Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, November 11, 2017 7:25 PM
Hi,
Can someone please explain to me what is the meaning of zone delegation without pointing me to different google searches. I would like that someone explain so that 5 years old child understand this and when should we create this or give the advantage to delegation before conditional forwarder or stub zone?
All replies (6)
Monday, November 13, 2017 6:38 AM | 1 vote
Hi,
Delegation - Similar to what the root servers do to the top level domains (com, org, net etc.). They "know" there's something down there, they "know" who's the DNS server that's holding that information. (i.e authoritive for that domain)
In order to delegate a domain, the DNS tha'ts delegating needs to hold the parent domain. For example, DNS holding the ab.abc.org zone CAN delegate to the sales sub-domain under ab.abc.org. It CANNOT delegate to the abc.com domain.
And they do not need the sub-domain's permissions to do that.
Stub Zone - Like in delegation, the DNS server "knows" there's something out there, and "knows" who's the DNS server that's authoritive for that domain. Like delegation, stub zones DO NOT REQUIRE the cooperation of the "other" DNS server.
Unlike delegation, the DNS tha'ts holding the stub zone does NOT need to hold the parent domain or any other domain for that matter. For example, DNS holding the ab.abc.org zone CAN have a stub zone to practically any other domain in the world, as long as the authoritive DNS of the "other" domain "knows" about this and authorizes the part-time zone transfer.
Conditional Forwarding - Like in delegation, the DNS server "knows" there's something out there, and "knows" who to forward the query to (this does NOT necessarily have to be the DNS server that's authoritive for that domain). Like with delegation, conditional forwarding does NOT require the cooperation of the "other" DNS server, and no zone transfer takes place.
Also, unlike delegation and just like with stub zones, the DNS that's holding the stub zone does NOT need to hold the parent domain or any other domain for that matter. For example, you can configure conditional forwarding of your queries to any DNS server in the world, as long as you think it "knows" better than you about a specific target domain.
Unlike regular forwarding, where ALL the queries that the DNS is not authoritive for or does not have information for in its cache are forwarded to ONE external DNS server (most likely - the ISP's DNS server), conditional forwarding is done for a specific domain. Just like stub zones, this allows much more flexibility between organizations that have some sort of relationship between them but without the need to establish any sort of replication between them.
There is a similar question with you,please refer to the following thread:
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, November 14, 2017 5:53 AM
Delegation means exactly what the word means if you look it up in the dictionary.
"the act of giving someone authority or responsibility"
If you delegate a zone, you are saying "Don't ask me, go over there and ask that server, it is responsible for this zone, not me."
Tuesday, November 14, 2017 9:21 AM
Thank you guys,
So let's say that I have 2 DNS servers DNS1 and DNS2. On my dns1 I have domain abc.com and on my second dns server cba.com. When I creating a delegation on dns1 does that mean that abc.com will have another dns as primary or I am specifying that cba.com is hosted on another server and if you need info look there? Why we need delegation when there is a 2 way trust in parent-child relationship? Why we need delegation? Does this only work when we have child domains?
Tuesday, November 14, 2017 10:39 AM
In your scenario, you are talking about stub zones because abc.com and cba.com don't have a parent-child relationship. Stub zones are also delegations but a delegation is thought of as something you do to manage child zones.
Say you have the zone abc.com on DNS1, but it's a delegation (stub zone) that tells the query to get information from DNS2. Both servers have the zone, so both are primary but one is a stub zone and the other has the entire zone information. The one with the entire zone information is the true primary. If it crashes, then the server with the stub zone is useless and the stub zone will eventually expire.
Trust relationships are Active Directory which is not the same as DNS.
The delegation of child zones means you don't have to keep the entire child zone on the parent server. For parent domains that have thousands of child domains and millions of records, this is very important.
Thursday, November 16, 2017 10:18 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, November 17, 2017 9:48 AM
Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].