310 likes | 495 Vues
Chapter 2. DESIGNING THE DNS STRUCTURE. NAME RESOLUTION PROCESS. DNS FORWARDING. DNS DELEGATION AND NAME RESOLUTION. ANALYZING THE EXISTING DNS IMPLEMENTATION. COMPONENTS OF DNS. DNS zones Zone transfers Server roles. DNS ZONES. ZONE TRANSFERS. Full zone transfer (AXFR)
E N D
Chapter 2 DESIGNING THE DNS STRUCTURE
Chapter 2: DESIGNING THE DNS STRUCTURE NAME RESOLUTION PROCESS
Chapter 2: DESIGNING THE DNS STRUCTURE DNS FORWARDING
Chapter 2: DESIGNING THE DNS STRUCTURE DNS DELEGATION AND NAME RESOLUTION
Chapter 2: DESIGNING THE DNS STRUCTURE ANALYZING THE EXISTING DNS IMPLEMENTATION
Chapter 2: DESIGNING THE DNS STRUCTURE COMPONENTS OF DNS • DNS zones • Zone transfers • Server roles
Chapter 2: DESIGNING THE DNS STRUCTURE DNS ZONES
Chapter 2: DESIGNING THE DNS STRUCTURE ZONE TRANSFERS • Full zone transfer (AXFR) • All resource records for a zone are copied. • Incremental zone transfer (IXFR) • Only the changes made to resource records are copied. • Results in less network traffic.
Chapter 2: DESIGNING THE DNS STRUCTURE SERVER ROLES • Primary DNS server • Contains the local zone database file • Secondary DNS server • Contains a copy of the zone database file • Caching-only DNS server • Caches the answers to queries and returns the results • Does not contain zone information
Chapter 2: DESIGNING THE DNS STRUCTURE IDENTIFYING THE CURRENT NAMESPACE
Chapter 2: DESIGNING THE DNS STRUCTURE DNS NAMESPACE DESIGN • The following business needs affect the DNS naming strategy: • The intended scope of Active Directory • Internet presence • Whether DNS must support Active Directory
Chapter 2: DESIGNING THE DNS STRUCTURE CHOOSING A DNS NAME • Choose and register a root domain name that is unique on the Internet. • The root domain name must conform to DNS naming standards. • Choose meaningful, stable, scalable names. • The root domain name can be an existing DNS domain name.
Chapter 2: DESIGNING THE DNS STRUCTURE DNS INTEROPERABILITY WITH ACTIVE DIRECTORY • Active Directory–integrated zone transfers • Multi-master replication • Fault tolerance • Secure updates • Single replication topology
Chapter 2: DESIGNING THE DNS STRUCTURE DNS INTEROPERABILITY WITH ACTIVE DIRECTORY
Chapter 2: DESIGNING THE DNS STRUCTURE DNS INTEROPERABILITY WITH DHCP
Chapter 2: DESIGNING THE DNS STRUCTURE DNS INTEROPERABILITY WITH WINS
Chapter 2: DESIGNING THE DNS STRUCTURE ZONE REQUIREMENTS
Chapter 2: DESIGNING THE DNS STRUCTURE SECURITY • Potential security threats • Securing the DNS infrastructure • Securing replication data
Chapter 2: DESIGNING THE DNS STRUCTURE SECURING THE DNS INFRASTRUCTURE • Use a private namespace • UDP and TCP port 53 • Disable recursion • Restrict zone transfers • NTFS • Secure updates
Chapter 2: DESIGNING THE DNS STRUCTURE SECURING REPLICATION DATA
Chapter 2: DESIGNING THE DNS STRUCTURE DNS INTEROPERABILITY WITH UNIX BERKELEY INTERNET NAME DOMAIN (BIND) • Windows Server 2003 DNS offers maximum compatibility with Active Directory. • BIND DNS servers can be integrated with Active Directory. • BIND 8.2.2 and later support dynamic updates.
Chapter 2: DESIGNING THE DNS STRUCTURE WINDOWS SERVER 2003 DNS AND BIND COMPARED
Chapter 2: DESIGNING THE DNS STRUCTURE DESIGNING DNS SERVER PLACEMENT
Chapter 2: DESIGNING THE DNS STRUCTURE SERVER PLACEMENT • Fault tolerance • High availability
Chapter 2: DESIGNING THE DNS STRUCTURE MONITORING DNS
Chapter 2: DESIGNING THE DNS STRUCTURE CACHING-ONLY DNS SERVERS
Chapter 2: DESIGNING THE DNS STRUCTURE LOAD BALANCING
Chapter 2: DESIGNING THE DNS STRUCTURE SUMMARY • Before you design DNS, what information do you need about the existing DNS infrastructure? • What are some of the benefits of choosing Active Directory–integrated zones? • What factors influence the DNS namespace design? • How can zone replication data be secured? • What are some ways to improve DNS performance?