Zone Transfers vs Zone Replication
Frank McElrath
for AD-integrated zones, whereas replication is for Standard zones?
Thanks for trying to straighten me out.
Chris Dent
AD Integrated Zones:
DNS information is stored in Active Directory and is replicated in the
same way as the other objects in your Directory (users, computers,
groups, etc, etc). DNS itself doesn't have a say in how that replication
occurs.
Standard Primary and Secondary Zones:
If you use standard zone files and wish to replicate information between
two servers you can use Zone Transfer. That can be a regular zone
transfer which copies everything in a zone, or an Incremental Zone
Transfer which tells the system asking for the zone about changes.
To perform a zone transfer you must have permission on the server you ask.
You can transfer information from the following zone types:
AD Integrated Primary
Standard Primary
Standard Secondary
In all cases the zone you transfer to will be Standard Secondary.
You can test this, running this in NsLookup will initiate a Zone
Transfer request:
nslookup
server SomePrimaryServer
ls -d somezone.com
HTH
Chris
Ace Fekay [MVP - Directory Services]
wrote:
Great explanation! Just to add...
Standard zones store data in text files, specifically in system32\dns
folder. This is what's being transferred during a zone transfer from
the Master (the Primary zone) to the Seconary(ies). This must all be
setup manually, and if there are many servers, it becomes a PITA (pain
in the butt) to deal with.
AD integrated is a great feature, since it is stored in the AD
database and follows AD's replication schedules. The zone
automatically appears on any DC with the zone's replication scope that
has DNS installed on it.
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Phillip Windell
"Chris Dent" <ch...@indented.null> wrote in message
news:e38jSqL4...@TK2MSFTNGP06.phx.gbl...
> Phillip Windell wrote:
>> "Ace Fekay [MVP - Directory Services]" <ace...@mvps.RemoveThisPart.org>
>> wrote in message > AD integrated is a great feature, since it is stored
>> in the AD
>>> database and follows AD's replication schedules. The zone
>>> automatically appears on any DC with the zone's replication scope that
>>> has DNS installed on it.
>>
>> I couldn't find any way to do that when I had to setup a Trust and have
>> the Domain Domains to be aware of each other's zones. I had to use
>> normal Zone transfers with a Standard non-AD Zone. I wanted to do it
>> with AD Rep because there were 5 DCs involved with the two Domians (3 DCs
>> in one, 2 DCs in the other). It looks like you can only do a Transfer
>> from an AD Zone,..but not into an AD Zone.
>>
>>
>
> AD replication is limited by the forest boundary, a trust represents a
> link to something outside of the forest so AD replication is out.
Ok, I see.
> You can only transfer into a Secondary Zones, and those cannot be AD
> Integrated so your choices for back in are somewhat limited. I can tell
> you how it could be scripted if you like? :)
Naw, don't worry about it. The project is almost behind me now
anyway,...and I hate scripting anything. I try to always avoid "scripts".
Call me lazy, but if I can't do it with a GUI then a developer didn't do
their job.
:-)
Thanks, Chris
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Phillip Windell
> database and follows AD's replication schedules. The zone
> automatically appears on any DC with the zone's replication scope that
> has DNS installed on it.
I couldn't find any way to do that when I had to setup a Trust and have the
Domain Domains to be aware of each other's zones. I had to use normal Zone
transfers with a Standard non-AD Zone. I wanted to do it with AD Rep
because there were 5 DCs involved with the two Domians (3 DCs in one, 2 DCs
in the other). It looks like you can only do a Transfer from an AD
Zone,..but not into an AD Zone.
Chris Dent
> "Ace Fekay [MVP - Directory Services]" <ace...@mvps.RemoveThisPart.org>
> wrote in message > AD integrated is a great feature, since it is stored in
> the AD
>> database and follows AD's replication schedules. The zone
>> automatically appears on any DC with the zone's replication scope that
>> has DNS installed on it.
>
> I couldn't find any way to do that when I had to setup a Trust and have the
> Domain Domains to be aware of each other's zones. I had to use normal Zone
> transfers with a Standard non-AD Zone. I wanted to do it with AD Rep
> because there were 5 DCs involved with the two Domians (3 DCs in one, 2 DCs
> in the other). It looks like you can only do a Transfer from an AD
> Zone,..but not into an AD Zone.
>
>
AD replication is limited by the forest boundary, a trust represents a
link to something outside of the forest so AD replication is out.
You can only transfer into a Secondary Zones, and those cannot be AD
Integrated so your choices for back in are somewhat limited. I can tell
you how it could be scripted if you like? :)
Chris
Ace Fekay [MVP - Directory Services, MCT]
For a trust, you also have the option of using AD integrated Stubs.
Each stub to point to the other's forest, and vice versa, unless I am
missing something with the final intention.
Ace
Jonathan de Boyne Pollard
Can someone help me understand the difference between these?
Your thinking is wrong. You have a false dichotomy. Database
replication is replication of the server's DNS database by whatever
means. There are various means. One of those means is the
"zone transfer" mechanism. Another is the replication mechanism
employed by Active Directory. For other DNS server softwares there are
yet further replication mechanisms, from replicating an SQL database to
rsyncing a text file. It all depends from what form of database the
(content) server's DNS data are stored in, and how that database is
replicated amongst multiple peer content servers. Microsoft's DNS
server supports storing data in "zone" files or in the Active Directory
database. Other DNS server softwares incorporate other database
mechanisms (such SQL databases, for example). Microsoft's DNS server
thus either uses "zone transfer" database replication, with the content
DNS servers placed in a master/slaves arrangement, or Active Directory's
(own, built-in) database replication mechanism, with the content DNS
servers in a multi-master arrangement.
One's DNS server determines what DNS database storage mechanisms are
available. What DNS database storage mechanism is chosen determines
how the DNS data are replicated amongst the databases of peer content
DNS servers. (It also determines what data are replicated.
Active Directory's replication mechanism supports replicating
information that the "zone transfer" mechanism has no facility for
replicating.)
Frank McElrath
"Jonathan de Boyne Pollard" <J.deBoynePoll...@NTLWorld.COM> wrote in message news:IU.D20100421.T...@J.de.Boyne.Pollard.localhost...
Phillip Windell
wrote in message news:gfpss51001liuphkd...@4ax.com...
I did non-AD Stubs first,..I didn't know they could be AD. But later I
needed resolution for more than what a Stub contained,..so I had to go with
full Secondaries. It all worked out ok,...we are on the tail-end of the
project now.
But when this one is done, there is a bigger one comming up in the Chicago
area. Sounds like a similar mess. One thing good about the incompetent and
the semi-competent,...they keep the competent employed,... :-)
(not claiming I am perfectly competent of course...)
Ace Fekay [MVP - Directory Services, MCT]
On Thu, 22 Apr 2010 13:53:35 -0500, "Phillip Windell"
<philw...@hotmail.com> wrote:
>"Ace Fekay [MVP - Directory Services, MCT]" <ace...@mvps.RemoveThisPart.org>
>wrote in message news:gfpss51001liuphkd...@4ax.com...
>> On Tue, 20 Apr 2010 14:13:50 -0500, "Phillip Windell"
>> <philw...@hotmail.com> wrote:
>> For a trust, you also have the option of using AD integrated Stubs.
>> Each stub to point to the other's forest, and vice versa, unless I am
>> missing something with the final intention.
>
>I did non-AD Stubs first,..I didn't know they could be AD. But later I
>needed resolution for more than what a Stub contained,..so I had to go with
>full Secondaries. It all worked out ok,...we are on the tail-end of the
>project now.
>
>But when this one is done, there is a bigger one comming up in the Chicago
>area. Sounds like a similar mess. One thing good about the incompetent and
>the semi-competent,...they keep the competent employed,... :-)
>
>(not claiming I am perfectly competent of course...)
It's a symbiotic relationshipe, and not talking about you, of course!
:-)
Ace