Sign up to access this lesson
Click here to sign up and get access to this lesson!

Saving Progress...
In this Video:
- We will describe Stub Zones
- We will consider the differences between a conditional forwarder, a delegation and a stub zone.
- We will describe a scenario in which stub zones could be used in your organization.
- At the completion of this lecture, you will know how to use stub zones in your lab or your organization.
What is a Stub Zone? How are stub zones different from conditional forwarders or delegations?
Describe a Stub Zone
- A stub zone is a pointer, that points to another DNS server (we will call this server the target server).
- A stub zone is unique in that it can dynamically update itself.
- If things change (at the target domain) if DNS servers are added removed. Stub Zones know about those changes where delegations or conditional forwarders would have to be manually changed.
- A stub zone is a forward lookup zone. A stub zone only requires the SOA and the NS records from the other DNS server (or the target), which are normally publicly available.
- Stub zones are useful in that they are dynamically configured and basically can take care of themselves.
Describe Conditional Forwarders and Delegations
- Delegations and conditional forwarder are configured to point to other servers as well.
- When a conditional forwarder or a delegation is configured, a single server is used to resolve names. If that server (the target) goes down the clients won’t be able to get to the data that they require.
- Delegations and conditional forwarders are useful if there are no future changes made at the target domain.
LAB Prerequisites:

- Setup Three Windows 2016 Servers
- Two of those servers should be “stand alone” domains (completely separated) I used hq.com and uss.com.
- For the domain uss.com install Active Directory on SVR-US, On SVR-DNS1 install DNS. This server could be a member server.
- Setup one server in the hq.com domain, this server has Active Directory installed.
Scenario:
Your company, Computer Associates has just purchased United Security Services.
Both companies have completely separate Domains. The Managers at HQ need access to servers in the uss.com domain. You are the DNS administrator.
How will you configure DNS to satisfy the following requirements from management?
- Management will need access to certain files in the uss.com domain
- Management request fault tolerance, so that if one DNS server goes down they will not lose access to the files that they require.

Step 1
From the server SVR-CA, open a command prompt and type ping svr-us.uss.com. Ping cannot find the server. This proves that there is no access to SVR-US.
Step 2 Stub Zone Creation
From SVR-CA (we will call this the source), open server manager, tools, DNS. Double click the forward lookup zone, the current zones are displayed.
Right click forward lookup, select new zone, click next, Select Stub Zone, check store in Active Directory, click next.
Select how you want zone data replicated, in this case I select to all DNS servers running on Domain Controllers in this domain, click next.
For zone name type uss.com, click next. Type the IP address of the server that the stub zone will point too (or the target) in this case type the IP address for SVR-US which is 192.168.0.25. Click in the box. SVR-US is validated, click next, click finish Double click on the zone uss.com – Why would you receive this error Zone Not Loaded by DNS Server?
It is because Zone transfers have not been enabled on the uss.com zone.
Step 3 – Enable zone transfers
From SVR-US server (we will call this the target), open server manager, tools, DNS. Double click forward lookup zone, right click uss.com, select properties, click zone transfers, check allow zone transfers, select only to the following servers, click edit, type in the IP address of the server that you wish to send zone data too.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.
CURRICULUM
Course Introduction • 10min
0 / 2 lessons complete
Instructor and Course Introduction
Video | 7 min
What's New in Windows Server 2016 DNS
Free lesson
Video | 3 min
DNS Basics • 56min
0 / 8 lessons complete
What is DNS
Video | 3 min
Installing the DNS Windows Server Role
Video | 6 min
Building DNS Server Quiz
Quiz | 10 Questions
The Hosts File
Video | 4 min
DNS Console Overview
Video | 7 min
Recursive and Iterative Queries
Video | 8 min
DNS Basics LAB
Video | 10 min
DNS Basics Quiz
Quiz | 8 Questions
DNS Resource Records • 45min
0 / 5 lessons complete
DNS Resource Record Types
Video | 3 min
Creating the mytestzone Forward Lookup Zone
Text | 2 min
Creating DNS Resource Records
Video | 4 min
Creating DNS Resource Records Lab
Lab | 30 min
DNS Resource Records Quiz
Quiz | 7 Questions
DNS Zones • 4hr 11min
0 / 12 lessons complete
DNS Zones
Video | 4 min
Creating a Forward and Reverse Lookup Zone
Video | 5 min
Creating a Secondary Zones
Video | 9 min
Stub Zone Creation
Video | 11 min
Active Directory Zone Replication
Video | 12 min
Implementing DNS Forwarding
Video | 8 min
Implementing Conditional DNS Forwarding
Video | 7 min
Forward and Reverse Zone Creation Lab
Lab | 60 min
Creating a Secondary Zone Lab
Lab | 30 min
Conditional Forwarding Lab
Lab | 60 min
Creating a Stub Zone Lab
Lab | 30 min
DNS Zones Quiz
Quiz | 15 Questions
DNS Delegation • 50min
0 / 4 lessons complete
Domain Name System and DNS Delegation
Video | 7 min
Windows 2016 Server and DNS Zone Delegation
Video | 8 min
DNS Delegation Lab
Lab | 30 min
QUIZ - Domain Name System and DNS Delegation
Quiz | 5 Questions
DNS Security Techniques • 36min
0 / 5 lessons complete
DNS Security Techniques Overview
Video | 9 min
Configuring DNS Cache Locking
Video | 5 min
Configuring DNS Socket Pools
Video | 6 min
Configuring Response Rate Limiting
Video | 8 min
DNS Security Techniques Quiz
Quiz | 8 Questions
Advanced DNS Topics • 22min
0 / 5 lessons complete
Overview of Advanced Topics
Video | 1 min
Enabling Round Robin and Netmask Ordering
Video | 5 min
Configuring Recursion
Video | 4 min
IPV4 and IPV6 Root HInts
Video | 6 min
Advanced DNS Topics Quiz
Quiz | 6 Questions
DNS Security (DNSSEC) • 1hr 16min
0 / 6 lessons complete
Windows DNS Security Overview
Video | 7 min
Symmetric vs Asymmetric Encryption
Video | 5 min
Installing DNSSEC on Windows 2016 Server
Video | 12 min
DNSSEC Client Install
Video | 7 min
DNSSEC (DNS Security Lab)
Lab | 30 min
DNSSEC Quiz
Quiz | 15 Questions
DNS Policies • 55min
0 / 6 lessons complete
DNS Policies Background Information
Video | 8 min
Configuring DNS Filtering
Video | 7 min
Configuring Split Brain DNS in an Active Directory Environment
Video | 12 min
Configuring DNS Selective Recursion Policy
Video | 7 min
Configuring a Traffic Management Policy
Video | 11 min
DNS Policies Quiz
Quiz | 10 Questions
PowerShell for DNS • 1hr 27min
0 / 6 lessons complete
PowerShell for DNS Part 1
Video | 2 min
PowerShell for DNS Part 2
Video | 5 min
PowerShell for DNS Part 3
Video | 10 min
PowerShell for DNS Part 4
Video | 5 min
PowerShell for DNS LAB
Lab | 60 min
Powershell for DNS Quiz
Quiz | 5 Questions
Troubleshooting DNS Issues - Troubleshooting Tools • 1hr 39min
0 / 8 lessons complete
Troubleshooting Tools Every IT Pro Must Know
Video | 9 min
The Events Viewer Overview
Video | 6 min
Subscriptions
Video | 9 min
Monitoring and Debug Logging
Video | 9 min
Trouble-Shooting DNS Client Issues
Video | 4 min
Troubleshooting Subscriptions Lab
Lab | 30 min
DNS Troubleshooting Lab
Lab | 30 min
DNS Troubleshooting Quiz
Quiz | 2 Questions