Re: Cannot create STUB zone
From: Dean Wells [MVP] (dwells_at_mask.msetechnology.com)
Date: 01/10/05
- Next message: Herb Martin: "Re: Cannot create STUB zone"
- Previous message: Herm: "Re: Cannot create STUB zone"
- In reply to: Herm: "Re: Cannot create STUB zone"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 09:44:31 -0500
Windows 2003's Active Directory supports the concept of domain and
forest functional levels. Functional levels are stored internally as a
number currently ranging from 0 through 2. The numbers are simplified
in the interface to a name (e.g. - Windows 2000 Native). The higher the
functional level, the more new features are engaged ... but at the
expense of backward compatibility in that we lose the ability to have
certain operating systems participating as domain controllers. The
lower the functional level, the less new features are active but the
domain or forest permits a larger variety of operating systems taking
the role of a domain controller (note that functional level do NOT
directly impact which operating systems are supported as domain
members).
As for stub zones, we'll need a bit of background info. before that one
can be easily understood -
DNS servers generally store a number of zones (zone = DNS database used
to hold domains and domain records) for which they can be considered an
authority (or authoritative). Simplified, this means that their
knowledge is deemed complete and accurate. A zone's start of authority
[SOA] is a DNS server that stores the writable copy of a particular zone
... most non-MS DNS servers only support 1 writable copy of a particular
zone and lots of r/o copies, each of which is stored in a zone file).
Since these DNS servers are authoritative for only their own zones but
are still commonly expected to be capable of answering questions
(resolve queries) for domains that they do not store, a mechanism had to
be provided to allow this to occur. That mechanism (again simplified or
this post would become very long ;-) provides an out-of-the-box DNS
server with knowledge of the IP addresses of a number of other DNS
servers that store the beginning of the DNS world (or DNS namespace) ...
they are known as root servers. This does NOT mean that root servers
store every record for every zone everywhere, it simply means they
possess knowledge of the DNS servers that DO store the answer. Root
servers may know only of the top level DNS servers (com / org / net ...
etc.), who in turn know of the next level (microsoft.com / joeware.net
... etc.).
So, for a DNS server (without a stub zone) to answer a first-time query
within a domain it does not store (say "www.joeware.net) it must first
ask the root servers, it receives only a list of DNS servers that store
the next level (i,.e - the ".net" component), it will then reiterate the
question against these nameservers who will provide a list of DNS
servers authoritative for "joeware.net", it must then reiterate the
question one last time against the "joeware.net" name servers, at this
point, the answer is returned ... that being one or more A records named
www.joeware.net that point to the IP addresses of Joe's web servers.
Stub zones allow your DNS server to store knowledge of _who_ stores
"joeware.net" (not a copy of the zone's content) thereby minimizing the
number of queries required to resolve a record for which it is not
authoritative because the steps involving the root servers and any other
interim name servers were removed.
HTH
-- Dean Wells [MVP / Directory Services] MSEtechnology [[ Please respond to the Newsgroup only regarding posts ]] R e m o v e t h e m a s k t o s e n d e m a i l Herm wrote: > Dean, > > Hmmmm... I have to check that! > What does it mean set the Domain functional to level 2 ? > > What is the meaning of a STUB zone anyway? It may > sound weird, but the books are not particular clear to me... > Could you explain to me What a STUB zone really is about or > where I can find some clear explination? > > Thanks again, > Herman F. > > "Dean Wells [MVP]" <dwells@mask.msetechnology.com> schreef in bericht > news:eHZaSHe9EHA.2676@TK2MSFTNGP12.phx.gbl... >> I would guess you're trying to AD integrate the stub zone into the >> domain partition ... this is not supported until the domaun >> functional level is set to 2. When creating the stub zone choose a >> different replication scope or don't AD integrate it (or raise the >> domain functional level but that requires planning in larger >> environments). -- >> Dean Wells [MVP / Directory Services] >> MSEtechnology >> [[ Please respond to the Newsgroup only regarding posts ]] >> R e m o v e t h e m a s k t o s e n d e m a i l >> >> Herm wrote: >>> Hello, >>> >>> I am trying to create a STUB zone for my domain kelder.local. >>> When I try to finish this Windows tell me that the zone cannot be >>> created! The request is not supported! I try to create this STUB >>> zone on advice of Dr. Shinder before installing ISA Server 2004 >>> firewall... Can somebody help me ? >>> >>> Thanks, >>> Herman
- Next message: Herb Martin: "Re: Cannot create STUB zone"
- Previous message: Herm: "Re: Cannot create STUB zone"
- In reply to: Herm: "Re: Cannot create STUB zone"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
