Home

Certification Links

Review Questions

Exam Objectives

Student Aids & Downloads

Links

Contact
Rob Elder
Short Bio

Training Contacts
JP Hurd

Welcome to NetworkCert.NET
Aids and Tools for Networking Certifications

Stub Zones
(from Windows 2003 Help and Support)

Understanding stub zonesA stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to keep a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone and thereby maintain DNS name resolution efficiency.

A stub zone consists of:

The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone.
The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.

For more information, see Using stub zones.

Stub zone resolution
When a DNS client performs a recursive query operation on a DNS server hosting a stub zone, the DNS server uses the resource records in the stub zone to resolve the query. The DNS server sends an iterative query to the authoritative DNS servers specified in the NS resource records of the stub zone as if it were using NS resource records in its cache. If the DNS server cannot find the authoritative DNS servers in its stub zone, the DNS server hosting the stub zone attempts standard recursion using its root hints.

The DNS server will store the resource records it receives from the authoritative DNS servers listed in a stub zone in its cache, but it will not store these resource records in the stub zone itself; only the SOA, NS, and glue A resource records returned in response to the query are stored in the stub zone. The resource records stored in the cache are cached according to the Time-to-Live (TTL) value in each resource record. The SOA, NS, and glue A resource records, which are not written to cache, expire according to the expire interval specified in the stub zone's SOA record, which is created during the creation of the stub zone and updated during transfers to the stub zone from the original, primary zone.

If the query was an iterative query, the DNS server returns a referral containing the servers specified in the stub zone.

Communication between DNS servers hosting parent and child zones
A DNS server that has delegated a domain to a child zone on a different DNS server is made aware of new authoritative DNS servers for the child zone only when the resource records for these new DNS servers are added to the parent zone hosted on the DNS server. This is a manual process and requires that the administrators for the different DNS servers communicate often. With stub zones, a DNS server hosting a stub zone for one of its delegated domains can obtain updates of the authoritative DNS servers for the child zone when the stub zone is updated. The update is performed from the DNS server hosting the stub zone and the administrator for the DNS server hosting the child zone does not need to be contacted. This functionality is explained in the following example.

Stub zone scenario
A DNS server authoritative for the parent zone, example.com, has delegated a subdomain, widgets.example.com, to separate DNS servers. When the delegation for the domain widgets.example.com was originally performed, the parent zone contained only two NS records for the widgets.example.com zone's authoritative DNS servers. Later, administrators of the child zone configured additional DNS servers as authoritative for the zone but did not notify the administrators of the DNS server hosting the parent zone, example.com. As a result, the DNS server hosting the parent zone, example.com, is unaware of the new DNS servers authoritative for its child zone, widgets.example.com, and continues to query the only two authoritative DNS servers of which it is aware.

This situation is remedied by configuring the DNS server authoritative for the parent zone, example.com, to host a stub zone for the delegated domain, widgets.example.com. When the administrator of the authoritative DNS server for example.com updates the stub zone, it queries the stub zone's master servers to obtain the authoritative DNS server resource records for widgets.example.com. Consequently, the DNS server authoritative for the parent zone will learn about the new DNS servers authoritative for the widgets.example.com child zone and be able to perform recursion to all of the child zone's authoritative DNS servers.

The following figure demonstrates how a stub zone hosted on the same DNS server as the parent zone updates the authoritative server data for the child zone.