Archived from groups: microsoft.public.win2000.dns (
More info?)
In news:755a21c9.0406201004.651157eb@posting.google.com,
IanD <theredmiata@hotmail.com> posted their thoughts, then I offered mine
> All,
>
> We just converted all of your DNS zones to Active Directory Integrated
> and I have a question concerning Zone Transfers option for each zone.
> I understand that once you convert your zones to AD Integrated that
> all zone transfers are initiated via AD replication. If all DNS
> servers are also DC's and no secondary zones will be configured, what
> should the proper configuration be for the Zone Transfer options for
> each zone ?
>
> My assumption would be to allow zone transfers but only to the servers
> listed on the Name Servers tab.
>
> Thanks,
>
> Ian
In addition to Herb and Kevin's comments, just to point out, DNS zone data
can be stored in different numerous ways. Namely with Windows, it can be
either as a text file or in AD's database. As for the text file, that is one
way and that is the old 'normal' text file way to do it, and in Windows, the
zonename.dns file is where it's stored, specifically in the system32\dns
folder. Other DNS services have other methods of storing their data. With
Active Directory, there's now an option to store it in the actual physical
Active Directory database. Portions of this database gets replicated to all
domain controllers in a forest and other portions get replicated to just the
domain controllers in that specific domain that that specific domain
controller is a domain controller for.
The physical database is broken down 'logically' in 3 sections, or
'containters'. The Domain NC (NC = Name Container), Configuration Container
and the Schema Container. The Schema and Config Containers are forest wide.
All DCs get a copy of these guys. However, the Domain NC is ONLY replicated
to DCs in that specific domain that the DCs are a DC for. This is the
container that the zone gets stored in when you make the zone AD Integrated.
Therefore, this container gets replicated and is now available on any DC in
that domain. So therefore, if you opt to install DNS on a DC in that domain,
and then create your zone name and specifiy it as AD Integrated, the zone
data gets pulled from the database.
With WIndows 2000 AD, if you try it with a DC that belongs to another domain
in the forest, the zone doesn't exist. In that case, if you need to have
that zone available, or on any other DNS server for that matter, (Windows or
not), then you'll need to create the zone as a secondary zone and only then
you would need to allow zone transfer either to ALL or to just that specific
DC or put it in the Name Server tab, etc.
With Windows 2003 AD, there's a new option to allow to replicate the zone to
other domains' in the forest.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
Facebook
Twitter
Instagram