Not sure which tab is being discussed, but, I can speak to zone xfers and SOA records...
As far as zone transfers and AD integrated DNS, it's not natively required. AD stores DNS records and zone config in either the Domain partition (under the System container, legacy Win2k behavior), or in one or more separate application partitions. Application partitions replicate independently of the domain partition and can contain DCs across domains within a forest. The two you're used to seeing are DomainDnsZones and ForestDnsZones. By default all DCs hosting DNS in the given domain are enlisted to replicate DomainDnsZones, and all DCs hosting DNS in the forest are enlisted for replicating ForestDnsZones. You can create your own partitions though if it made sense. I had a customer do this for example where they put all the reverse DNS zones in their own partition and replicated them only to DCs in hub site datacenters. You'd need to do dnscmd and possibly a bit of repadmin to set all this up. Now as far as zone transfers, with AD integrated zones the only time I see this is when you need to allow say some BIND or third party DNS have a copy of the zone in which case they'd be setup to be allowed to have zone transfers to them on the properties of the zone on the given servers which will master it. Sometimes you'll see AD DNS servers hosting secondary copies of zones hosted somewhere else in order to put the DNS data closer to the client. I try to shy away from this latter config (and the former really) as it starts making individual DCs have individualized configs which is a real PITA to manage. Speaking of zone transfers, one of my favorite interview questions is to ask what ports DNS uses... As far as the SOA record, the way things like dynamic DNS works is the client looks up the primary server for the zone (which is specified in the SOA record), and then contacts that server to register the DNS record. Since each copy of an AD Integrated DNS zone is writeable, it would make sense that each DC present itself as the "primary" server for that zone. With AD integrated DNS you shouldn't have to tinker with this at all, really. Hope this helps... Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, January 13, 2011 9:49 AM To: NT System Admin Issues Subject: Re: DNS question You're right -- it is only needed for non-AD servers. ASB (My Bio via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Thu, Jan 13, 2011 at 11:07 AM, Webster <[email protected]<mailto:[email protected]>> wrote: Several times I have had PSS (or whatever they are called now) tell me to check that box even for pure 2000/2003/2008 AD. I would think zone transfer would apply only if/when non AD DNS was involved in the mix. That is what I understand from what I have read on Technet. Just checked Brian's AD book and that tab is not mentioned. Webster From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Subject: Re: DNS question Zone transfers? Why are you configuring zone transfers on an AD-Integrated zone? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
