Re: Dns delegation vs Conditional forwarding

"aconti" <> wrote in message
news:...
>
> Hello, what is the difference between these 2 since they both enable
> name resolution for the different domain.
>
> Thank you
>
>
> --
> aconti

Chris gave you a great overall view of the differences. My only addition is
that it I would suggest delegation for child domains within the same forest,
but Conditional Forwarding to a partner organization's DNS in a scenario
with a trust or even non-trust, but need to resolve a partner org resources,
such as having a VPN between the two orgs.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

"aconti" <> wrote in message
news:...
>
> Thank you just as an example if I have test.com and a subdomain hosted
> on a another server north.test.com
>
> In this case I have 2 options for name resolution in the other
> domain...
>
> 1 Use conditional forwarding for the subdomain pointing to the
> authoritative dns server
>
> 2 Delegate the sub domain on the test.com DC
>
> For the end client will I not accomplish the same thing ?
>
> Thank you
>
>
> --
> aconti

Yes and no because north.test.com is in the same namespace as test.com. If
it is a different namespace, loosely speaking (because north.test.com and
test.com can be in different namespaces), and depending on if north.test.com
is part of the test.com forest, the replication scope and/or whether
north.test.com is an actual child zone is under the test.com zone. To
simplify it, within the same forest , you want to delegate the "north"
portion of the test.com zone to a DNS server in the child domain.
Conditional Forwarding is not normally used in this respect.

Ace

"aconti" <> wrote in message
news:...
>
> Hello,
>
> so what if we compare them to a stub zone
>
> Zone delegation is used when you have a secondary dns server zone
> north.test.com and you delegate the zone on test.com so that it can
> point to the north.test.com dns servers
>
> Conditional forwarding is used when you have 2 different domain or
> forests trees and you configure conditional forwarding from one sub
> domain to another to make dns resolution faster and causing less
> traffic.
>
> Stub zone can also be used instead of conditional forwarding but what
> are the differences, I know that stub zone will create a zone with the
> authoritative SOA, NS and their IPs so that agian like conditional
> forwarding will point to the right dns server
>
> Pls correct me if I am wrong
>
> Thank you again
>
>
> --
> aconti

A stub is a reference only to the nameservers of the zone that's stubbed (so
to speak). It acts like a zone transfer from the zone, so for a stub to
work, the other party would have to allow zone transfers. You can use a stub
instead of a conditional forwarder to a partner organization. My preference
is a Conditional Forwarder, which also works if the partner org will not
allow zone transfers.

Delegation is delegating administration, SOA, etc, to a child portion of the
namespace, such as within a forest (AD related). Without AD, say you have a
zone called domain.com, and a child zone called child1.domain.com in a
remote location. The child1 folks have control of their whole infrastructure
with their own admins, etc, as well as you want to keep query traffic to a
minimal across the WAN link. So I would delegate the child1 zone from
domain.com zone, so this way the child1 DNS servers are SOA for
child1.domain.com. This way any queries to the child1 zone will get sent to
the delgated DNS servers. Also in this scenario, you would configure a
forwarder (not a Conditional Forwarder) from the child1 DNS servers to the
parent DNS servers.

Ace