stub zones

marc-vazquez

In the DNS episode in MCSA Windows Server 2012 - 70-410 training you went over stub zones. The example you used for the remote corporate dns server was a private IP 10.1.1.201. How would my DNS server by able to use that number if it's somewhere out in the internet. Would I put in the other side public IP instead f 10.1.1.201?

Adam Gordon

Marc,

Great question about what can be a bit of a confusing topic sometimes. Let's see what we can do to help clarify for you.

The main answer has to do with two special kinds of Name Resolution records that are used with a Sub Zone; the Delegation and the Glue Record.

A delegation is an NS record in the parent zone that lists the name server authoritative for the delegated zone, while Glue Records are used with Stub Zones to provide 'A' records for the name server(s) that are authoritative for the delegated zone.

This article does a great job of breaking down all of the pieces and explaining every step to configure and use Stub Zones. Take a look and let me know if it helps to address your question and clears things up for you.

https://www.interfacett.com/blogs/how-to-configure-a-dns-stub-zone-in-windows-server/

Cheers,

Adam

marc-vazquez

Thank you Adam but it is still unclear if this is a Wan scenario or an internet scenario. So the example I would have would be I have a publisher that is not part of my lan or wan but on the internet. Can a Sub Zone be used in this scenario?

Mike Rodrick

@marc-vazquez

You are correct, it would not work with a private IP address if the DNS server was not on the local network. I used a private IP because all my VMs are on the same network.

The IP address for the master DNS server used when setting up a stub zone just needs to be reachable. So if you are setting up a stub zone to resolve names of an external business partner, you would need the public IP address of one of their DNS servers. If you were doing this internally, to speed up name resolution for a sub-domain for example, if the DNS server is on the same LAN, or reachable through a site-to-site VPN or something similar, than a private IP address will work fine.

So the short answer is you can use any IP address, public or private, when designating the master server for a stub zone, as long as the address is reachable by your DNS server.

Hope this helps, sorry for the confusion. Let me know if you have any other questions!

Mike

marc-vazquez

Mike thank you it completely answers the question.