List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] ADDNS: Stub vs Forwarder

Prev Next

You are not authorized to post a reply.

Page 2 of 2

Author

Messages

deji

Posts:138

10/03/2008 1:31 PM
Jus fo omplnss: alhough Wndows lns qus us lookups by dfaul, and Wndows NS ss oby suh ommandng quss by dfaul, s possbl o onfgu a Wndows NS s o NOT do hono us lookup quss. In suh nsan, whn a NS s s a lookup qus fo a non-loal zon, h NS s wll f h ln o h nx NS s who "may" ha h od. Th ln hn pas h sam ommandng qus o THT nx NS s. Snly, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Mosof MVP - oy Ss www.akomolaf.nam - w know IT -5.75, -3.23 o you now alz ha Today s h Tomoow you w wod abou Ysday? -anon ________________________________________ Fom: -own@mal.ad.og [-own@mal.ad.og] On Bhalf Of komolaf, j Sn: Fday, Oob 03, 2008 9:47 M To: @mal.ad.og Subj: RE: [] NS: Sub s Fowad ad, pologs fo msadng you. I ag ha h quy wll b handld dffnly n som ass, bu h ln has no knowldg of ha bhao unl has ssud h quy, and h dff n spons s usually dad by h aalably o non-aalably of a loal opy of h zon. Baus Wndows dns lns gnally ssu us qus ("Hy, NS s! g m h addss fo ompuab n h xyz zon, and don' om bak unl you' h found o fald o fnd "), h s no dffn n quy REQUEST bhaos gadlss of h zon sa, and onsqunly, Wndows lns wll no n b awa of (o b onnd wh) h mhans of zon onfguaon. Ths s also u fo a NS s ang as a ln. Snly, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Mosof MVP - oy Ss www.akomolaf.nam&l;hp://www.akomolaf.nam/&g; - w know IT -5.75, -3.23 o you now alz ha Today s h Tomoow you w wod abou Ysday? -anon ________________________________ Fom: -own@mal.ad.og [-own@mal.ad.og] On Bhalf Of ad Clff [d31hz@gmal.om] Sn: Fday, Oob 03, 2008 6:52 M To: @mal.ad.og Subj: R: [] NS: Sub s Fowad H j, I don' hnk I mpld ha h ln modfd s quy a all (a las I hop I ddn'). I hnk ha a quy whh s possd by a NS onfgud wh a dlgaon od fo h qud zon s handld dffnly by a NS onfgud as a fowad fo h qud zon. Sub zons I wasn' 100% su abou. -aC On F, O 3, 2008 a 2:00 M, komolaf, j &l;dj@adymads.om&l;malo:dj@adymads.om&g;&g; wo: Bu h haass you' dsbd dos no pan o h nau of h zon. Clns do no modfy h quy bhaos basd on h yp of zon baus hy ha ssud h quy BEFORE h zon sa s dnfd (as loal o xnal) by h ng s. If you ha sub/sonday/dlgad, h NS s wll no say "I don' know, go alk o sX". Ths s baus h NS s OES know, basd on h fa ha has a opy of h zon. Bu h ln s no awa ha h s has h nfo, jus ssus a quy. Now, fowadng, ys. nd, alhough h a sll subl dffs bwn ond. fwdg, nomal fwdg and oo hns, hs dffs do no al h ln's quy poss. Th s onols ha asp. gan, h ln jus ssus a quy, and fo all as, h s ould b buyng h nfo qusd a h fla mak. If h s dosn' us fo h ln, hn h ln boms awa, no bfo. Snly, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Mosof MVP - oy Ss www.akomolaf.nam&l;hp://www.akomolaf.nam/&g;&l;hp://www.akomolaf.nam/&g; - w know IT -5.75, -3.23 o you now alz ha Today s h Tomoow you w wod abou Ysday? -anon ________________________________ Fom: -own@mal.ad.og&l;malo:-own@mal.ad.og&g; [-own@mal.ad.og&l;malo:-own@mal.ad.og&g;] On Bhalf Of Bown, Kn F. [Kn.Bown@kbslp.om&l;malo:Kn.Bown@kbslp.om&g;] Sn: Thusday, Oob 02, 2008 1:27 PM To: @mal.ad.og&l;malo:@mal.ad.og&g; Subj: RE: [] NS: Sub s Fowad On hng ha dos aff lns, dpndng upon h onfguaon, s h us nau of h NS onfguaon. (and dang f I jus an' mmb whh s us and whh sn' - I ha o go look up EVERY m!) Boh snaos assum h NS s dos no ha h answ n ah! Th ln asks h NS s a quson Th NS s pls bak: don' know - go ask NS s "X" Th abo pus h load on h ln. O... Th ln asks h NS s a quson Th NS s looks up h answ (fom ah o oh NS ss) and uns h answ o h ln Ths pus h load on h NS s. Th a po's and on's fo boh. I an also mpa how h ln funons - as h sond mhod an mak h ln's nam sol "wa" - and f aks oo long, h ln ms ou and an go o h nx NS s n h ls (o s pobably askng mulpl NS ss h qusons a h sam m). -----Ognal Mssag----- Fom: -own@mal.ad.og&l;malo:-own@mal.ad.og&g; [malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;] On Bhalf Of Rand Salaza Sn: Thusday, Oob 02, 2008 3:34 PM To: @mal.ad.og&l;malo:@mal.ad.og&g; Subj: R: [] NS: Sub s Fowad Jus h ypal dlgad zon yp. I'm jus yng o s f h a funonal dffn bwn ah dung h ln/s quy poss. f adng h dos you ls (plas o m f I'm msakn), dosn sm o hang fom a ln psp.. Clns qus h onfgud NS s, h NS s hn pfoms h lookup gadlss f h quy nds up bng loally ahd, a sub zon, a dlgad zon, o fowadd qus and hn pls o h ln aodngly. Th lns don know h dffn of "zon yp" nold as h s maks anspan, unlss an sol hn n whh as uns an o. Sound ok? I'm pobably mssng a whol bunh of suff... On Thu, O 2, 2008 a 10:51 M, &l;nl.uson@balayswalh.om&l;malo:nl.uson@balayswalh.om&g;&l;malo:nl.uson@balayswalh.om&l;malo:nl.uson@balayswalh.om&g;&g;&g; wo: Wha do u man by a "dlgad zon"? ________________________________ Fom: -own@mal.ad.og&l;malo:-own@mal.ad.og&g;&l;malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&g; [malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&l;malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&g;] On Bhalf Of Rand Salaza Sn: 02 Oob 2008 14:02 To: @mal.ad.og&l;malo:@mal.ad.og&g;&l;malo:@mal.ad.og&l;malo:@mal.ad.og&g;&g; Subj: R: [] NS: Sub s Fowad Thanks fo h dffns! I guss w ould pobably how dlgad zons n h mx oo! How abou hm? Now a a nwok ll, fom ln/s psp a h quy/spons dffn on a a? I guss wha I'm yng o g a s do hs dffn yps of zons aff h mhod n whh qus a sold and spondd o. I alz h a fowadd n som fom, so I am uous how h naon bwn h ln sol and s pmay NS pfoms h "handoffs" f h s suh. On Thu, O 2, 2008 a 7:50 M, &l;nl.uson@balayswalh.om&l;malo:nl.uson@balayswalh.om&g;&l;malo:nl.uson@balayswalh.om&l;malo:nl.uson@balayswalh.om&g;&g;&g; wo: Sub zon – onans SO, NS and ods fo all nam ss n h zon. Updas auomaally. Quy s 'fowadd' o on of h nam ss fo h zon. Condonally fowad – sa, manually admnsd ls of addsss o fowad qus o. Sub - hp://hn.mosof.om/n-us/lbay/779197.aspx Fowad - hp://hn.mosof.om/n-us/lbay/757172.aspx Smla bu dffn nl ________________________________ Fom: -own@mal.ad.og&l;malo:-own@mal.ad.og&g;&l;malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&g; [malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&l;malo:-own@mal.ad.og&l;malo:-own@mal.ad.og&g;&g;] On Bhalf Of Rand Salaza Sn: 02 Oob 2008 12:24 To: ad@mal.ad.og&l;malo:ad@mal.ad.og&g;&l;malo:ad@mal.ad.og&l;malo:ad@mal.ad.og&g;&g; Subj: [] NS: Sub s Fowad Hy guys, I am wondng wha s h pmay dffn bwn h wo. On s y bas nwok ll, how would a quy/spons fom a ln/s dff f h zon lookd up was subbd s fowadd (ondonal)? I alz I ould do a a of my own, bu I was hopng fo som nsgh fom you folks.. Thanks! Rand. ________________________________ Balays Walh s h walh managmn dson of Balays Bank PLC. Ths mal may la o o b sn fom oh mmbs of h Balays Goup. Th aalably of podus and ss may b lmd by h applabl laws and gulaons n an jusdons. Th Balays Goup dos no nomally ap o off busnss nsuons a nn mal. ny aon ha you mgh ak upon hs mssag mgh b a you own sk. Ths mal and any aahmns a onfdnal and nndd solly fo h addss and may also b plgd o xmp fom dslosu und applabl law. If you a no h addss, o ha d hs mal n o, plas nofy h snd mmdaly, dl fom you sysm and do no opy, dslos o ohws a upon any pa of hs mal o s aahmns. Inn ommunaons a no guaand o b su o whou uss. Th Balays Goup dos no ap sponsbly fo any loss asng fom unauhosd ass o, o nfn wh, any Inn ommunaons by any hd pay, o fom h ansmsson of any uss. Rpls o hs mal may b monod by h Balays Goup fo opaonal o busnss asons. ny opnon o oh nfomaon n hs mal o s aahmns ha dos no la o h busnss of h Balays Goup s psonal o h snd and s no gn o ndosd by h Balays Goup. Balays Bank PLC. Rgsd n England and Wals (gsd no. 1026167). Rgsd Off: 1 Chuhll Pla, London, E14 5HP, Und Kngdom. Balays Bank PLC s auhosd and gulad by h Fnanal Ss uhoy. ________________________________ Balays Walh s h walh managmn dson of Balays Bank PLC. Ths mal may la o o b sn fom oh mmbs of h Balays Goup. Th aalably of podus and ss may b lmd by h applabl laws and gulaons n an jusdons. Th Balays Goup dos no nomally ap o off busnss nsuons a nn mal. ny aon ha you mgh ak upon hs mssag mgh b a you own sk. Ths mal and any aahmns a onfdnal and nndd solly fo h addss and may also b plgd o xmp fom dslosu und applabl law. If you a no h addss, o ha d hs mal n o, plas nofy h snd mmdaly, dl fom you sysm and do no opy, dslos o ohws a upon any pa of hs mal o s aahmns. Inn ommunaons a no guaand o b su o whou uss. Th Balays Goup dos no ap sponsbly fo any loss asng fom unauhosd ass o, o nfn wh, any Inn ommunaons by any hd pay, o fom h ansmsson of any uss. Rpls o hs mal may b monod by h Balays Goup fo opaonal o busnss asons. ny opnon o oh nfomaon n hs mal o s aahmns ha dos no la o h busnss of h Balays Goup s psonal o h snd and s no gn o ndosd by h Balays Goup. Balays Bank PLC. Rgsd n England and Wals (gsd no. 1026167). Rgsd Off: 1 Chuhll Pla, London, E14 5HP, Und Kngdom. Balays Bank PLC s auhosd and gulad by h Fnanal Ss uhoy. Ls nfo : hp://www.ad.og/Ls.aspx Ls FQ : hp://www.ad.og/LsFQ.aspx Ls ah: hp://www.ad.og/ma/dfaul.aspx Ls nfo : hp://www.ad.og/Ls.aspx Ls FQ : hp://www.ad.og/LsFQ.aspx Ls ah: hp://www.ad.og/ma/dfaul.aspx Ls nfo : hp://www.ad.og/Ls.aspx Ls FQ : hp://www.ad.og/LsFQ.aspx Ls ah: hp://www.ad.og/ma/dfaul.aspx

kamleshap

Posts:26

10/03/2008 6:37 PM
Not to hijack the discussion, Is it possible to configure dns client to send only ITERATIVE query rather than recursive ? -Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Fri, Oct 3, 2008 at 1:25 PM, Akomolafe, Deji <deji@readymaids.com> wrote: > Just for completeness: although Windows clients request recursive lookups > by default, and Windows DNS servers obey such commanding requests by > default, it is possible to configure a Windows DNS server to NOT do honor > recursive lookup requests. > > In such instance, when a DNS server receives a lookup request for a > non-local zone, the DNS server will refer the client to the next DNS server > who "may" have the record. The client then repeats the same commanding > request to THAT next DNS server. > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________________ > From: ActiveDir-owner@mail.activedir.org [ > ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji > Sent: Friday, October 03, 2008 9:47 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder > > David, > > Apologies for misreading you. > > I agree that the query will be handled differently in some cases, but the > client has no knowledge of that behavior until it has issued the query, and > the diff in response is usually dictated by the availability or > non-availability of a local copy of the zone. Because Windows dns clients > generally issue recursive queries ("Hey, DNS server! get me the address for > computerabc in the xyz zone, and don't come back until you've either found > it or failed to find it"), there is no difference in query REQUEST behaviors > regardless of the zone state, and consequently, Windows clients will not > even be aware of (or be concerned with) the mechanics of zone configuration. > > This is also true for a DNS server acting as a client. > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name/> - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________ > From: ActiveDir-owner@mail.activedir.org [ > ActiveDir-owner@mail.activedir.org] On Behalf Of David Cliffe [ > dc31hz@gmail.com] > Sent: Friday, October 03, 2008 6:52 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > Hi Deji, > > I don't think I implied that the client modified its query at all (at > least I hope I didn't). I think that a query which is processed by a DNS > configured with a delegation record for the queried zone is handled > differently by a DNS configured as a forwarder for the queried zone. Stub > zones I wasn't 100% sure about. > > -DaveC > > On Fri, Oct 3, 2008 at 2:00 AM, Akomolafe, Deji <deji@readymaids.com > <mailto:deji@readymaids.com>> wrote: > But the characteristics you've described does not pertain to the nature of > the zone. Clients do not modify their query behaviors based on the type of > zone because they have issued the query BEFORE the zone state is identified > (as local or external) by the receiving server. > > If you have stub/secondary/delegated, the DNS server will not say "I don't > know, go talk to serverX". This is because the DNS server DOES know, based > on the fact that it has a copy of the zone. But the client is not aware that > the server has the info, it just issues a query. > > Now, forwarding, yes. And, although there are still subtle diffs between > cond. fwdg, normal fwdg and root hints, these diffs do not alter the > client's query process. The server controls that aspect. Again, the client > just issues a query, and for all it cares, the server could be buying the > info requested at the flea market. If the server doesn't recurse for the > client, then the client becomes aware, not before. > > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name/><http://www.akomolafe.name/> > - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________ > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org > <mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Brown, Ken F. [ > Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com>] > Sent: Thursday, October 02, 2008 1:27 PM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> > Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder > > One thing that does affect clients, depending upon the configuration, is > the recursive nature of the DNS configuration. > > (and dang if I just can't remember which is recursive and which isn't - I > have to go look it up EVERY time!) > > Both scenarios assume the DNS server does not have the answer in cache! > > > The client asks the DNS server a question > The DNS server replies back: don't know - go ask DNS server "X" > > The above puts the load on the client. Or... > > The client asks the DNS server a question > The DNS server looks up the answer (from cache or other DNS servers) and > returns the answer to the client > > This puts the load on the DNS server. > > There are pro's and con's for both. > > It can also impact how the client functions - as the second method can make > the client's name resolver "wait" - and if it takes too long, the client > times out and can go to the next DNS server in the list (or is probably > asking multiple DNS servers the questions at the same time). > > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>] On Behalf Of Rand Salazar > Sent: Thursday, October 02, 2008 3:34 PM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > Just the typical AD delegated zone type. I'm just trying to see if there > are functional difference between each during the client/server query > process. > > After reading the docs you list (please correct me if I'm mistaken), it > doesnt seem to change from a client perspective.. Clients queries their > configured DNS server, the DNS server then performs the lookup regardless if > the query ends up being locally cached, a stub zone, a delegated zone, or > forwarded request and then replies to the client accordingly. The clients > dont know the difference of "zone type" involved as the server makes it > transparent, unless it cant resolve then in which case it returns an error. > > Sound ok? I'm probably missing a whole bunch of stuff... > > > > > On Thu, Oct 2, 2008 at 10:51 AM, <neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com > <mailto:neil.ruston@barclayswealth.com>>> wrote: > > What do u mean by a "delegated zone"? > > > > ________________________________ > > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>] On Behalf Of Rand Salazar > > Sent: 02 October 2008 14:02 > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > >> > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > > > Thanks for the differences! I guess we could probably throw delegated > zones in the mix too! How about them? > > Now at a network level, from client/server perspective are the > query/response different on a trace? I guess what I'm trying to get at is > do these different types of zones affect the method in which queries are > resolved and responded to. I realize there are forwarded in some form, so I > am curious how the interaction between the client resolver and its primary > DNS performs the "handoffs" if there is such. > > > > On Thu, Oct 2, 2008 at 7:50 AM, <neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com > <mailto:neil.ruston@barclayswealth.com>>> wrote: > > Stub zone – contains SOA, NS and A records for all name servers in the > zone. Updates automatically. Query is 'forwarded' to one of the name servers > for the zone. > > Conditionally forwarder – static, manually administered list of addresses > to forward queries to. > > > > Stub - http://technet.microsoft.com/en-us/library/cc779197.aspx > > Forwarder - http://technet.microsoft.com/en-us/library/cc757172.aspx > > > > Similar but different > > > > > > neil > > ________________________________ > > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>] On Behalf Of Rand Salazar > Sent: 02 October 2008 12:24 > To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > ><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > >> > Subject: [ActiveDir] ADDNS: Stub vs Forwarder > > > > Hey guys, > > I am wondering what is the primary difference between the two. On its very > basic network level, how would a query/response from a client/server differ > if the zone it looked up was stubbed vs forwarded (conditional)? I realize > I could do a trace of my own, but I was hoping for some insight from you > folks.. > > Thanks! > Rand. > > ________________________________ > > Barclays Wealth is the wealth management division of Barclays Bank PLC. > This email may relate to or be sent from other members of the Barclays > Group. > > The availability of products and services may be limited by the applicable > laws and regulations in certain jurisdictions. The Barclays Group does not > normally accept or offer business instructions via internet email. Any > action that you might take upon this message might be at your own risk. > > This email and any attachments are confidential and intended solely for the > addressee and may also be privileged or exempt from disclosure under > applicable law. If you are not the addressee, or have received this email in > error, please notify the sender immediately, delete it from your system and > do not copy, disclose or otherwise act upon any part of this email or its > attachments. > > Internet communications are not guaranteed to be secure or without viruses. > The Barclays Group does not accept responsibility for any loss arising from > unauthorised access to, or interference with, any Internet communications by > any third party, or from the transmission of any viruses. Replies to this > email may be monitored by the Barclays Group for operational or business > reasons. > > Any opinion or other information in this email or its attachments that does > not relate to the business of the Barclays Group is personal to the sender > and is not given or endorsed by the Barclays Group. > > Barclays Bank PLC. Registered in England and Wales (registered no. > 1026167). > Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. > > Barclays Bank PLC is authorised and regulated by the Financial Services > Authority. > > > > ________________________________ > Barclays Wealth is the wealth management division of Barclays Bank PLC. > This email may relate to or be sent from other members of the Barclays > Group. > > The availability of products and services may be limited by the applicable > laws and regulations in certain jurisdictions. The Barclays Group does not > normally accept or offer business instructions via internet email. Any > action that you might take upon this message might be at your own risk. > > This email and any attachments are confidential and intended solely for the > addressee and may also be privileged or exempt from disclosure under > applicable law. If you are not the addressee, or have received this email in > error, please notify the sender immediately, delete it from your system and > do not copy, disclose or otherwise act upon any part of this email or its > attachments. > > Internet communications are not guaranteed to be secure or without viruses. > The Barclays Group does not accept responsibility for any loss arising from > unauthorised access to, or interference with, any Internet communications by > any third party, or from the transmission of any viruses. Replies to this > email may be monitored by the Barclays Group for operational or business > reasons. > > Any opinion or other information in this email or its attachments that does > not relate to the business of the Barclays Group is personal to the sender > and is not given or endorsed by the Barclays Group. > > Barclays Bank PLC. Registered in England and Wales (registered no. > 1026167). > Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. > > Barclays Bank PLC is authorised and regulated by the Financial Services > Authority. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx >

deji

Posts:138

10/03/2008 11:03 PM
I don't know how. Maybe custom applications could be written to do that, but I'd wonder why one would do so. Why put the load on the client rather than on a server designed for the load? Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Kamlesh Parmar [kamleshap@gmail.com] Sent: Friday, October 03, 2008 3:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Not to hijack the discussion, Is it possible to configure dns client to send only ITERATIVE query rather than recursive ? -Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Fri, Oct 3, 2008 at 1:25 PM, Akomolafe, Deji <deji@readymaids.com<mailto:deji@readymaids.com>> wrote: Just for completeness: although Windows clients request recursive lookups by default, and Windows DNS servers obey such commanding requests by default, it is possible to configure a Windows DNS server to NOT do honor recursive lookup requests. In such instance, when a DNS server receives a lookup request for a non-local zone, the DNS server will refer the client to the next DNS server who "may" have the record. The client then repeats the same commanding request to THAT next DNS server. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Akomolafe, Deji Sent: Friday, October 03, 2008 9:47 AM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder David, Apologies for misreading you. I agree that the query will be handled differently in some cases, but the client has no knowledge of that behavior until it has issued the query, and the diff in response is usually dictated by the availability or non-availability of a local copy of the zone. Because Windows dns clients generally issue recursive queries ("Hey, DNS server! get me the address for computerabc in the xyz zone, and don't come back until you've either found it or failed to find it"), there is no difference in query REQUEST behaviors regardless of the zone state, and consequently, Windows clients will not even be aware of (or be concerned with) the mechanics of zone configuration. This is also true for a DNS server acting as a client. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of David Cliffe [dc31hz@gmail.com<mailto:dc31hz@gmail.com>] Sent: Friday, October 03, 2008 6:52 AM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Hi Deji, I don't think I implied that the client modified its query at all (at least I hope I didn't). I think that a query which is processed by a DNS configured with a delegation record for the queried zone is handled differently by a DNS configured as a forwarder for the queried zone. Stub zones I wasn't 100% sure about. -DaveC On Fri, Oct 3, 2008 at 2:00 AM, Akomolafe, Deji <deji@readymaids.com<mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto:deji@readymaids.com>>> wrote: But the characteristics you've described does not pertain to the nature of the zone. Clients do not modify their query behaviors based on the type of zone because they have issued the query BEFORE the zone state is identified (as local or external) by the receiving server. If you have stub/secondary/delegated, the DNS server will not say "I don't know, go talk to serverX". This is because the DNS server DOES know, based on the fact that it has a copy of the zone. But the client is not aware that the server has the info, it just issues a query. Now, forwarding, yes. And, although there are still subtle diffs between cond. fwdg, normal fwdg and root hints, these diffs do not alter the client's query process. The server controls that aspect. Again, the client just issues a query, and for all it cares, the server could be buying the info requested at the flea market. If the server doesn't recurse for the client, then the client becomes aware, not before. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/><http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>] On Behalf Of Brown, Ken F. [Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com><mailto:Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com>>] Sent: Thursday, October 02, 2008 1:27 PM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>> Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder One thing that does affect clients, depending upon the configuration, is the recursive nature of the DNS configuration. (and dang if I just can't remember which is recursive and which isn't - I have to go look it up EVERY time!) Both scenarios assume the DNS server does not have the answer in cache! The client asks the DNS server a question The DNS server replies back: don't know - go ask DNS server "X" The above puts the load on the client. Or... The client asks the DNS server a question The DNS server looks up the answer (from cache or other DNS servers) and returns the answer to the client This puts the load on the DNS server. There are pro's and con's for both. It can also impact how the client functions - as the second method can make the client's name resolver "wait" - and if it takes too long, the client times out and can go to the next DNS server in the list (or is probably asking multiple DNS servers the questions at the same time). -----Original Message----- From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>] On Behalf Of Rand Salazar Sent: Thursday, October 02, 2008 3:34 PM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Just the typical AD delegated zone type. I'm just trying to see if there are functional difference between each during the client/server query process. After reading the docs you list (please correct me if I'm mistaken), it doesnt seem to change from a client perspective.. Clients queries their configured DNS server, the DNS server then performs the lookup regardless if the query ends up being locally cached, a stub zone, a delegated zone, or forwarded request and then replies to the client accordingly. The clients dont know the difference of "zone type" involved as the server makes it transparent, unless it cant resolve then in which case it returns an error. Sound ok? I'm probably missing a whole bunch of stuff... On Thu, Oct 2, 2008 at 10:51 AM, <neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>>> wrote: What do u mean by a "delegated zone"? ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Rand Salazar Sent: 02 October 2008 14:02 To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Thanks for the differences! I guess we could probably throw delegated zones in the mix too! How about them? Now at a network level, from client/server perspective are the query/response different on a trace? I guess what I'm trying to get at is do these different types of zones affect the method in which queries are resolved and responded to. I realize there are forwarded in some form, so I am curious how the interaction between the client resolver and its primary DNS performs the "handoffs" if there is such. On Thu, Oct 2, 2008 at 7:50 AM, <neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>>> wrote: Stub zone – contains SOA, NS and A records for all name servers in the zone. Updates automatically. Query is 'forwarded' to one of the name servers for the zone. Conditionally forwarder – static, manually administered list of addresses to forward queries to. Stub - http://technet.microsoft.com/en-us/library/cc779197.aspx Forwarder - http://technet.microsoft.com/en-us/library/cc757172.aspx Similar but different neil ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Rand Salazar Sent: 02 October 2008 12:24 To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>> Subject: [ActiveDir] ADDNS: Stub vs Forwarder Hey guys, I am wondering what is the primary difference between the two. On its very basic network level, how would a query/response from a client/server differ if the zone it looked up was stubbed vs forwarded (conditional)? I realize I could do a trace of my own, but I was hoping for some insight from you folks.. Thanks! Rand. ________________________________ Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. ________________________________ Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

kamleshap

Posts:26

10/04/2008 2:20 AM
well... I had seen the similar setup what was described earlier, intelligent DNS server giving different answers based on client's IP address. Typically used to get clients to nearest server. This used to fall flat when there were chains of DNS servers or delegated zones before query could get resolved. As answers returned by DNS server would be accurate for last server which knew about the zone in question but it would mean client getting referred to remote server. Only way I could think of resolving that was making local DNS server aware of all those intelligent zones and thus be the final server who queried those intelligent DNS servers for those specific zones. And other reason was it is possible to disable recursion at DNS server level so wondering is it doable at individual client level or not ? -Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Fri, Oct 3, 2008 at 10:55 PM, Akomolafe, Deji <deji@readymaids.com>wrote: > I don't know how. > > Maybe custom applications could be written to do that, but I'd wonder why > one would do so. Why put the load on the client rather than on a server > designed for the load? > > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name/> - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________ > From: ActiveDir-owner@mail.activedir.org [ > ActiveDir-owner@mail.activedir.org] On Behalf Of Kamlesh Parmar [ > kamleshap@gmail.com] > Sent: Friday, October 03, 2008 3:34 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > Not to hijack the discussion, > > Is it possible to configure dns client to send only ITERATIVE query rather > than recursive ? > > -Kamlesh > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Argue for your limitations, and sure enough, they're yours. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > On Fri, Oct 3, 2008 at 1:25 PM, Akomolafe, Deji <deji@readymaids.com > <mailto:deji@readymaids.com>> wrote: > Just for completeness: although Windows clients request recursive lookups > by default, and Windows DNS servers obey such commanding requests by > default, it is possible to configure a Windows DNS server to NOT do honor > recursive lookup requests. > > In such instance, when a DNS server receives a lookup request for a > non-local zone, the DNS server will refer the client to the next DNS server > who "may" have the record. The client then repeats the same commanding > request to THAT next DNS server. > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name> - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________________ > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org > <mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Akomolafe, Deji > Sent: Friday, October 03, 2008 9:47 AM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> > Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder > > David, > > Apologies for misreading you. > > I agree that the query will be handled differently in some cases, but the > client has no knowledge of that behavior until it has issued the query, and > the diff in response is usually dictated by the availability or > non-availability of a local copy of the zone. Because Windows dns clients > generally issue recursive queries ("Hey, DNS server! get me the address for > computerabc in the xyz zone, and don't come back until you've either found > it or failed to find it"), there is no difference in query REQUEST behaviors > regardless of the zone state, and consequently, Windows clients will not > even be aware of (or be concerned with) the mechanics of zone configuration. > > This is also true for a DNS server acting as a client. > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/> > - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________ > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org > <mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of David Cliffe [ > dc31hz@gmail.com<mailto:dc31hz@gmail.com>] > Sent: Friday, October 03, 2008 6:52 AM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > Hi Deji, > > I don't think I implied that the client modified its query at all (at > least I hope I didn't). I think that a query which is processed by a DNS > configured with a delegation record for the queried zone is handled > differently by a DNS configured as a forwarder for the queried zone. Stub > zones I wasn't 100% sure about. > > -DaveC > > On Fri, Oct 3, 2008 at 2:00 AM, Akomolafe, Deji <deji@readymaids.com > <mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto: > deji@readymaids.com>>> wrote: > But the characteristics you've described does not pertain to the nature of > the zone. Clients do not modify their query behaviors based on the type of > zone because they have issued the query BEFORE the zone state is identified > (as local or external) by the receiving server. > > If you have stub/secondary/delegated, the DNS server will not say "I don't > know, go talk to serverX". This is because the DNS server DOES know, based > on the fact that it has a copy of the zone. But the client is not aware that > the server has the info, it just issues a query. > > Now, forwarding, yes. And, although there are still subtle diffs between > cond. fwdg, normal fwdg and root hints, these diffs do not alter the > client's query process. The server controls that aspect. Again, the client > just issues a query, and for all it cares, the server could be buying the > info requested at the flea market. If the server doesn't recurse for the > client, then the client becomes aware, not before. > > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/>< > http://www.akomolafe.name/> - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > ________________________________ > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org > <mailto:ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>] On Behalf Of Brown, Ken F. [ > Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com><mailto:Ken.Brown@kbslp.com > <mailto:Ken.Brown@kbslp.com>>] > Sent: Thursday, October 02, 2008 1:27 PM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > >> > Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder > > One thing that does affect clients, depending upon the configuration, is > the recursive nature of the DNS configuration. > > (and dang if I just can't remember which is recursive and which isn't - I > have to go look it up EVERY time!) > > Both scenarios assume the DNS server does not have the answer in cache! > > > The client asks the DNS server a question > The DNS server replies back: don't know - go ask DNS server "X" > > The above puts the load on the client. Or... > > The client asks the DNS server a question > The DNS server looks up the answer (from cache or other DNS servers) and > returns the answer to the client > > This puts the load on the DNS server. > > There are pro's and con's for both. > > It can also impact how the client functions - as the second method can make > the client's name resolver "wait" - and if it takes too long, the client > times out and can go to the next DNS server in the list (or is probably > asking multiple DNS servers the questions at the same time). > > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>] On Behalf Of Rand Salazar > Sent: Thursday, October 02, 2008 3:34 PM > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > >> > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > Just the typical AD delegated zone type. I'm just trying to see if there > are functional difference between each during the client/server query > process. > > After reading the docs you list (please correct me if I'm mistaken), it > doesnt seem to change from a client perspective.. Clients queries their > configured DNS server, the DNS server then performs the lookup regardless if > the query ends up being locally cached, a stub zone, a delegated zone, or > forwarded request and then replies to the client accordingly. The clients > dont know the difference of "zone type" involved as the server makes it > transparent, unless it cant resolve then in which case it returns an error. > > Sound ok? I'm probably missing a whole bunch of stuff... > > > > > On Thu, Oct 2, 2008 at 10:51 AM, <neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com > <mailto:neil.ruston@barclayswealth.com>><mailto: > neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com > ><mailto:neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com>>>> wrote: > > What do u mean by a "delegated zone"? > > > > ________________________________ > > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Rand Salazar > > Sent: 02 October 2008 14:02 > To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > >><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org > >>> > Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder > > > > Thanks for the differences! I guess we could probably throw delegated > zones in the mix too! How about them? > > Now at a network level, from client/server perspective are the > query/response different on a trace? I guess what I'm trying to get at is > do these different types of zones affect the method in which queries are > resolved and responded to. I realize there are forwarded in some form, so I > am curious how the interaction between the client resolver and its primary > DNS performs the "handoffs" if there is such. > > > > On Thu, Oct 2, 2008 at 7:50 AM, <neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com > <mailto:neil.ruston@barclayswealth.com>><mailto: > neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com > ><mailto:neil.ruston@barclayswealth.com<mailto: > neil.ruston@barclayswealth.com>>>> wrote: > > Stub zone – contains SOA, NS and A records for all name servers in the > zone. Updates automatically. Query is 'forwarded' to one of the name servers > for the zone. > > Conditionally forwarder – static, manually administered list of addresses > to forward queries to. > > > > Stub - http://technet.microsoft.com/en-us/library/cc779197.aspx > > Forwarder - http://technet.microsoft.com/en-us/library/cc757172.aspx > > > > Similar but different > > > > > > neil > > ________________________________ > > From: ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>> [mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org><mailto: > ActiveDir-owner@mail.activedir.org<mailto: > ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Rand Salazar > Sent: 02 October 2008 12:24 > To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > ><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > >><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > ><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org > >>> > Subject: [ActiveDir] ADDNS: Stub vs Forwarder > > > > Hey guys, > > I am wondering what is the primary difference between the two. On its very > basic network level, how would a query/response from a client/server differ > if the zone it looked up was stubbed vs forwarded (conditional)? I realize > I could do a trace of my own, but I was hoping for some insight from you > folks.. > > Thanks! > Rand. > > ________________________________ > > Barclays Wealth is the wealth management division of Barclays Bank PLC. > This email may relate to or be sent from other members of the Barclays > Group. > > The availability of products and services may be limited by the applicable > laws and regulations in certain jurisdictions. The Barclays Group does not > normally accept or offer business instructions via internet email. Any > action that you might take upon this message might be at your own risk. > > This email and any attachments are confidential and intended solely for the > addressee and may also be privileged or exempt from disclosure under > applicable law. If you are not the addressee, or have received this email in > error, please notify the sender immediately, delete it from your system and > do not copy, disclose or otherwise act upon any part of this email or its > attachments. > > Internet communications are not guaranteed to be secure or without viruses. > The Barclays Group does not accept responsibility for any loss arising from > unauthorised access to, or interference with, any Internet communications by > any third party, or from the transmission of any viruses. Replies to this > email may be monitored by the Barclays Group for operational or business > reasons. > > Any opinion or other information in this email or its attachments that does > not relate to the business of the Barclays Group is personal to the sender > and is not given or endorsed by the Barclays Group. > > Barclays Bank PLC. Registered in England and Wales (registered no. > 1026167). > Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. > > Barclays Bank PLC is authorised and regulated by the Financial Services > Authority. > > > > ________________________________ > Barclays Wealth is the wealth management division of Barclays Bank PLC. > This email may relate to or be sent from other members of the Barclays > Group. > > The availability of products and services may be limited by the applicable > laws and regulations in certain jurisdictions. The Barclays Group does not > normally accept or offer business instructions via internet email. Any > action that you might take upon this message might be at your own risk. > > This email and any attachments are confidential and intended solely for the > addressee and may also be privileged or exempt from disclosure under > applicable law. If you are not the addressee, or have received this email in > error, please notify the sender immediately, delete it from your system and > do not copy, disclose or otherwise act upon any part of this email or its > attachments. > > Internet communications are not guaranteed to be secure or without viruses. > The Barclays Group does not accept responsibility for any loss arising from > unauthorised access to, or interference with, any Internet communications by > any third party, or from the transmission of any viruses. Replies to this > email may be monitored by the Barclays Group for operational or business > reasons. > > Any opinion or other information in this email or its attachments that does > not relate to the business of the Barclays Group is personal to the sender > and is not given or endorsed by the Barclays Group. > > Barclays Bank PLC. Registered in England and Wales (registered no. > 1026167). > Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. > > Barclays Bank PLC is authorised and regulated by the Financial Services > Authority. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx >

deji

Posts:138

10/04/2008 3:43 AM
Kamlesh, aren't you describing "Netmask Ordering" in your "Inteliigent DNS"? As for configuring iterative lookup query on the client side, someone would have to look at the codes and come up with an authoritative answer. Someone other than me Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Kamlesh Parmar [kamleshap@gmail.com] Sent: Friday, October 03, 2008 11:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder well... I had seen the similar setup what was described earlier, intelligent DNS server giving different answers based on client's IP address. Typically used to get clients to nearest server. This used to fall flat when there were chains of DNS servers or delegated zones before query could get resolved. As answers returned by DNS server would be accurate for last server which knew about the zone in question but it would mean client getting referred to remote server. Only way I could think of resolving that was making local DNS server aware of all those intelligent zones and thus be the final server who queried those intelligent DNS servers for those specific zones. And other reason was it is possible to disable recursion at DNS server level so wondering is it doable at individual client level or not ? -Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Fri, Oct 3, 2008 at 10:55 PM, Akomolafe, Deji <deji@readymaids.com<mailto:deji@readymaids.com>> wrote: I don't know how. Maybe custom applications could be written to do that, but I'd wonder why one would do so. Why put the load on the client rather than on a server designed for the load? Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Kamlesh Parmar [kamleshap@gmail.com<mailto:kamleshap@gmail.com>] Sent: Friday, October 03, 2008 3:34 PM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Not to hijack the discussion, Is it possible to configure dns client to send only ITERATIVE query rather than recursive ? -Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Fri, Oct 3, 2008 at 1:25 PM, Akomolafe, Deji <deji@readymaids.com<mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto:deji@readymaids.com>>> wrote: Just for completeness: although Windows clients request recursive lookups by default, and Windows DNS servers obey such commanding requests by default, it is possible to configure a Windows DNS server to NOT do honor recursive lookup requests. In such instance, when a DNS server receives a lookup request for a non-local zone, the DNS server will refer the client to the next DNS server who "may" have the record. The client then repeats the same commanding request to THAT next DNS server. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>] On Behalf Of Akomolafe, Deji Sent: Friday, October 03, 2008 9:47 AM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>> Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder David, Apologies for misreading you. I agree that the query will be handled differently in some cases, but the client has no knowledge of that behavior until it has issued the query, and the diff in response is usually dictated by the availability or non-availability of a local copy of the zone. Because Windows dns clients generally issue recursive queries ("Hey, DNS server! get me the address for computerabc in the xyz zone, and don't come back until you've either found it or failed to find it"), there is no difference in query REQUEST behaviors regardless of the zone state, and consequently, Windows clients will not even be aware of (or be concerned with) the mechanics of zone configuration. This is also true for a DNS server acting as a client. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name><http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>] On Behalf Of David Cliffe [dc31hz@gmail.com<mailto:dc31hz@gmail.com><mailto:dc31hz@gmail.com<mailto:dc31hz@gmail.com>>] Sent: Friday, October 03, 2008 6:52 AM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Hi Deji, I don't think I implied that the client modified its query at all (at least I hope I didn't). I think that a query which is processed by a DNS configured with a delegation record for the queried zone is handled differently by a DNS configured as a forwarder for the queried zone. Stub zones I wasn't 100% sure about. -DaveC On Fri, Oct 3, 2008 at 2:00 AM, Akomolafe, Deji <deji@readymaids.com<mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto:deji@readymaids.com>><mailto:deji@readymaids.com<mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto:deji@readymaids.com>>>> wrote: But the characteristics you've described does not pertain to the nature of the zone. Clients do not modify their query behaviors based on the type of zone because they have issued the query BEFORE the zone state is identified (as local or external) by the receiving server. If you have stub/secondary/delegated, the DNS server will not say "I don't know, go talk to serverX". This is because the DNS server DOES know, based on the fact that it has a copy of the zone. But the client is not aware that the server has the info, it just issues a query. Now, forwarding, yes. And, although there are still subtle diffs between cond. fwdg, normal fwdg and root hints, these diffs do not alter the client's query process. The server controls that aspect. Again, the client just issues a query, and for all it cares, the server could be buying the info requested at the flea market. If the server doesn't recurse for the client, then the client becomes aware, not before. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name><http://www.akomolafe.name/><http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>> [ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Brown, Ken F. [Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com><mailto:Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com>><mailto:Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com><mailto:Ken.Brown@kbslp.com<mailto:Ken.Brown@kbslp.com>>>] Sent: Thursday, October 02, 2008 1:27 PM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>> Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder One thing that does affect clients, depending upon the configuration, is the recursive nature of the DNS configuration. (and dang if I just can't remember which is recursive and which isn't - I have to go look it up EVERY time!) Both scenarios assume the DNS server does not have the answer in cache! The client asks the DNS server a question The DNS server replies back: don't know - go ask DNS server "X" The above puts the load on the client. Or... The client asks the DNS server a question The DNS server looks up the answer (from cache or other DNS servers) and returns the answer to the client This puts the load on the DNS server. There are pro's and con's for both. It can also impact how the client functions - as the second method can make the client's name resolver "wait" - and if it takes too long, the client times out and can go to the next DNS server in the list (or is probably asking multiple DNS servers the questions at the same time). -----Original Message----- From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>] On Behalf Of Rand Salazar Sent: Thursday, October 02, 2008 3:34 PM To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Just the typical AD delegated zone type. I'm just trying to see if there are functional difference between each during the client/server query process. After reading the docs you list (please correct me if I'm mistaken), it doesnt seem to change from a client perspective.. Clients queries their configured DNS server, the DNS server then performs the lookup regardless if the query ends up being locally cached, a stub zone, a delegated zone, or forwarded request and then replies to the client accordingly. The clients dont know the difference of "zone type" involved as the server makes it transparent, unless it cant resolve then in which case it returns an error. Sound ok? I'm probably missing a whole bunch of stuff... On Thu, Oct 2, 2008 at 10:51 AM, <neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>>>> wrote: What do u mean by a "delegated zone"? ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>>] On Behalf Of Rand Salazar Sent: 02 October 2008 14:02 To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>>> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder Thanks for the differences! I guess we could probably throw delegated zones in the mix too! How about them? Now at a network level, from client/server perspective are the query/response different on a trace? I guess what I'm trying to get at is do these different types of zones affect the method in which queries are resolved and responded to. I realize there are forwarded in some form, so I am curious how the interaction between the client resolver and its primary DNS performs the "handoffs" if there is such. On Thu, Oct 2, 2008 at 7:50 AM, <neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com><mailto:neil.ruston@barclayswealth.com<mailto:neil.ruston@barclayswealth.com>>>>> wrote: Stub zone – contains SOA, NS and A records for all name servers in the zone. Updates automatically. Query is 'forwarded' to one of the name servers for the zone. Conditionally forwarder – static, manually administered list of addresses to forward queries to. Stub - http://technet.microsoft.com/en-us/library/cc779197.aspx Forwarder - http://technet.microsoft.com/en-us/library/cc757172.aspx Similar but different neil ________________________________ From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org><mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>>>>] On Behalf Of Rand Salazar Sent: 02 October 2008 12:24 To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><mailto:activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>>> Subject: [ActiveDir] ADDNS: Stub vs Forwarder Hey guys, I am wondering what is the primary difference between the two. On its very basic network level, how would a query/response from a client/server differ if the zone it looked up was stubbed vs forwarded (conditional)? I realize I could do a trace of my own, but I was hoping for some insight from you folks.. Thanks! Rand. ________________________________ Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. ________________________________ Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

kamleshap

Posts:26

10/04/2008 4:03 AM

Well "netmask ordering" is very very basic form of *intelligence*.
It applies at server level only. You can't manage it at individual zone
level.

Intelligent DNS I am talking about can be configured to look at individual
client IP to varying level of netmask. It also has option to enable/disable
round robin at zone level. It also has ability to configure failover for
individual DNS records, it would monitor the primary IP sent to client as
response to query and it would start providing failover IP with smaller TTL
in case of primary failure. I think it is called RADWARE.

-Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Argue for your limitations, and sure enough, they're yours.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On Sat, Oct 4, 2008 at 3:37 AM, Akomolafe, Deji <deji@readymaids.com> wrote:

> Kamlesh,
>
> aren't you describing "Netmask Ordering" in your "Inteliigent DNS"?
>
> As for configuring iterative lookup query on the client side, someone would
> have to look at the codes and come up with an authoritative answer. Someone
> other than me

>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name<http://www.akomolafe.name/> - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________
> From: ActiveDir-owner@mail.activedir.org [
> ActiveDir-owner@mail.activedir.org] On Behalf Of Kamlesh Parmar [
> kamleshap@gmail.com]
> Sent: Friday, October 03, 2008 11:17 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder
>
> well... I had seen the similar setup what was described earlier,
> *intelligent* DNS server giving different answers based on client's IP
> address. Typically used to get clients to nearest server.
> This used to fall flat when there were chains of DNS servers or delegated
> zones before query could get resolved. As answers returned by DNS server
> would be accurate for last server which knew about the zone in question but
> it would mean client getting referred to remote server.
>
> Only way I could think of resolving that was making local DNS server aware
> of all those intelligent zones and thus be the final server who queried
> those intelligent DNS servers for those specific zones.
>
> And other reason was it is possible to disable recursion at DNS server
> level so wondering is it doable at individual client level or not ?
>
> -Kamlesh
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Argue for your limitations, and sure enough, they're yours.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> On Fri, Oct 3, 2008 at 10:55 PM, Akomolafe, Deji <deji@readymaids.com
> <mailto:deji@readymaids.com>> wrote:
> I don't know how.
>
> Maybe custom applications could be written to do that, but I'd wonder why
> one would do so. Why put the load on the client rather than on a server
> designed for the load?
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name/>
> - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________
> From: ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org> [ActiveDir-owner@mail.activedir.org
> <mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Kamlesh Parmar [
> kamleshap@gmail.com<mailto:kamleshap@gmail.com>]
> Sent: Friday, October 03, 2008 3:34 PM
> To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
> Subject: Re: [ActiveDir] ADDNS: Stub vs Forwarder
>
> Not to hijack the discussion,
>
> Is it possible to configure dns client to send only ITERATIVE query rather
> than recursive ?
>
> -Kamlesh
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Argue for your limitations, and sure enough, they're yours.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> On Fri, Oct 3, 2008 at 1:25 PM, Akomolafe, Deji <deji@readymaids.com
> <mailto:deji@readymaids.com><mailto:deji@readymaids.com<mailto:
> deji@readymaids.com>>> wrote:
> Just for completeness: although Windows clients request recursive lookups
> by default, and Windows DNS servers obey such commanding requests by
> default, it is possible to configure a Windows DNS server to NOT do honor
> recursive lookup requests.
>
> In such instance, when a DNS server receives a lookup request for a
> non-local zone, the DNS server will refer the client to the next DNS server
> who "may" have the record. The client then repeats the same commanding
> request to THAT next DNS server.
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name> -
> we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________________
> From: ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org><mailto:
> ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org
> <mailto:ActiveDir-owner@mail.activedir.org><mailto:
> ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org>>] On Behalf Of Akomolafe, Deji
> Sent: Friday, October 03, 2008 9:47 AM
> To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org
> ><mailto:ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org
> >>
> Subject: RE: [ActiveDir] ADDNS: Stub vs Forwarder
>
> David,
>
> Apologies for misreading you.
>
> I agree that the query will be handled differently in some cases, but the
> client has no knowledge of that behavior until it has issued the query, and
> the diff in response is usually dictated by the availability or
> non-availability of a local copy of the zone. Because Windows dns clients
> generally issue recursive queries ("Hey, DNS server! get me the address for
> computerabc in the xyz zone, and don't come back until you've either found
> it or failed to find it"), there is no difference in query REQUEST behaviors
> regardless of the zone state, and consequently, Windows clients will not
> even be aware of (or be concerned with) the mechanics of zone configuration.
>
> This is also true for a DNS server acting as a client.
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name<http://www.akomolafe.name><http://www.akomolafe.name><
> http://www.akomolafe.name/> - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________
> From: ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org><mailto:
> ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org>> [ActiveDir-owner@mail.activedir.org
> <mailto:ActiveDir-owner@mail.activedir.org><mailto:
> ActiveDir-owner@mail.activedir.org<mailto:
> ActiveDir-owner@mail.activedir.org>>] On Behalf Of David Cliffe [
> dc31hz@gmail.com<mailto:dc31hz@gmail.com><mailto:dc31hz@gmail.com<mailto:
> dc31hz@gmail.com>>]
> Sent: Friday, October 03, 2008 6:52

Syndicate

Friends

List Archives

List Archives