630 likes | 770 Vues
[TNT1-114]. DNS and Active Directory NYeWin 6/2/2005 Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com http://blogs.technet.net.com/mjmurphy. Prerequisite Knowledge. Windows Server 2003 Active Directory Structure DNS Concepts. Level 200. Agenda. DNS Features &Configuration
 
                
                E N D
DNS and Active Directory NYeWin 6/2/2005 Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com http://blogs.technet.net.com/mjmurphy
Prerequisite Knowledge • Windows Server 2003 • Active Directory Structure • DNS Concepts Level 200
Agenda • DNS Features &Configuration • Active Directory Integration • Installing and Managing DNS
DNS Features &Configuration DNS Basics • Domain Naming System • Name Resolution Protocol for TCP/IP Networks • Hierarchical, Distributed Database Forward Lookup Zone Reverse Lookup Zone Who is NY-CERT-01? Who is 192.168.80.9? TCP/IP NY-CERT-01 = 192.168.80.6 192.168.80.9 = NY-WXP-01
DNS Features &Configuration Namespace Structure Internet Root . Top-level Domains com org Second Level Domains gov Contoso.com WideWorldImporters.com IRS.gov us.Contoso.com research.Contoso.com Sub-domains
DNS Features &Configuration Namespace Structure Contoso.local us.Contoso.local research.Contoso.local
DNS Features & Configuration Name Resolution by Root Hints DNS Server Query: www.contoso.com Requesting Client
DNS Features & Configuration Name Resolution by Root Hints DNS Server Requesting Client
DNS Features & Configuration Name Resolution by Root Hints DNS Server Query: www.contoso.com Reply: com is delegated to com Server “.” Zone Delegation com Zone Requesting Client
DNS Features & Configuration Name Resolution by Root Hints DNS Server Query: www.contoso.com Reply: com is delegated to com Server “.” Zone Query: www.contoso.com Delegation Reply: contoso.com is delegated to contoso.com Server Reply: 192.168.80.5 Query: www.contoso.com com Zone Delegation contoso.com Zone Requesting Client
DNS Features & Configuration Name Resolution by Root Hints DNS Server Query: www.contoso.com Reply: com is delegated to com Server “.” Zone Query: www.contoso.com Delegation Reply: contoso.com is delegated to contoso.com Server Query: www.contoso.com Reply: 192.168.80.5 com Zone Delegation contoso.com Zone Requesting Client
DNS Features & Configuration Name Resolution by Root Hints DNS Server Query: www.contoso.com Reply: com is delegated to com Server “.” Zone Query: www.contoso.com Delegation Reply: contoso.com is delegated to contoso.com Server Reply: 192.168.80.5 Query: www.contoso.com Reply: 192.168.80.5 com Zone Delegation contoso.com Zone Requesting Client
DNS Features & Configuration Name Resolution by Forwarding Internal DNS Server Query: www.contoso.com Requesting Client
DNS Features & Configuration Name Resolution by Forwarding Internal DNS Server DMZ DNS Server Query: www.contoso.com Requesting Client
DNS Features & Configuration Name Resolution by Forwarding Internal DNS Server DMZ DNS Server “.” Zone Query: www.contoso.com com Zone contoso.com Zone Requesting Client
DNS Features & Configuration Name Resolution by Forwarding Internal DNS Server DMZ DNS Server Query: www.contoso.com Requesting Client
DNS Features & Configuration Name Resolution by Forwarding Internal DNS Server DMZ DNS Server Query: www.contoso.com contoso.com Zone Requesting Client
Agenda • DNS Features & Configuration • Active Directory Integration • Installing and Managing DNS
Active Directory IntegrationPrimary and Secondary Zones London Site Seattle Site Primary DNS Server Secondary DNS Servers Secondary DNS Servers Secondary DNS Servers New York Site Tilbury Site
Active Directory IntegrationPrimary and Secondary Zones London Site Seattle Site Primary DNS Server Secondary DNS Servers Secondary DNS Servers Secondary DNS Servers New York Site Tilbury Site
Active Directory IntegrationPrimary and Secondary Zones London Site Seattle Site Primary DNS Server Secondary DNS Servers Secondary DNS Servers Secondary DNS Servers New York Site Tilbury Site
Active Directory IntegrationPrimary and Secondary Zones London Site Seattle Site Primary DNS Server Secondary DNS Servers Secondary DNS Servers Secondary DNS Servers New York Site Tilbury Site
Active Directory IntegrationPrimary and Secondary Zones London Site Seattle Site Primary DNS Server Secondary DNS Servers Secondary DNS Servers Secondary DNS Servers New York Site Tilbury Site
Active Directory IntegrationActive Directory Integrated Zones London Site Seattle Site Primary DNS Server Primary DNS Servers Primary DNS Servers Primary DNS Servers New York Site Tilbury Site
Active Directory IntegrationActive Directory Integrated Zones London Site Seattle Site Primary DNS Server Primary DNS Servers Primary DNS Servers Primary DNS Servers New York Site Tilbury Site
Active Directory IntegrationActive Directory Integrated Zones London Site Seattle Site Primary DNS Server Primary DNS Servers Primary DNS Servers Primary DNS Servers New York Site Tilbury Site
Active Directory IntegrationAD Integrated Zone Structure NY-DNS-01 Forward Lookup Zones Contoso.com _msdcs _sites Contoso.com _tcp _udp DomainDnsZones ForestDnsZones Reverse Lookup Zones
Active Directory IntegrationDirectory Partitions DC=WideWorldImporters,DC=com CN=Configuration,DC=WideWorldImporters,DC=com CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com
Active Directory IntegrationDirectory Partitions DC=WideWorldImporters,DC=com CN=Configuration,DC=WideWorldImporters,DC=com CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com DC=DomainDnsZones,DC=WideWorldImporters,DC=com DC=ForestDnsZones,DC=WideWorldImporters,DC=com
Active Directory IntegrationDirectory Partitions DC=WideWorldImporters,DC=com CN=Configuration,DC=WideWorldImporters,DC=com CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com DC=DomainDnsZones,DC=WideWorldImporters,DC=com DC=ForestDnsZones,DC=WideWorldImporters,DC=com DC=Intranet,DC=WideWorldImporters,DC=com
Active Directory IntegrationForward Lookup Zones • Stores all Resource Records for Zone • Translates FQDN into IP Addresses • Required by AD to locate Services
Active Directory IntegrationReverse Lookup Zones • Stores all PTR records for Zone • Resolves IP Addresses to FQDN • Application Security
Active Directory IntegrationStub Zones Stub Zone: research.contoso.com Parent Zone: contoso.com SOA: research.contoso.com NS: DNS01.research.contoso.com A: 192.168.80.25 NS: DNS02.research.contoso.com A: 192.168.80.25 DNS01.contoso.com Zone Transfer Child Zone: research.contoso.com SOA: research.contoso.com NS: DNS01.research.contoso.com A: 192.168.80.25 MX: mail.research.contoso.com SRV: _ldap._tcp.research.contoso.com SRV: _kerberos._tcp.research.contoso.com NS: DNS02.research.contoso.com A: 192.168.80.25 DNS01.research.contoso.com
Active Directory IntegrationDelegation of Authority • Divide Namespace into Additional Zones • Delegate DNS Management • Divide DNS Zones to Distribute Traffic • Extend the Namespace
Active Directory IntegrationDelegation of Authority • Divide Namespace into Additional Zones • Delegate DNS Management • Divide DNS Zones to Distribute Traffic • Extend the Namespace contoso.com research eur asia us
Active Directory IntegrationDelegation of Authority • Divide Namespace into Additional Zones • Delegate DNS Management • Divide DNS Zones to Distribute Traffic • Extend the Namespace Delegation & Glue Records Added research.contoso.com NS dns1.research.contoso.com dns1.research.contoso.com A NS 192.168.32.1 contoso.com research dns1.research.contso.com registers SOA for the delegated zone. eur asia us
Agenda • DNS Features & Configuration • Active Directory Integration • Installing and Managing DNS
Installing and Managing DNS Configure Your Server Wizard • Single Management Interface • Manage Server Roles • Integrated with Microsoft Help
Installing and Managing DNS DNS Installation Wizard • Simplifies Configuration of Server Roles • Installs Only Required Components • Ensures Secure Configuration
Installing and Managing DNS DNS Management Console • Microsoft Management Console Snap-in • Organizes DNS Hierarchy • Manage Multiple DNS Servers
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS) • Host (A)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS) • Host (A) • Alias (CNAME)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS) • Host (A) • Alias (CNAME) • Mail Exchanger (MX)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS) • Host (A) • Alias (CNAME) • Mail Exchanger (MX) • Pointer (PTR)
Installing and Managing DNS DNS Resource Records • Start of Authority (SOA) • Name Server (NS) • Host (A) • Alias (CNAME) • Mail Exchanger (MX) • Pointer (PTR) • Service Location (SRV)
Installing and Managing DNS Other Resource Records Types Next Domain (NXT) Mailbox Information (MINFO) Public Key (KEY) Host Information (HINFO) Well Known Services (WKS) Integrated Services Digital Network (ISDN) AFS Database (AFSDB) Responsible Person (RP) Signature (SIG) Renamed Mailbox (MR) Mailbox (MB) ATM Address (ATMA) Route Through (RT) Mail Group (MG) IPv6 Host (AAAA) X.25 (X25) Text (TXT) Option (OPT)
Installing and Managing DNS Registering Service Locator Records • NETLOGON.dns lists SRV records