Hi,
My firm has a domain insert-domain-here.com that has a couple of systems running an alternate OS hosting DNS for the domain externally. Those systems are considered authoritative for the zone from the registrar's perspective. There is an internal insert-domain-here.com zone hosted on Windows 2008 R2 AD servers. We also have Windows 2008 R2 AD servers in our DMZ which have a stub zone for insert-domain-here.com as well as listing the external systems as forwarders. The AD servers in the DMZ are VMs that have 2G of memory and a single core allocated to them.
We recently ran into a situation during a patching cycle where systems that were using the DMZ AD servers for DNS ended up following the forwarder instead of the stub zone reference. Just as a note, the records queries that exhibited this behavior are for A records that are delegated from our internal AD servers to a global site selector.
Would there be any reason why the forwarder would take precedence over the stub zone?
Thanks,
-J.