+ Reply to Thread
Results 1 to 25 of 25
  1. Senior Member knownhero's Avatar
    Join Date
    Jul 2008
    Location
    UK
    Posts
    433

    Certifications
    MCSE: SharePoint 2013, Productivity
    #1

    Default Random DNS question...

    Hey Guys,

    Was looking through old, old, OLD posts on this forum and came across someone that listed some questions but never gave an asnwer too. Just wondering if mine where right:

    1) If you want to eliminate zone transfer traffic, what options do you have?
    Conditional Forwarder

    2) What is the difference between a standard and AD-integrated zone?
    Dynamically updated

    3) When would you choose a delegation over a stub zone?
    If you want things done Dynamically you'd choose the Stub Zone

    4) What is the advantage of a conditional forwarder?
    Speed
    Last edited by knownhero; 07-13-2010 at 10:59 AM.
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013

    Road map 2017: JavaScript and modern web development

    Reply With Quote Quote  

  2. SS -->
  3. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #2
    1. Conditional forwarder would, but here is my question.

    2. SECURE dynamic update. NON-AD can still dynamically update, but it isn't secure (no DC to authenticate) so it is highly not recommended. Also, an AD integrated zone can have multiple primary zones, and rather than using zone transfers, the zone information will be transferred as part of the DC replication (which is apparently more efficient). Also remember, that you have 3 options of how to replicate the DNS information when AD integrated.

    3. I'm still not positive on this myself.

    4. Conditional forwarder is good at minimizing the WAN traffic. Rather than trying to keep an entire update of a zone on your lan, you can just redirect everyone over to where that zone is hosted. Takes the work off your local dc's and mininmizes your queries over the WAN.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #3
    Quote Originally Posted by knownhero View Post
    1) If you want to eliminate zone transfer traffic, what options do you have?
    Conditional Forwarder
    I don't know how you can do this without manually updating each zone. Zone transfers are used to update the same zone across multiple servers. You can't forward a zone that a server is hosting to another server. You could also be referring to not hosting all zones on all servers and forwarding select domains to other servers. If so, you could use conditional forwarders, delegations, or stub zones.

    Quote Originally Posted by knownhero View Post
    2) What is the difference between a standard and AD-integrated zone?
    Dynamically updated
    You can perform dynamic updates with standard primary zones. AD-integrated zones allow secure dynamic updates and perform replication through AD replication instead of using zone transfers.

    Quote Originally Posted by knownhero View Post
    3) When would you choose a delegation over a stub zone?
    If you want things done Dynamically you'd choose the Stub Zone
    Yes, with delegations you have to manually update the name servers while stub zones will update themselves. Control vs. ease-of-use. If I remember right, delegations also have to follow the domain hierarchy while a stub zones can refer to any other domain. For example, instead of a.b.domain.com having to go up and down the hierarchy, and back, to resolve x.y.domain.com, you can just have a stub configured to contact those name servers directly.

    Quote Originally Posted by knownhero View Post
    4) What is the advantage of a conditional forwarder?
    Speed
    If I had to use one word, I'd use "precision." This allows you to forward queries for specific domains to specific DNS servers. You might also see an increase in performance since you're offloading iterative queries to, say, an ISP DNS server, but that's a characteristic of forwarding in general. That's not what's unique about conditional forwarders.
    Reply With Quote Quote  

  5. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #4
    Quote Originally Posted by dynamik View Post
    If I remember right, delegations also have to follow the domain hierarchy while a stub zones can refer to any other domain. For example, instead of a.b.domain.com having to go up and down the hierarchy, and back, to resolve x.y.domain.com, you can just have a stub configured to contact those name servers directly.
    Correct. You can only delegate down. To get back up you would use a forwarder.
    Reply With Quote Quote  

  6. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #5
    Quote Originally Posted by dynamik View Post
    I don't know how you can do this without manually updating each zone. Zone transfers are used to update the same zone across multiple servers. You can't forward a zone that a server is hosting to another server. You could also be referring to not hosting all zones on all servers and forwarding select domains to other servers. If so, you could use conditional forwarders, delegations, or stub zones.
    I think what they mean by this is AD Integrated Zones, because the zone information is replicated along with AD technically there are no zone transfers.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #6
    Quote Originally Posted by RobertKaucher View Post
    I think what they mean by this is AD Integrated Zones, because the zone information is replicated along with AD technically there are no zone transfers.
    Yes, but he was asking about traffic, which you'll still have regardless of the method in which it's transferred (albeit it's more efficient with AD).
    Reply With Quote Quote  

  8. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #7
    Quote Originally Posted by dynamik View Post
    Yes, but he was asking about traffic, which you'll still have regardless of the method in which it's transferred (albeit it's more efficient with AD).
    Agreed, but the way I recall seeing questions phrased on test prep software was that using AD integrated zones eliminated zone transfer traffic because AD needed to replicate any way. But I think this comes down to what the person asking the question actually intends.
    Reply With Quote Quote  

  9. Senior Member knownhero's Avatar
    Join Date
    Jul 2008
    Location
    UK
    Posts
    433

    Certifications
    MCSE: SharePoint 2013, Productivity
    #8
    Originally Posted by knownhero View Post
    2) What is the difference between a standard and AD-integrated zone?
    Dynamically updated
    For this I did mean secure.. I missed it out
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013

    Road map 2017: JavaScript and modern web development

    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #9
    Quote Originally Posted by RobertKaucher View Post
    Agreed, but the way I recall seeing questions phrased on test prep software was that using AD integrated zones eliminated zone transfer traffic because AD needed to replicate any way. But I think this comes down to what the person asking the question actually intends.
    You're playing the "Right way, wrong way, and one Microsoft way" card?
    Reply With Quote Quote  

  11. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #10
    Quote Originally Posted by dynamik View Post
    You're playing the "Right way, wrong way, and one Microsoft way" card?
    Kind of. It's not DNS zone xfer traffic, technically it's AD replication traffic.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #11
    Yes, but it still increases AD replication traffic with DNS zone information. If bandwidth is a concern, the information doesn't just magically propagate. Granted, compression is used when replicating AD between sites, so there should be less of a hit.
    Reply With Quote Quote  

  13. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #12
    Quote Originally Posted by dynamik View Post
    the information doesn't just magically propagate.
    Well why not? This is BS.

    It is a very similar to the situation I had last night. A user calls in that she can't VPN. After some troubleshooting, she had a new laptop that wasn't connected to her wireless network. She just expected it to work...
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #13
    Quote Originally Posted by Devilsbane View Post
    Well why not? This is BS.
    Robert hordes all the magic and uses it for PoSh/SQL garbage...
    Reply With Quote Quote  

  15. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #14
    Quote Originally Posted by Devilsbane View Post
    Well why not? This is BS.

    It is a very similar to the situation I had last night. A user calls in that she can't VPN. After some troubleshooting, she had a new laptop that wasn't connected to her wireless network. She just expected it to work...
    A few years back I had a remote user complain that her laptop would not turn on. I asked her if she charged it with the ac adapter. She told me that she thought it was getting charged through the wireless network and she didn't think she had to plug it in to the wall. Seriously.
    Reply With Quote Quote  

  16. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #15
    Quote Originally Posted by knownhero View Post
    4) What is the advantage of a conditional forwarder?
    Speed
    Not just speed, but management of traffic to a specific domain. For example, you want to make sure that when users visit yahoo.com they hit e.yahoo.com in the farm and not f.yahoo.com. I actually had to do this once.
    Reply With Quote Quote  

  17. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #16
    Quote Originally Posted by phoeneous View Post
    A few years back I had a remote user complain that her laptop would not turn on. I asked her if she charged it with the ac adapter. She told me that she thought it was getting charged through the wireless network and she didn't think she had to plug it in to the wall. Seriously.
    Well it is wireless. Why would a laptop with wireless capabilities need to be plugged into the wall? Thats just stupid. Who was in charge of this false advertising?

    You should have installed a plutonium battery in it that will power it for years, either that or it will blow up on her. And that is a risk I am willing to take.
    Reply With Quote Quote  

  18. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #17
    Quote Originally Posted by Devilsbane View Post
    Well it is wireless. Why would a laptop with wireless capabilities need to be plugged into the wall? Thats just stupid. Who was in charge of this false advertising?

    You should have installed a plutonium battery in it that will power it for years, either that or it will blow up on her. And that is a risk I am willing to take.
    I once had a lady that moved her own computer to another office. But she called when it would not turn on. I asked if she was certain everything was plugged in properly. She said she was so I went to her desk. She had plugged her surge protector into itself. She asked me, "Why is it called a powerstrip if it can't power the computer?"
    Reply With Quote Quote  

  19. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #18
    lol, some people are so computer illiterate, it makes you wonder how they even do their jobs. It doesn't take much, I am really being too demanding by expecting that you know where your start button is?
    Reply With Quote Quote  

  20. Senior Member knownhero's Avatar
    Join Date
    Jul 2008
    Location
    UK
    Posts
    433

    Certifications
    MCSE: SharePoint 2013, Productivity
    #19
    Quote Originally Posted by Devilsbane View Post
    lol, some people are so computer illiterate, it makes you wonder how they even do their jobs. It doesn't take much, I am really being too demanding by expecting that you know where your start button is?
    I had a consultant once call up saying "We have moved all over servers to a new location and havent changed anything on our system, now we cant get email."

    To which I replied. "You do know you now have new IP's. Id recommend checking your NAT"

    30 minutes later.

    Phone rings

    "It's working" - Hang up

    No thank you or anything
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013

    Road map 2017: JavaScript and modern web development

    Reply With Quote Quote  

  21. Still a noob earweed's Avatar
    Join Date
    Mar 2010
    Location
    Mobile, Alabama
    Posts
    5,176

    Certifications
    BSIT, Proj+, A+, Net+, Sec+: MCTS: X5; MCITP:EA
    #20
    Quote Originally Posted by RobertKaucher View Post
    I once had a lady that moved her own computer to another office. But she called when it would not turn on. I asked if she was certain everything was plugged in properly. She said she was so I went to her desk. She had plugged her surge protector into itself.
    My wife did that once..lol
    She had cleaned around behind her computer and rearranged the wires. Her monitor was plugged up but nothing else. The power strip was plugged to itself and she claimed the computer was broke.
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Jul 2009
    Posts
    2,056

    Certifications
    Beer+
    #21
    Quote Originally Posted by Devilsbane View Post
    lol, some people are so computer illiterate, it makes you wonder how they even do their jobs. It doesn't take much, I am really being too demanding by expecting that you know where your start button is?

    Oh I agree, and it makes me mad.

    If a computer is a part of your job, you need to know how to use it. No, i dont expect you to administrate an AD domain or anything, but know where something like the start button is. Know how to turn the thing on and off, etc.

    Thats like a mechanic not knowing how to use a socket wrench.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Apr 2008
    Location
    New York, NY
    Posts
    305

    Certifications
    Life
    #22
    Quote Originally Posted by Hyper-Me View Post
    Oh I agree, and it makes me mad.

    If a computer is a part of your job, you need to know how to use it. No, i dont expect you to administrate an AD domain or anything, but know where something like the start button is. Know how to turn the thing on and off, etc.

    Thats like a mechanic not knowing how to use a socket wrench.
    A-men to that.

    One of our "Professors" ( he teaches 70-640 class) recently asked me how did I reset a user account on Windows 2008R2 server install. I thought he is "testing me" at first, but after giving him step-by-step explanation I realized that he is not joking. His incompetence just insulted me. I got so angry that could not hold myself, told him to go f** himself. Now he is upset, and won't talk to me. I guess its time to look for another job.
    Reply With Quote Quote  

  24. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #23
    I had a professor like that. He was giving a lecture one day on permissions and told the class that when you are on a remote computer you get the most restrictive permissions. So if the NTFS is read/write and the share is only read, you get read.

    But when you access locally, you get the most privileges. So if there is read/write on the share, but only read on the NTFS, you will get read/write. I called him out on this (wasn't positive, this was prior to any certification, but it just didn't sound right). So we debated in front of the class for 10 minutes, and he said that I was wrong.

    This is a guy that claims to have MCSE, CCNA, and went to Chicago to get his MCITP:EA. Why he went to Chicago, I'm not sure. There are plenty of testing centers around us. (Didn't know better at the time). He claims to have taken 1 test each day of the week, failed one of them (because he spent the day before studying for the wrong test) so he then took that one again. So now he has an MCITP:EA (except he called it MCSE on 2008, again didn't question it because I had no idea)

    The funny thing is, I have never seen proof of a single certification, he has all the MCSE books, but they are still in plastic wrap, and he is dumber than a box of rocks.
    Reply With Quote Quote  

  25. Senior Member knownhero's Avatar
    Join Date
    Jul 2008
    Location
    UK
    Posts
    433

    Certifications
    MCSE: SharePoint 2013, Productivity
    #24
    Quote Originally Posted by Devilsbane View Post
    I had a professor like that. He was giving a lecture one day on permissions and told the class that when you are on a remote computer you get the most restrictive permissions. So if the NTFS is read/write and the share is only read, you get read.

    But when you access locally, you get the most privileges. So if there is read/write on the share, but only read on the NTFS, you will get read/write. I called him out on this (wasn't positive, this was prior to any certification, but it just didn't sound right). So we debated in front of the class for 10 minutes, and he said that I was wrong.

    This is a guy that claims to have MCSE, CCNA, and went to Chicago to get his MCITP:EA. Why he went to Chicago, I'm not sure. There are plenty of testing centers around us. (Didn't know better at the time). He claims to have taken 1 test each day of the week, failed one of them (because he spent the day before studying for the wrong test) so he then took that one again. So now he has an MCITP:EA (except he called it MCSE on 2008, again didn't question it because I had no idea)

    The funny thing is, I have never seen proof of a single certification, he has all the MCSE books, but they are still in plastic wrap, and he is dumber than a box of rocks.

    Brain dump much?
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013

    Road map 2017: JavaScript and modern web development

    Reply With Quote Quote  

  26. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #25
    Quote Originally Posted by knownhero View Post
    Brain dump much?
    Nope, pretty sure it is lies much. I don't even think a dumper could do that.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks