1 / 25

CN1276 Server

CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 12: Configuring Name Resolution and Additional Services Quiz Exercise. Name Resolution. Host name can be resolved by host file or the Domain Name System (DNS)

prince
Télécharger la présentation

CN1276 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 12: Configuring Name Resolutionand Additional Services • Quiz • Exercise

  3. Name Resolution • Host name can be resolved by host file or the Domain Name System (DNS) • The Domain Name System (DNS) provides the default name resolution mechanism for AD, the Internet, and the majority of modern TCP/IP networks • NetBIOS/Computer Names can be resolved by lmhost file or Windows Internet Naming Service (WINS)

  4. Domain Name System (DNS) • Main components of DNS: • DNS namespace • Microsoft.com, lucernepublishing.com, etc • Name Server • Contains all the info in their authoritative domain • Maintain information about the domain tree structure • It has pointers to other name servers that enable it to access information about any other area of the tree • Resolver • Translate the request into IP/Host name as needed with information from Name server

  5. Resource Records • The resource record is the fundamental data storage unit in all DNS servers. • Start of Authority (SOA) • Identifies which name server is the authoritative source of information • See Table 12-1 on Page 249 • Name Server (NS) • Identifies the name server for the particular zone or domain • Host (A) • Provide name-to-ip address translation • Host (AAAA) • The IPv6 equivalent of an A record in IPv4

  6. Resource Records • The resource record is the fundamental data storage unit in all DNS servers • Canonical Name (CNAME) • Alias / uses it to hold another name in the standards DNS naming format • A record for WWW, then you create CNAME for FTP • Mail Exchanger (MX) • Exchange – the mail server name/IP • Preference - the lower the value, the higher the priority for mail server • Pointer (PTR) • Provides ip address-to-name mapping • Service Record (SRV) • Enables clients to locate servers that providing a particular service

  7. How DNS works? • Host send DNS request to DNS server • DNS server either replied with cached information or forwards the request to root name servers • The root name server read the top-level domain (.com, .net, etc) and reply the IP of the second level domain (microsoft, lucerne, etc) • The client’s DNS server request the info from the second level. Then resolve the request with the replied information • See Figure 12-2 on Page 253

  8. DNS Referrals and Queries. • The process by which one DNS server sends a name resolution request to another DNS server is called a referral. • DNS servers recognize two types of name resolution requests: • Recursive Query. • Iterative Query.

  9. Recursive Query • The DNS server receiving the name resolution request takes full responsibility for resolving the name • If the server possesses information about the requested name, it replies immediately to the requester • If the server has no information about the name, it sends referrals to other DNS servers until it obtains the information it needs • TCP/IP client resolvers always send recursive queries to their designated DNS servers

  10. Iterative Query • The server that receives the name resolution request immediately responds to the requester with the best information it possesses • This information can be cached or authoritative, and it can be a resource record containing a fully resolved name or a reference to another DNS server • DNS servers use iterative queries when communicating with each other

  11. Reverse Name Resolution • Used to convert an IP address into a DNS name. • Uses reverse lookup zones and Pointer (PTR) resource records • The DNS developers created a special domain called in-addr.arpathat is specifically designed for reverse name resolution • To resolve 10.2.4.50, DNS server locates a domain named 4.2.10.in-addr.arpa

  12. Internal and External DNS Name Resolution • DNS strategies: • Use the same domain name internally and externally • You might have the duplicate DNS name on both internal and external • Create separate and unrelated internal and external domains • You have to register two domains, one for internal and one for external • Make the internal domain a subdomain of the external domain

  13. DNS Server Types • Caching-Only Server • Contains no zones and host • Provide name resolution for your clients by caching values as it forwards the requests to other DNS servers • You can install on remote server to perform names resolution by direct all request to your main office

  14. DNS Server Type • Forward • Forward the queries to another DNS server • Receives queries from other DNS servers that are explicitly configured to send them • Conditional Forwarder • Will forward queries selectively based on the domain specified in the name resolution request

  15. DNS Zones • Every zone consists of a zone database that contains the resource records for the domains in that zone. • The DNS server in Windows Server 2003 supports three zone types that specify where the server stores the zone database and the kind of information it contains: • Primary zone. • Secondary zone. • Stub zone.

  16. Primary Zone • A primary zone contains the master copy of the zone database, in which administrators make all changes to the zone’s resource records • If the Store The Zone In Active Directory (Available Only If DNS Server is a DC) checkbox is not selected, the server creates a primary master zone database file on the local drive, also called a standard zone (simple text file) • If the checkbox is selected, it is an AD–integrated zone, which the DNS data is stored within the AD database itself

  17. Secondary Zone • A secondary zone is a read-only copy of the data that is stored within a primary zone on another server • A text file is stored on the server’s local drive • You can only update them by replicating the primary master zone database file using the zone transfer process

  18. Stub Zone • A stub zone is a copy of a primary zone that contains SOA, NS records, and the Host (A) records that identify the authoritative servers for the zone • The stub zone forwards or refers requests to the appropriate server • When you create a stub zone, you configure it with the IP address of the server that hosts the primary zone from which the stub zone was created

  19. Zone Transfers • When you add a new DNS server and configure it as a new secondary master name server • Full zone transfer (AXFR) • Incremental zone transfer (IXFR) • Secondary name server will pull only the zone changes (Based on the Serial field in the SOA)

  20. DNS and DHCP/WINS • You can use DHCP to streamline the process of assigning DNS servers to your clients to use for name resolution • Each client must be configured to use a DNS server for name resolution • Hosts a primary or secondary zone containing the SRV records for your AD domain • Is configured with a stub zone or forwarders to a DNS server that hosts these SRV records

  21. Additional Services • Active Directory Rights Management Service (AD RMS) • A Windows Server 2008 service that you can use to protect sensitive data on a Windows network • To control who can open, modify, print, or forward email messages • Required: • Windows Server 2008 with AD RMS role and IIS • Database server such as SQL Server 2005 • A computer running the AD RMS client software, such as Vista • Wins Server 2003 domain functional level or better • AD RMS client (Can download and installed for Win 2k SP4 and later)

  22. Additional Services (Cont.) • Active Directory Federation Services (AD FS) role allows administrators to configure Single Sign-On (SSO) for Web-based applications across multiple organizations • Resource organization • Hosts the shared resources in its perimeter network • Account organization • Manager the accounts used to access the shared resources in SSO designs

  23. Additional Services (Cont.) • ADFS relies on four role services to verify the user • Federation service • Formed by the servers that share a trust policy. Authentication requests will be route to the appropriate source directory to generate security tokens • Federation Service Proxy • Authenticate via proxy server

  24. Additional Services (Cont.) • ADFS relies on four role services to verify the user • Claims-Aware Agent • An agent sits on the web server and initiates queries of security token claims to the federation service. Such as SharePoint Server • Windows Token-Based Agent • Alternate agent that can convert the AD FS security token into an impersonation-level Windows NT access token for applications that rely on Windows Authentication mechanisms

  25. Assignment • Matching • 1-10 • Multiple Choice • 1-10 • Online Lab 12

More Related