...
In Figure 19.9, when the NIOS appliance receives the request for the domain name in corp200.com, it determines it does not have the resource records to resolve the query. It does, however, have a list of the authoritative name servers in the stub zone, corp200.com. The appliance then sends a query directly to the name server in corp200.com.
Figure 19.9 Processing a Query with a Stub Zone<place for figure>
| Drawio |
|---|
| border | true |
|---|
| viewerToolbar | true |
|---|
| |
|---|
| fitWindow | false |
|---|
| diagramName | 19.9 |
|---|
| simpleViewer | false |
|---|
| width | |
|---|
| revision | 1 |
|---|
|
Stub zones facilitate name resolution and alleviate name server traffic in your network. For example, the client in the previous examples is in corpxyz.com. The corpxyz.com and corp200.com zones are partners, and send all their communications through a VPN tunnel, as shown in Figure 19.10. The firewall protecting corpxyz.com is configured to send all messages for the 10.2.2.0/24 network through the VPN tunnel. Infoblox_A hosts the stub zone for corp200.com. Therefore, when the host in corpxyz.com sends a query for ftp.sales.corp200.com, Infoblox_A obtains the IP address of Infoblox_B (10.2.2.7) from its stub zone records and sends the query to the firewall protecting corpxyz.com.
Because the destination of the query is in the 10.2.2.0/24 network, the firewall (configured to encrypt all traffic to the network) sends the request through a VPN tunnel to Infoblox_B. Infoblox_B resolves the query and sends back the response through the VPN tunnel. All name server traffic went through the VPN tunnel to the internal servers, bypassing the root servers and external name servers.
Figure 19.10 Stub Zone Configuration <place for figure>| Drawio |
|---|
| border | true |
|---|
| viewerToolbar | true |
|---|
| |
|---|
| fitWindow | false |
|---|
| diagramName | 19.10 |
|---|
| simpleViewer | false |
|---|
| width | |
|---|
| revision | 1 |
|---|
|
In parent-child zone configurations, using stub zones also eases the administration of name servers in both zones. For example, as shown in Figure 19.10, sales.corp200.com is a child zone of corp200.com. On the corp200.com name servers, you can create either a delegated zone or a stub zone for sales.corp200.com.
When you create a delegated zone, you must first specify the name servers in the delegated zone and manually maintain information about these name servers. For example, if the administrator in sales.corp200.com changes the IP address of a name server or adds a new name server, the sales.corpxyz.com administrator must inform the corp200.com administrator to make the corresponding changes in the delegated zone records.
If, instead, you create a stub zone for sales.corp200.com, you set up the stub zone records once, and updates are then done automatically. The name servers in corp200.com that are hosting a stub zone for sales.corp200.com automatically obtain updates of the authoritative name servers in the child zone.
In addition, a name server that hosts a stub zone can cache the responses it receives. Therefore, when it receives a request for the same resource record, it can respond without querying another name server.
...
