Internal DNS zones displaying differently from each other

Question

I have a number of projects with subdomains under our main internal MS DNS server.

Some of these - such as 'projects' show up as separate top level forward lookup zones, Others for example 'QA' and Secure QA. show up as subdomains of the main domain, as shown.

What is the difference between these two, and how can I move between the two of them?

Answer 1

As a primer, I recommend a quick review of the What happens when two DNS zones intersect on the same server? Q&A. You've already seen that due to my misunderstanding in the comments, but others who have the same question in the future might not have found that yet.

What is the difference between these two?

Each of the "more specific" domains (i.e. projects.example.org) have implicitly created an identically named zone cut within the parent domain, example.org.

The functional differences are:

1. Mandatory SOA and NS records appear at the top of the new sub-zone, which were otherwise not required.
2. If you were to define an identically named record (i.e. project) in example.org with a different A record, it would be ignored. This also applies to all children of the identically named record. This is what the "cut" of zone cut refers to.
3. It provides a different way of organizing and/or managing the data.
   • If project.example.org has 1000 records, but example.org only has 20, this helps to contain the clutter. This is less of an issue in a GUI environment like Windows (which can folder as demonstrated in your screenshot), but in a flat text file this can be quite convenient.
   • Likewise, your software may allow you to apply a different set of settings (including permissions) to the child zone. There are several scenarios where it is not desirable to apply settings to an entire domain, and this allows you to manage them separately.
4. It introduces confusion. Someone is inevitably going to create a hidden record in the parent domain, not realizing the existence of an implied zone cut.

How can I move between the two of them?

It depends on the direction the data is moving.

If you want to carve out additional sub-zones, you would create that forward zone just like you would any other. You would then re-create all of the applicable records that were present in the parent zone. Since a zone cut would be put into effect the moment that this new zone is created, it's highly recommended that you do this during a downtime window - from the perspective of your clients, the freshly created sub-zone would be empty and the old DNS records would cease to exist. If your software allows you to pre-populate this data before activating the new zone, this is always preferable.

If you want to eliminate the additional zones (after carefully considering whether there is a good reason for them to have been created), your only option is to re-create all of the sub-zone records within the parent zone. You would then remove the sub-zone to eliminate the zone cut. Make sure you have a backup of the zone data before deleting it!