Dns delegation vs Conditional forwarding
aconti
Hello, what is the difference between these 2 since they both enable
name resolution for the different domain.
Thank you
--
aconti
------------------------------------------------------------------------
aconti's Profile: http://forums.techarena.in/members/73272.htm
View this thread: http://forums.techarena.in/active-directory/1270149.htm
Chris Dent
The most important difference is that they do *not* both enable name
resolution within different domains.
A Delegation can only be set in a parent domain. For example, a
delegation for sub.domain.com can only be configured within domain.com.
Both "sub.domain.com" and "domain.com" are part of the same namespace
(domain.com).
Delegation is most heavily used for public name resolution where you have:
. (DNS Root) --Delegation--> .com --Delegation--> google.com
When a DNS server (your local DNS server, for example) performs a lookup
for google.com (and when it isn't using Forwarders) it will first ask
those responsible for ".", then ".com" and finally "google.com". This is
Iterative Name Resolution in response to a request for Recursion. Each
iteration follows a delegation from parent to child.
If you use forwarders (global not conditional) you hand that work off to
another server, sitting back to wait for the answer.
Conditional Forwarders cannot be used in this scenario, they are not
visible to a client performing a query (your local DNS Server is the
client in this situation). Any server using a Forwarder must support
requests for Recursion (it must perform name full name resolution on
behalf of the asker) or it won't return an answer at all.
Typical usage is something like this:
SomePC ---> LocalDNSServer ---> SomethingWithAForwarder
SomethingWithAForwarder does all the work and returns the response.
LocalDNSServer simply relays the answer back to the client.
SomethingWithAForwarder may be using conditional or global forwarders,
LocalDNSServer has no way of knowing.
Note that servers hosting public DNS zones will not, generally, support
Recursion. They will return the best answer they can (equivalent to "I
don't know, ask <delegate>").
If you are building a high-capacity / high-load distributed name
resolution system you should properly configure Delegations. Conditional
Forwarding increases the load on specific DNS Servers, countering the
point of delegating responsibility for zones.
HTH
Chris
Ace Fekay [MCT]
news:aconti...@DoNotSpam.com...
>
> Hello, what is the difference between these 2 since they both enable
> name resolution for the different domain.
>
> Thank you
>
>
> --
> aconti
Chris gave you a great overall view of the differences. My only addition is
that it I would suggest delegation for child domains within the same forest,
but Conditional Forwarding to a partner organization's DNS in a scenario
with a trust or even non-trust, but need to resolve a partner org resources,
such as having a VPN between the two orgs.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
aconti
Thank you just as an example if I have test.com and a subdomain hosted
on a another server north.test.com
In this case I have 2 options for name resolution in the other
domain...
1 Use conditional forwarding for the subdomain pointing to the
authoritative dns server
2 Delegate the sub domain on the test.com DC
For the end client will I not accomplish the same thing ?
Ace Fekay [MCT]
news:aconti...@DoNotSpam.com...
>
> on a another server north.test.com
>
> In this case I have 2 options for name resolution in the other
> domain...
>
> 1 Use conditional forwarding for the subdomain pointing to the
> authoritative dns server
>
> 2 Delegate the sub domain on the test.com DC
>
> For the end client will I not accomplish the same thing ?
>
> Thank you
>
>
> --
> aconti
Yes and no because north.test.com is in the same namespace as test.com. If
it is a different namespace, loosely speaking (because north.test.com and
test.com can be in different namespaces), and depending on if north.test.com
is part of the test.com forest, the replication scope and/or whether
north.test.com is an actual child zone is under the test.com zone. To
simplify it, within the same forest , you want to delegate the "north"
portion of the test.com zone to a DNS server in the child domain.
Conditional Forwarding is not normally used in this respect.
Ace
aconti
Hello,
so what if we compare them to a stub zone
Zone delegation is used when you have a secondary dns server zone
north.test.com and you delegate the zone on test.com so that it can
point to the north.test.com dns servers
Conditional forwarding is used when you have 2 different domain or
forests trees and you configure conditional forwarding from one sub
domain to another to make dns resolution faster and causing less
traffic.
Stub zone can also be used instead of conditional forwarding but what
are the differences, I know that stub zone will create a zone with the
authoritative SOA, NS and their IPs so that agian like conditional
forwarding will point to the right dns server
Pls correct me if I am wrong
Thank you again
Ace Fekay [MCT]
"aconti" <aconti...@DoNotSpam.com> wrote in message
news:aconti...@DoNotSpam.com...
>
>
> so what if we compare them to a stub zone
>
> Zone delegation is used when you have a secondary dns server zone
> north.test.com and you delegate the zone on test.com so that it can
> point to the north.test.com dns servers
>
> Conditional forwarding is used when you have 2 different domain or
> forests trees and you configure conditional forwarding from one sub
> domain to another to make dns resolution faster and causing less
> traffic.
>
> Stub zone can also be used instead of conditional forwarding but what
> are the differences, I know that stub zone will create a zone with the
> authoritative SOA, NS and their IPs so that agian like conditional
> forwarding will point to the right dns server
>
> Pls correct me if I am wrong
>
> Thank you again
>
>
> --
> aconti
A stub is a reference only to the nameservers of the zone that's stubbed (so
to speak). It acts like a zone transfer from the zone, so for a stub to
work, the other party would have to allow zone transfers. You can use a stub
instead of a conditional forwarder to a partner organization. My preference
is a Conditional Forwarder, which also works if the partner org will not
allow zone transfers.
Delegation is delegating administration, SOA, etc, to a child portion of the
namespace, such as within a forest (AD related). Without AD, say you have a
zone called domain.com, and a child zone called child1.domain.com in a
remote location. The child1 folks have control of their whole infrastructure
with their own admins, etc, as well as you want to keep query traffic to a
minimal across the WAN link. So I would delegate the child1 zone from
domain.com zone, so this way the child1 DNS servers are SOA for
child1.domain.com. This way any queries to the child1 zone will get sent to
the delgated DNS servers. Also in this scenario, you would configure a
forwarder (not a Conditional Forwarder) from the child1 DNS servers to the
parent DNS servers.
Ace