Stub Zone

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello.

I have two sites, one in Detroit and one in Chicago. Each site is running
Windows 2000 Server, SP4. Both servers provide DNS services for the
respective site, forwarding reuests to third party DNS servers for all other
requests. The two sites are connected via a VPN, established using a
Smoothwall firewall deployed at each site.

I would like to establish a two-way trust between the sites, however due to
the network setup, neither site is capable of seeing the other via browsing.
You can, of course, map to specific resources as long as you know the IP
address of the box in question. It is my understanding that I could
facilitate site to site name resolution by utilizing stub zones on each sites
DNS server. However, it does not appear that Windows 2000 DNS supports stub
zones, though Windows 2003 DNS does.

Is it possible to configure Windows 2000 DNS to utilize stub zones? If not
is there another way to accomplish my goal? I will willingly admit to not
being a DNS guru, and would greatly appreciate any help.

Thanks!
5
answers
Last reply
More about stub zone
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:A45CF61D-952C-40A7-880B-B08FD28BD810@microsoft.com,
    JLP <JLP@discussions.microsoft.com> made this post, which I then commented
    about below:
    > Hello.
    >
    > I have two sites, one in Detroit and one in Chicago. Each site is
    > running Windows 2000 Server, SP4. Both servers provide DNS services
    > for the respective site, forwarding reuests to third party DNS
    > servers for all other requests. The two sites are connected via a
    > VPN, established using a Smoothwall firewall deployed at each site.
    >
    > I would like to establish a two-way trust between the sites, however
    > due to the network setup, neither site is capable of seeing the other
    > via browsing. You can, of course, map to specific resources as long
    > as you know the IP address of the box in question. It is my
    > understanding that I could facilitate site to site name resolution by
    > utilizing stub zones on each sites DNS server. However, it does not
    > appear that Windows 2000 DNS supports stub zones, though Windows 2003
    > DNS does.
    >
    > Is it possible to configure Windows 2000 DNS to utilize stub zones?
    > If not is there another way to accomplish my goal? I will willingly
    > admit to not being a DNS guru, and would greatly appreciate any help.
    >
    > Thanks!

    Stub zones are for specific scenarios that warrant such a configuration.
    Stubs, although not supported in Win2000,which you have, is a preferred
    alternate to using delegation for child domains.

    If your two Sites are of the same domain, meaning both DCs in both sites
    belong to the same domain, then I don't understand why you want to establish
    a trust, since that is already created by default.

    Maybe you can elaborate specifically on your infrastructure's configuration,
    such as are they in the same domain, different domains in different forests,
    or is one a child of the other, or if the same domain, are the zones AD
    integrated, etc.

    As for "browsing", such as in Network Neighborhood, that is based on the
    Browser services, which relies on NetBIOS.However, NetBIOS does not traverse
    routers. To achieve the ability for NetBIOS resolution to traverse, you will
    need WINS. And yes, if the two sites are completely different domains in
    different forests, then NTLM authentication (totally based on NetBIOS), will
    be needed to construct a trust, herefore will *require* WINS.


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    JLP <JLP@discussions.microsoft.com> wrote:
    > Hello.
    >
    > I have two sites, one in Detroit and one in Chicago. Each site is
    > running Windows 2000 Server, SP4. Both servers provide DNS services
    > for the respective site, forwarding reuests to third party DNS
    > servers for all other requests. The two sites are connected via a
    > VPN, established using a Smoothwall firewall deployed at each site.
    >
    > I would like to establish a two-way trust between the sites, however
    > due to the network setup, neither site is capable of seeing the other
    > via browsing. You can, of course, map to specific resources as long
    > as you know the IP address of the box in question. It is my
    > understanding that I could facilitate site to site name resolution by
    > utilizing stub zones on each sites DNS server. However, it does not
    > appear that Windows 2000 DNS supports stub zones, though Windows 2003
    > DNS does.
    >
    > Is it possible to configure Windows 2000 DNS to utilize stub zones?
    > If not is there another way to accomplish my goal? I will willingly
    > admit to not being a DNS guru, and would greatly appreciate any help.

    Windows 2000 does not support stub zones, you will have to use secondary
    zones.

    For Network Places browsing that is not done through AD, you need a WINS
    server at each site replicating with each other.

    If you publish all your shared resources in Active Directory, you can get
    away without using WINS. But, the shared resources must use FQDN, which is
    pretty easy if you publish your shared resources in AD. Both Win2k and XP
    allow easy searching of Active Directory for shared resources.

    HOW TO Create a Container to List Printers in Active Directory:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;303161

    HOW TO Publish Printers in Active Directory in Windows 2000:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;321837

    How to View Printer Objects in Active Directory:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;235925

    Publishing a Printer in Windows Active Directory:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;234619

    Publishing a Shared Folder in Windows 2000 Active Directory:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;234582


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Ace Fekay [MVP]" wrote:


    > Stub zones are for specific scenarios that warrant such a configuration.
    > Stubs, although not supported in Win2000,which you have, is a preferred
    > alternate to using delegation for child domains.
    >
    > If your two Sites are of the same domain, meaning both DCs in both sites
    > belong to the same domain, then I don't understand why you want to establish
    > a trust, since that is already created by default.
    >
    > Maybe you can elaborate specifically on your infrastructure's configuration,
    > such as are they in the same domain, different domains in different forests,
    > or is one a child of the other, or if the same domain, are the zones AD
    > integrated, etc.
    >
    > As for "browsing", such as in Network Neighborhood, that is based on the
    > Browser services, which relies on NetBIOS.However, NetBIOS does not traverse
    > routers. To achieve the ability for NetBIOS resolution to traverse, you will
    > need WINS. And yes, if the two sites are completely different domains in
    > different forests, then NTLM authentication (totally based on NetBIOS), will
    > be needed to construct a trust, herefore will *require* WINS.
    >
    >
    > --
    > Regards,
    > Ace
    >

    Hi Ace,

    I guess I should have elaborated more regarding site configuation. The two
    sites are running separate domains. This is not how I would have preferred
    things as both sites are for the same company and should in fact be the same
    domain. But, this is what I have in place. Both sites DNS servers are
    integrated with Active Directory.

    I was suspecting that I'd need to deploy WINS in order to get browsing to
    work the way I'd like. No big deal there, though it would be nice if there
    were a way to get Active Directory to do this without the need for WINS,
    mainly because I believe the fewer services you need to run, the better off
    you are. :-)

    After reading your reply, I suspect that my best course of action is simply
    to deploy WINS and leave DNS alone.

    Thanks for your help.
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Kevin D. Goodknecht Sr. [MVP]" wrote:


    > Windows 2000 does not support stub zones, you will have to use secondary
    > zones.
    >
    > For Network Places browsing that is not done through AD, you need a WINS
    > server at each site replicating with each other.
    >
    > If you publish all your shared resources in Active Directory, you can get
    > away without using WINS. But, the shared resources must use FQDN, which is
    > pretty easy if you publish your shared resources in AD. Both Win2k and XP
    > allow easy searching of Active Directory for shared resources.
    >
    > HOW TO Create a Container to List Printers in Active Directory:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;303161
    >
    > HOW TO Publish Printers in Active Directory in Windows 2000:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;321837
    >
    > How to View Printer Objects in Active Directory:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;235925
    >
    > Publishing a Printer in Windows Active Directory:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;234619
    >
    > Publishing a Shared Folder in Windows 2000 Active Directory:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;234582
    >
    >

    Hi Kevin,


    Thanks for replying. I'll give the linked Kbase articles a look.
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:04773459-22F8-4DAF-ABBD-1E5C9BF14F9E@microsoft.com,
    JLP <JLP@discussions.microsoft.com> made this post, which I then commented
    about below:
    > "Ace Fekay [MVP]" wrote:
    >
    >
    >> Stub zones are for specific scenarios that warrant such a
    >> configuration. Stubs, although not supported in Win2000,which you
    >> have, is a preferred alternate to using delegation for child domains.
    >>
    >> If your two Sites are of the same domain, meaning both DCs in both
    >> sites belong to the same domain, then I don't understand why you
    >> want to establish a trust, since that is already created by default.
    >>
    >> Maybe you can elaborate specifically on your infrastructure's
    >> configuration, such as are they in the same domain, different
    >> domains in different forests, or is one a child of the other, or if
    >> the same domain, are the zones AD integrated, etc.
    >>
    >> As for "browsing", such as in Network Neighborhood, that is based on
    >> the Browser services, which relies on NetBIOS.However, NetBIOS does
    >> not traverse routers. To achieve the ability for NetBIOS resolution
    >> to traverse, you will need WINS. And yes, if the two sites are
    >> completely different domains in different forests, then NTLM
    >> authentication (totally based on NetBIOS), will be needed to
    >> construct a trust, herefore will *require* WINS.
    >>
    >>
    >> --
    >> Regards,
    >> Ace
    >>
    >
    > Hi Ace,
    >
    > I guess I should have elaborated more regarding site configuation.
    > The two sites are running separate domains. This is not how I would
    > have preferred things as both sites are for the same company and
    > should in fact be the same domain. But, this is what I have in
    > place. Both sites DNS servers are integrated with Active Directory.
    >
    > I was suspecting that I'd need to deploy WINS in order to get
    > browsing to work the way I'd like. No big deal there, though it
    > would be nice if there were a way to get Active Directory to do this
    > without the need for WINS, mainly because I believe the fewer
    > services you need to run, the better off you are. :-)
    >
    > After reading your reply, I suspect that my best course of action is
    > simply to deploy WINS and leave DNS alone.
    >
    > Thanks for your help.

    WINS is the answer to cross subnet browsing. Browsing has nothing to do with
    DNS.

    As far as AD, Kevin mentioned publishing. This won't show up in the
    neighborhood, but one can search AD for anything published.

    But publishing, printers on a Win2000 or newer machine will auto-bpublish
    when you share the printer. For other objects, such as shares, they would
    need to be done manually or scripted.

    Ace
Ask a new question

Read More

Windows 2000 DNS Servers Windows