none
Stub Zone Vs Conditional forwarding

    問題

  • Hey,

    Assume this scenario : two companies have  an AD domain are Contoso.com and treyresearch.net respectively. For security policies treyresearch prohibits  the transfer of internal DNS zone data outside treyresearch.net network.Contoso users need to resolve names from treyresearch domain , what should I do? conditional forwarding or stub zone? and why?

    Thank in advance


    HkR

    2012年6月22日 下午 04:57

解答

  • In this scenario, the best choice is conditional forwarding.  The reason is simple, with conditional forwarding you are not exposing any part of the zone.  With stub zones, you do expose the NS records.  While you do not expose the entire zone with stub zones, you expose 0% of the zone when you implement conditional forwarding.

    In case you want to learn more about conditional forwarding...

    DNS Conditional Forwarding in 2008: Guide | Video


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • 已標示為解答 HkR IQ 2012年6月22日 下午 07:04
    2012年6月22日 下午 06:20
  • The result from the client's perspective that is making the request is the same.  However the name resolution process is different.

    Stub Zone scenario-

    1) when a client makes a request to the contoso.com DNS server and a stub zone exists for treyresearch.com, the DNS server sends back a referral to the DNS client.  The DNS client then sends a request to the treyresearch.com DNS servers based on the information it received back.

    Conditional Forwarding scenario-

    2) when a client makes a request to the contoso.com DNS server and conditional forwarding exists for treyresearch.com, the contoso.com DNS server will query the treyresearch.com DNS servers for the answer.  Once the contoso.com DNS server has the answer, it will provide the answer back to the DNS client that made the request.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • 已標示為解答 HkR IQ 2012年6月22日 下午 07:05
    2012年6月22日 下午 06:54

所有回覆

  • In this scenario, the best choice is conditional forwarding.  The reason is simple, with conditional forwarding you are not exposing any part of the zone.  With stub zones, you do expose the NS records.  While you do not expose the entire zone with stub zones, you expose 0% of the zone when you implement conditional forwarding.

    In case you want to learn more about conditional forwarding...

    DNS Conditional Forwarding in 2008: Guide | Video


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • 已標示為解答 HkR IQ 2012年6月22日 下午 07:04
    2012年6月22日 下午 06:20
  • Thanks Jorge Mederos

    but if I configure stub zone of treyresearch on DNS of contoso then any treyresearch queries made by contoso clients will forwarding  ,according to NS of stub zone,  to treyresearch dmain and this is the desire solution. Iam confusing  a bit.


    HkR

    2012年6月22日 下午 06:39
  • The result from the client's perspective that is making the request is the same.  However the name resolution process is different.

    Stub Zone scenario-

    1) when a client makes a request to the contoso.com DNS server and a stub zone exists for treyresearch.com, the DNS server sends back a referral to the DNS client.  The DNS client then sends a request to the treyresearch.com DNS servers based on the information it received back.

    Conditional Forwarding scenario-

    2) when a client makes a request to the contoso.com DNS server and conditional forwarding exists for treyresearch.com, the contoso.com DNS server will query the treyresearch.com DNS servers for the answer.  Once the contoso.com DNS server has the answer, it will provide the answer back to the DNS client that made the request.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • 已標示為解答 HkR IQ 2012年6月22日 下午 07:05
    2012年6月22日 下午 06:54
  • Thank you now i got it

    HkR

    2012年6月22日 下午 07:05