between domains. Stub zones provide one solution for that.
How do I create a stub zone?
The following tutorial will tell you how to create a stub zone in Windows Server 2008 R2. In my tutorial I will reference three different servers on two different domains. All of the servers are Windows Server 2008 R2 with the Active Directoy Domain Services role and the DNS server role. Servers test1 and wg-dc2-2k8 are on the domain wgtesting.com. The server called dc1 is on the domain trusttest.com.
1. Log onto the first DNS server. Open the Server Manager administration tool and expand Forward Lookup Zones under DNS. For this tutorial test1 will be the first DNS server.
2. Right click inside of the Forward Lookup Zones area and select New Zone.
3. The New Zone Wizard will appear. Select Next.
4. A list of zones will appear. Select Stub Zone and then select Next. The option to store the stub zone in active directory will only be availabe if the DNS server is also a writable domain controller - test1 is a writable domain controller as well as a DNS server. This is useful for replicating the stub zone to other domain controllers in your network.
5. The next screen of the wizard asks how active directory will replicate the zone throughout your network. You can select whether to replicate the zone to domain controllers on the whole forest or to just domain controllers for the domain. If you did not select Store the zone in Active Directory in the last step, this step will not appear; instead you would go straight to step 6. Select an option and then select Next.
6. Here you specify a zone name. The name should simply be the name of the other domain you will be creating the stub zone for. Select Next after specifying a zone name.
7. In this step, you would specify the IP of the DNS server or servers from which you want to load the zone. The option Use the above servers to create a local list of master servers allows you to get a list of all other DNS servers. In other words, you do not have to put in the IP of every DNS server on the other domain as long as the one DNS server you specify here has a record of the other DNS servers. After specifying the IP of at least one DNS server on the other domain, select Next.
8. This is the last page of the New Zone Wizard. Verify your settings and select Finish.
9. Here you can see the contents of the stub zone. It simply contains the SOA (Start of authority) record, NS (name server) resource records, and the glue A resource records for the delegated zone.
That wraps it up. Creating a stub zone is a fairly straightforward process and can be the prerequisite to creating a trust between domains. Here are a few other things to look for after creating the stub zone.
Here I have logged onto the second domain controller/DNS server, wg-dc2-2k8, on the wgtesting.com domain. Because I selected the option for the stub zone to be stored in active directory in step 4, the zone was replicated from test1 to this server since they are both on the wgtesting.com domain.
For the purpose of later creating a trust, go ahead and create a stub zone on the other domain. Repeat steps 1-9 on the other domain’s DNS server. In this case, the server is dc1 on the domain trusttest.com.
No comments:
Post a Comment