In this article I want to talk about stub zones and delegation. We will see what are the main principles behind these two concepts and how would you configure these features. A stub zone is a simple copy of a zone that contains only the basic records (SOA and NS). Stub zones are used to create a faster DNS response time because they contain the NS and SOA records of master zones that are authoritative for a certain zone. Imagine than if in a remote location you do not need to deploy a local DNS server but, you want clients to resolve names from the master zone, you would implement a stub zone which would sent queries to the authoritative master zone. A stub zone can also be configured to inform the master zone of any name server that exists or is added in sub-domains by using zone transfers.
A delegation is a child-zone that is part of a parent zone which holds all its DNS information in a local server. Imagine you have the parent zone ppscu.com and a child-zone named europe.ppscu.com. If you’d deploy a DNS server for the child zone, you would normally create a delegation for this zone. The delegation is configured on the parent zone. When a request for a resource hosted on a child-zone is sent to the parent-zone and delegation is configured, the parent-zone will sent requests to the name server configured in the child-zone. In this case you would also deploy a stub zone (on the parent server) that will contain the NS records for the DNS servers in the child-domain. You should create a stub zone on the master zone for each child-zone so you provide a consistent naming resolution mechanism. This way, the master zone would be informed of all DNS servers that are authoritative for the child-zone. Remember that zone delegation is made only from the parent zone to the child zone.
To demonstrate the use of stub zones and delegation I will use two DNS servers named SRV1 and SRV4. On SRV1 I’ve already added a parent zone named ppscu.com:
On SRV2 I’ve created a child zone named europe.ppscu.com. This zone will be authoritative for europe.ppscu.com. On the primary server I will create a delegation for the second DNS server. Right click the parent zone and select new delegation, read the welcome screen and press next. In the following section specify the DNS domain that you wish to delegate and press next:
In the Names Servers section you’ll have to add the FQDN of the DNS server authoritative for the child zone:
Now you’ve seen that the delegated zone has appeared in the parent-zone. The parent zone will contain the NS records for the DNS servers authoritative for the child-zone:
Remember that with delegation configured, the parent zone will redirect name requests for europe.ppscu.com to SRV4. When you create a stub zone on the parent server, the parent zone will not only redirect requests to the child-zone but it will also receive updates with the new NS records created on the child-zone. Now let’s add a stub zone on the primary DNS server. Open the DNS console, right click the server’s name and click on new zone. From the new zone wizard select stub zone:
Now press next and type in the child-zone name:
In the last part of the new zone wizard add the FQDN of the DNS server/s authoritative for the child-zone. After the zone is added to our master server, open the DNS console to verify if the basic records have been added:
Now any record added in the child-zone will be resolved by anyone within the domain because the parent-zone is well informed of the DNS servers authoritative for the child-domain.
There aren’t many thing to say here folks, hope you’ve enjoyed this article. Please share your thoughts about this one and share it to others. Have a great day and stay tuned for the following articles.