Stub zones and delegation


In this article I want to talk about stub zones and delegation. We will see what are the main principles behind these two concepts and how would you configure these features. A stub zone is a simple copy of a zone that contains only the basic records (SOA and NS). Stub zones are used to create a faster DNS response time because they contain the NS and SOA records of master zones that are authoritative for a certain zone. Imagine than if in a remote location you do not need to deploy a local DNS server but, you want clients to resolve names from the master zone, you would implement a stub zone which would sent queries to the authoritative master zone. A stub  zone can also be configured to inform the master zone of any name server that exists or is added in sub-domains by using zone transfers.
A delegation is a child-zone that is part of a parent zone which holds all its DNS information in a local server. Imagine you have the parent zone ppscu.com and a child-zone named europe.ppscu.com. If you’d deploy a DNS server for the child zone, you would normally create a delegation for this zone. The delegation is configured on the parent zone. When a request for a resource hosted on a child-zone is sent to the parent-zone and delegation is configured, the parent-zone will sent requests to the name server configured in the child-zone. In this case you would also deploy a stub zone (on the parent server) that will contain the NS records for the DNS servers in the child-domain. You should create a stub zone on the master zone for each child-zone so you provide a consistent naming resolution mechanism. This way, the master zone would be informed of all DNS servers that are authoritative for the child-zone. Remember that zone delegation is made only from the parent zone to the child zone.
To demonstrate the use of stub zones and delegation I will use two DNS servers named SRV1 and SRV4. On SRV1 I’ve already added a parent zone named ppscu.com:
Primary zone
On SRV2 I’ve created a child zone named europe.ppscu.com. This zone will be authoritative for europe.ppscu.com. On the primary server I will create a delegation for the second DNS server. Right click the parent zone and select new delegation, read the welcome screen and press next. In the following section specify the DNS domain that you wish to delegate and press next:
Creating a stub zone
In the Names Servers section you’ll have to add the FQDN of the DNS server authoritative for the child zone:
New delegation wizard
Now you’ve seen that the delegated zone has appeared in the parent-zone. The parent zone will contain the NS records for the DNS servers authoritative for the child-zone:
Delegated zone
Remember that with delegation configured, the parent zone will redirect name requests for europe.ppscu.com to SRV4. When you create a stub zone on the parent server, the parent zone will not only redirect requests to the child-zone but it will also receive updates with the new NS records created on the child-zone. Now let’s add a stub zone on the primary DNS server. Open the DNS console, right click the server’s name and click on new zone. From the new zone wizard select stub zone:
Creating a stub zone

 

Now press next and type in the child-zone name:
Creating a stub zone
In the last part of the new zone wizard add the FQDN of the DNS server/s authoritative for the child-zone. After the zone is added to our master server, open the DNS console to verify if the basic records have been added:
Stub zone
Now any record added in the child-zone will be resolved by anyone within the domain because the parent-zone is well informed of the DNS servers authoritative for the child-domain.
There aren’t many thing to say here folks, hope you’ve enjoyed this article. Please share your thoughts about this one and share it to others. Have a great day and stay tuned for the following articles.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s