A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone consists of:
• The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
• The IP address of one or more master servers that can be used to update the stub zone.
The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.
Stub zone resolution
When a DNS client performs a recursive query operation on a DNS server hosting a stub zone, the DNS server uses the resource records in the stub zone to resolve the query. The DNS server sends an iterative query to the authoritative DNS servers specified in the NS resource records of the stub zone as if it were using NS resource records in its cache. If the DNS server cannot find the authoritative DNS servers in its stub zone, the DNS server hosting the stub zone attempts standard recursion using its root hints.
The DNS server will store the resource records it receives from the authoritative DNS servers listed in a stub zone in its cache, but it will not store these resource records in the stub zone itself; only the SOA, NS, and glue A resource records returned in response to the query are stored in the stub zone. The resource records stored in the cache are cached according to the Time-to-Live (TTL) value in each resource record. The SOA, NS, and glue A resource records, which are not written to cache, expire according to the expire interval specified in the stub zone's SOA record, which is created during the creation of the stub zone and updated during transfers to the stub zone from the original, primary zone.
If the query was an iterative query, the DNS server returns a referral containing the servers specified in the stub zone.
Communication between DNS servers hosting parent and child zones
A DNS server that has delegated a domain to a child zone on a different DNS server is made aware of new authoritative DNS servers for the child zone only when the resource records for these new DNS servers are added to the parent zone hosted on the DNS server. This is a manual process and requires that the administrators for the different DNS servers communicate often. With stub zones, a DNS server hosting a stub zone for one of its delegated domains can obtain updates of the authoritative DNS servers for the child zone when the stub zone is updated. The update is performed from the DNS server hosting the stub zone and the administrator for the DNS server hosting the child zone does not need to be contacted. This functionality is explained in the following example.
A stub zone is a read-only copy of a zone, which obtains its resource records from other name servers. It contains copies of only three types of resource records:
1. SOA record for the zone.
2. Name server (NS) records for all name servers authoritative for the zone.
3. Host (A) records for all name servers authoritative for the zone.
These resource records are necessary to identify the authoritative DNS server for the zone. A stub zone is used to streamline name resolution, especially in a split namespace scenario.
A DNS server that is hosting a stub zone is configured with the IP address of the authoritative server from which it loads. DNS servers can use stub zones for both iterative and recursive queries. When a DNS server hosting a stub zone receives a recursive query for a computer name in the zone to which the stub zone refers, the DNS server uses the IP address to query the authoritative server, or, if the query is iterative, returns a referral to the DNS servers listed in the stub zone. A stub zone reduces the amount of DNS traffic on the network and makes DNS more efficient especially over slow WAN links.
Using stub zones
Use stub zones to:
• Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server hosting both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.
• Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers without needing to query the Internet or internal root server for the DNS namespace.
• Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones and are not an alternative when considering redundancy and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
• The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone.
• The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets.example.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.example.com. The list of master servers may contain a single server or multiple servers and can be changed anytime.
Stub zone updates
Stub zone updates involve the following conditions:
• When a DNS server loads a stub zone, it queries the zone's master server for the SOA resource record, NS resource records at the zone's root, and glue A resource records.
• During updates to the stub zone, the master server is queried by the DNS server hosting the stub zone for the same resource record types requested during the loading of the stub zone.
• The Refresh interval of the SOA resource record determines when the DNS server hosting the stub zone will attempt a zone transfer (update).
• If an update fails, the Retry interval of the SOA resource record determines when the update is retried.
• Once the Retry interval has expired without a successful update, the expiration time as specified in the Expires field of the SOA resource record determines when the DNS server stops using the stub zone data.
Use the DNS console in Microsoft Management Console (MMC) to perform the following stub zone update operations:
• Reload. Reload the stub zone from the local storage of the DNS server hosting the stub zone.
• Transfer from master. Have the DNS server hosting the stub zone determine if the serial number in the stub zone's SOA resource record has expired, and then perform a zone transfer from the stub zone's master server.
• Reload from master. Perform a zone transfer from the stub zone's master server regardless of the serial number in the stub zone's SOA resource record.
ref: Updated: January 21, 2005 http://technet.microsoft.com/en-us/library/cc779197.aspx