Windows Server

Herm · Guest

Hello,

I am trying to create a STUB zone for my domain kelder.local.
When I try to finish this Windows tell me that the zone cannot be created!
The request is not supported! I try to create this STUB zone on advice of
Dr. Shinder before installing ISA Server 2004 firewall...

Can somebody help me ?

Thanks,
Herman

Dean Wells [MVP] · Guest

I would guess you're trying to AD integrate the stub zone into the
domain partition ... this is not supported until the domaun functional
level is set to 2. When creating the stub zone choose a different
replication scope or don't AD integrate it (or raise the domain
functional level but that requires planning in larger environments).

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

Herm wrote:

Herm · Guest

Dean,

Hmmmm... I have to check that!
What does it mean set the Domain functional to level 2 ?

What is the meaning of a STUB zone anyway? It may
sound weird, but the books are not particular clear to me...
Could you explain to me What a STUB zone really is about or
where I can find some clear explination?

Thanks again,
Herman F.

"Dean Wells [MVP]" <dwells@mask.msetechnology.com> schreef in bericht
news:eHZaSHe9EHA.2676@TK2MSFTNGP12.phx.gbl...

Kevin D. Goodknecht Sr. [ · Guest

In news:exyN3yo9EHA.1564@TK2MSFTNGP09.phx.gbl,
Herm <mighty_herm@hotmail.com> commented
Then Kevin replied below:

Herm · Guest

Kevin,

Thank you for your answer. Maybe i try to discribe the situation on our
server right now.

The server runs a domain called kantoor.local. The Local IP adres of the
server is 10.0.0.10. On the public NIC I have bound the ISP's IP address
84.25.x.x. In de DNS console there is a primary zone called kantoor.local.
Also I have created a reverse lookup zone for that domain. The forwarders
are those from the ISP 213.51.x.x (2x).

All is functioning well! Now what do ihave to do to make or add a STUB
Zone???
What is the risk of not create a Stub Zone related to configure ISA 2004???

Thanks,
Herman F.

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> schreef in bericht
news:euq53%23p9EHA.2680@TK2MSFTNGP09.phx.gbl...

Dean Wells [MVP] · Guest

Windows 2003's Active Directory supports the concept of domain and
forest functional levels. Functional levels are stored internally as a
number currently ranging from 0 through 2. The numbers are simplified
in the interface to a name (e.g. - Windows 2000 Native). The higher the
functional level, the more new features are engaged ... but at the
expense of backward compatibility in that we lose the ability to have
certain operating systems participating as domain controllers. The
lower the functional level, the less new features are active but the
domain or forest permits a larger variety of operating systems taking
the role of a domain controller (note that functional level do NOT
directly impact which operating systems are supported as domain
members).

As for stub zones, we'll need a bit of background info. before that one
can be easily understood -

DNS servers generally store a number of zones (zone = DNS database used
to hold domains and domain records) for which they can be considered an
authority (or authoritative). Simplified, this means that their
knowledge is deemed complete and accurate. A zone's start of authority
[SOA] is a DNS server that stores the writable copy of a particular zone
.... most non-MS DNS servers only support 1 writable copy of a particular
zone and lots of r/o copies, each of which is stored in a zone file).
Since these DNS servers are authoritative for only their own zones but
are still commonly expected to be capable of answering questions
(resolve queries) for domains that they do not store, a mechanism had to
be provided to allow this to occur. That mechanism (again simplified or
this post would become very long ;-) provides an out-of-the-box DNS
server with knowledge of the IP addresses of a number of other DNS
servers that store the beginning of the DNS world (or DNS namespace) ...
they are known as root servers. This does NOT mean that root servers
store every record for every zone everywhere, it simply means they
possess knowledge of the DNS servers that DO store the answer. Root
servers may know only of the top level DNS servers (com / org / net ...
etc.), who in turn know of the next level (microsoft.com / joeware.net
.... etc.).

So, for a DNS server (without a stub zone) to answer a first-time query
within a domain it does not store (say "www.joeware.net) it must first
ask the root servers, it receives only a list of DNS servers that store
the next level (i,.e - the ".net" component), it will then reiterate the
question against these nameservers who will provide a list of DNS
servers authoritative for "joeware.net", it must then reiterate the
question one last time against the "joeware.net" name servers, at this
point, the answer is returned ... that being one or more A records named
www.joeware.net that point to the IP addresses of Joe's web servers.

Stub zones allow your DNS server to store knowledge of _who_ stores
"joeware.net" (not a copy of the zone's content) thereby minimizing the
number of queries required to resolve a record for which it is not
authoritative because the steps involving the root servers and any other
interim name servers were removed.

HTH

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

Herm wrote:

Herb Martin · Guest

Kevin D. Goodknecht Sr. [ · Guest

In news:uXAoNDy9EHA.608@TK2MSFTNGP15.phx.gbl,
Herm <mighty_herm@hotmail.com> commented
Then Kevin replied below:

	Windows Server Forum Index -> DNS	All times are GMT
Page 1 of 1