What is stub Zone?
Stub Zone
A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone. A stub zone is practically used to resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone contains:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone.
Active Directory Integrated DNS Zone
An -Active Directory-integrated zone is a primary DNS zone that is stored in Active Directory . It does not contain data in DNS database. This zone is very secure because all data which replication from one domain controller to another domain controller’s database encrypted form hence nobody cannot read these data.It is an authoritative primary zone in which all of the zone data is stored in Active Directory. As mentioned previously, zone files are not used or necessary.
Integrating DNS with Active Directory produces the following additional benefits:
Directory replication is faster
AD-Integrated zone is replicated using Active Directory replication. Because Active Directory can compress replication data between sites and replicates data securely, hence DNS replication also becomes fast, secure and efficient. This works even over slow links.
Reduced Administrative Overhead
Anytime you can reduce the number of management consoles that you have to work with, you can reduce the amount of time needed to manage information. Without the advantage of consolidating the management of DNS and Active Directory in the same console, you would have to manage your Active Directory domains and DNS namespaces separately. Moreover, your DNS domain structure mirrors your Active Directory domains. Any deviation between Active Directory and DNS makes management more time-consuming and creates more opportunity for mistakes. As your network continues to grow and become more complex, managing two separate entities becomes more involved. Integrating Active Directory and DNS provides you with the ability to view and manage them together as a single entity.
Security
This main advantage of this zone is security . If secure dynamic update is enabled, only authorized clients can update their records in DNS zone which counters the issue of proxy records update.
Redundancy
AD-integrated zones provide redundancy thus, there’s no single point of failure in DNS design. With AD-integrated zones, since all DCs can write on zone hence there is no single point failure.
- New domain controller gets updated automatically without configuring zone transfer for it.
- In locations which are geographically apart, AD sites can be configured to control replication and schedule it during off hours. AD-integrated zone are also part of AD database so their replication also get controlled.
Create a stub zone
Via PowerShell
To create a stub zone, select the relevant method and follow the steps.
Here’s how to create a secondary DNS zone using the Add-DnsServerStubZone PowerShell command.
To add a stub zone for the west.windowstechno.local zone using the authoritative DNS server 192.168.1.37, run the following command:
Add-DnsServerStubZone -Name “west.windowstechno.local” -MasterServers “192.168.1.37 -PassThru -ZoneFile “west.windowstechno.local.dns”
Here’s how to create a stub zone up zone using DNS Manager.
-
From the Windows desktop, open the Start menu, select Windows Administrative Tools > DNS.
-
In the console tree, expand a DNS server then right-click, then select New Zone.
-
On the New Zone Wizard page, select Next.
-
On the Zone Type page, select Stub zone. If the DNS server is also an AD DS domain controller, you can store the zone information in Active Directory.
-
If you have chosen to store the zone data in AD DS, choose one of the following options:
- All DNS servers running on AD DS domain controllers in the forest.
- All DNS servers running on AD DS domain in the domain.
- All domain controllers in this domain (for Windows 2000 compatibility).
- All domain controllers enrolled in a specific directory partition.
-
Specify the zone name. For example,
west.windowstechno.local -
On the Master DNS Servers page, provide the IP address of a DNS server that is authoritative for the target zone. For example,
192.168.1.37. -
Select Finish on the Completing the New Zone Wizard.
So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!
Recommended contents
How to Check the Active Directory Database Integrity
Disabling and Enabling the Outbound Replication
DFS Replication Service Stopped Replication
What is Strict Replication Consistency
The replication operation failed because of a schema mismatch between the servers involved
Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers
How to export replication information in txt file
Repadmin Replsummary
Enabling the outbound replication
Disabling and enabling replication on schema master domain controller
How to enable strict replication consistency
How to prevent lingering objects replication in active directory
AD replication process overview
How to force active directory replication
Change notification in replication process
How to check replication partner for a specific domain controller
dcdiag test replications
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
