Question

Windows Server 2012 - Delegation of Zones

Answer 1

Delegation of zones

To create a delegated zone, it is automatically activated when creating a child domain in an Active Directory forest, in order to create the delegation manually we must first create the zone in the destination server.
To configure the delegation we must follow the following steps:

• Create a primary zone or integrated Active Directory on the server that will be the host of the delegated zone.
  
• In the DNS administration console, right click on the zone to be delegated and select new zone delegation.
  
• On the delegated domain name page of the new delegation wizard create the name of the delegated domain.
  
• Add the address of the DNS server that is Host of the zone for which we are creating the new delegation, the wizard will verify that the server has authority for the delegated zone.

Shared DNS

This type of DNS allows the organization to use the same namespace for both the internal and external network, making the exception that the external network would not have access to resolving internal network locations, thus maintaining the security of said network .
To implement this we must create two zones on different name servers for the same DNS zone.

For example:

• contoso.com is a primary zone integrated to the Active Directory , remember that we can only create this type of zone integrated in a computer that must also be a domain controller so that we can have the replication options active within it. This is replicated to all domain controllers in the internal network of the organization, internal clients would make queries against this server.

• contoso.com is a standard primary zone created on a Windows Server 2012 server that is not a member of the domain and is on the perimeter of our internal network, external clients would make their queries against this server.

In this way we configure the standard primary zone that is hosted on the server that is on the perimeter of our internal network, so that it only accepts manual updates, in this way we manually fill the area with the records to which external hosts should be able to solve, such as the addresses of the Web Servers and the addresses of the Mail Gateways .

Despite having this possibility, many companies choose not to host the public areas that are available, but they have their Internet service provider who is responsible for this task.

As we could see in this tutorial, we have several options when it comes to being able to access our network resources when we have two environments, in this case internal and external, in which we do not want one of the environments (external) to be able to access Different resources, either for security reasons, or for reasons of convenience, since not all information is relevant to all actors in an organization.

---