Question : DNS Architecture

I have two Windows name servers, one that holds primary zones and the other that holds secondary zones. These servers are not part of a domain and host external zones.  We allow each sites external firewalls to transfer zones from the primary server.  

My question is if I want the firewalls to hold an authoritative copy of the zone do I have to list them in the Name Servers tab? Or can I just let them pull the zone and leave only the two Windows name servers in the name servers tab?

Answer : DNS Architecture

I think you are trying to setup something called "hidden primary".
However, in that case it should be the other way round (in parts).
Actually, whether a name server tags its replies as authoritative is not completely identical with wether it appears in NS replies.
The servers in the name server tab are what is returned to someone externally querying your firewall for record type NS. They may try to query the hostnames returned for additional info about the zone, so the reply should make sense to them.
Hence the reply they get should contain the official hostnames of your firewall(s), and it should not contain internal names (e.g. ending in "domain.local") of your Windows boxes

Random Solutions  
programming4us programming4us