Forward lookup zone not updating
You use a catch all forwarding rule typically for this, or root hints.Stub zones (and conditional forwarding for that matter) typically are for situations where you want to resolve DNS names that aren’t on the internet.This is one of the more odd things I’ve noticed as a trend in DNS configurations – clear examples of where stub zones should be used, yet I rarely ever see stub zones in environments except for the ones I set them up for.I suspect it may be because there’s so much widespread misunderstanding of what they are, so people don’t use them, even when they should.Active Directory/DNS is running on Server 2012 R2 in 2012 R2 forest/domain functional levels.DNS forward and reverse lookup zones accept secure dynamic updates only.For domain-joined clients, they will have an A record registered in the forward lookup zone, but not the reverse lookup zone. This can be completed through triggers for ISC DHCP.The IPv4-only script and setup information is available from ISC DHCPd: Dynamic DNS updates against secure Microsoft DNS There is an alternative script that supports IPv4 and IPv6, but using the same premise as the above script is available at
For example, if domain1.local’s DNS zones are managed by a different team than domain2.local’s DNS servers, either domain’s admins might not remember to tell the admins of the other domains that DNS servers have changed. Yet, stub zones are consistently the redheaded stepchild in DNS design. They’re extremely useful, and we should look to use technologies that can help automate our environments. With that said, between the two, stub zones are the better choice, provided your DNS environment meets the following: I think honestly people just know conditional forwarding works, they understand how it works, so they use it instead, even when stub zones would be the clearly better choice.I only point out that if name servers may change either by adding or removing them from the external domain, you have to keep on top of that, whereas stub zones would automatically update in those events. If you use to make the stub zone Active Directory integrated, the zone is stored in AD, and is replicated to at least all the domain controllers in the domain where you created the stub zone, and potentially through the forest.The key difference between the two in the end as far as functionality is concerned is that stub zones have the distinct advantage of automatically updating what the DNS servers are for the other domain, so long as the administrators of the other domain keep the NS, SOA, and glue A records updated properly.