1 / 47

Objectives

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy. Objectives. Describe the functions of the Domain Name System Choose a DNS namespace strategy Install DNS Explain the function of DNS zones

thanh
Télécharger la présentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, EnhancedChapter 7: Planning a DNS Strategy

  2. Objectives • Describe the functions of the Domain Name System • Choose a DNS namespace strategy • Install DNS • Explain the function of DNS zones • Integrate Active Directory and DNS, including Dynamic DNS • Integrate DNS with WINS 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  3. Functions of the Domain Name System • DNS is used to resolve host names to IP addresses and find services • DNS is an essential service for a network that uses Active Directory • DNS is also required if you want resources such as Web servers available on the Internet • The most common operating system DNS is implemented on is UNIX/Linux, and this can be integrated with the Windows version of DNS 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  4. Host Name Resolution • Host names are used because they are easier to remember than IP addresses • When a program uses a host name, the host name must be converted to an IP address before the resource can be contacted 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  5. Host Name Resolution (continued) • The contents of a hosts file are a list of IP addresses and host names • The steps followed by Windows Server 2003 to resolve host names are: • Host name is checked • Hosts file is loaded into cache • DNS cache is searched • DNS server is queried 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  6. Host Name Resolution (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  7. Activity 7-1: Configuring a Hosts File • The purpose of this activity is to configure and test a hosts file 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  8. Forward Lookup • When a DNS server resolves a host name to an IP address it is known as forward lookup • Resolving host names within an organization is a two-packet process • In recursive lookup a DNS query that is resolved through other DNS servers until the requested information is located 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  9. Forward Lookup (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  10. Registering a Domain Name • To participate in the worldwide DNS lookup system, you must register your domain name with a registrar • A top-level domain (TLD) name is the highest level of domain in the DNS system • A registrar is an organization that puts domain information into the top-level domain DNS servers so that your domain will be integrated with the worldwide DNS system 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  11. Registering a Domain Name (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  12. Reverse Lookup • When DNS is used to resolve IP addresses to host names, the process is known as reverse lookup • A reverse lookup allows you to specify an IP address and the DNS server returns the host name that is defined for it 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  13. DNS Record Types • DNS records are created on a DNS server to resolve queries • Each type of record holds different information about a service, host name, IP address, or domain • Different queries request information contained in specific DNS record types 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  14. DNS and BIND • Berkeley Internet Name Domain (BIND) is a version of DNS that runs on UNIX/Linux • It is the de facto standard for DNS implementation and many other implementations of DNS reference BIND version numbers for feature compatibility 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  15. DNS Namespace Strategies • DNS namespace can be broken into external and internal DNS • External DNS is used to hold records for Internet resources, such as company Web servers and e-mail servers • Internal DNS is used to hold records for internal resources, such as Active Directory and internal Web applications 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  16. DNS Namespace Strategies (continued) • To maintain security, the servers holding internal and external DNS records must remain separate • The three options for utilizing DNS namespaces in Windows Server 2003 are as follows: • Use the existing external namespace • Use a delegated subdomain of the external namespace • Use a separate unique namespace 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  17. Using the Existing External Namespace • Using the existing external namespace has some disadvantages: • It is awkward to synchronize DNS records between the internal and external DNS servers because no automated mechanism can be used (not recommended) • The automated synchronization mechanisms synchronize all DNS records between two DNS servers, not just the appropriate records; this results in internal DNS records being available on the external DNS servers (security risk) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  18. Using the Existing External Namespace (continued) • The records for external resources must be manually added to the internal DNS servers • If not, users cannot resolve the names of external resources properly 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  19. Using a Delegated Subdomain of the External Namespace • A delegated subdomain: • Has been configured as its own zone so that it can be placed on DNS servers independently of the parent domain • Allows you to keep separate DNS servers for internal and external resources with no need to synchronize records 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  20. Using a Separate Unique Namespace • Do not use a domain name for your internal namespace if it has already been registered for use on the Internet • You should register the internal namespace you choose, if possible • You can also choose a domain name that is not even possible to use on the Internet 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  21. Installing DNS • Windows Server 2003 can act as a DNS server • Can install DNS on multiple servers and you must add DNS individually to each of these servers • To reduce WAN traffic in large organizations, DNS servers can be placed in each physical location • To decide the best placement of DNS servers during the planning process, estimate the amount of traffic that will be generated by DNS 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  22. Activity 7-2: Installing DNS • The purpose of this activity is to install DNS on your server and confirm it is running 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  23. DNS Zones • A DNS zone is the part of the DNS namespace for which a DNS server is responsible • Once inside the zone, you can create DNS records and subdomains • When a zone is created, you designate whether it will hold records for forward lookups or reverse lookups • Forward lookup zone: holds records for forward lookups • Reverse lookup zone: holds records for reverse lookups 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  24. Primary and Secondary Zones • Primary and secondary zones are used to synchronize DNS information automatically between DNS servers • A primary zone is the first to be created, and all of the DNS records are created in the primary zone • A secondary zone takes copies of primary zone information • You cannot directly edit the records in a secondary zone because they are copied from the primary zone • The process of moving information from the primary zone to the secondary zone is called a zone transfer 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  25. Activity 7-3: Creating a Primary Zone • The purpose of this activity is to create a primary zone to hold resource records 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  26. Activity 7-4: Creating a Secondary Zone • The purpose of this activity is to create a local copy of DNS information using a secondary zone 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  27. Active Directory Integrated Zones • An Active Directory integrated zone stores information in Active Directory rather than in a file on the local hard drive • To store DNS information in an Active Directory integrated zone, the DNS server must also be a domain controller 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  28. Active Directory Integrated Zones (continued) • Storing DNS information in Active Directory offers the following advantages over traditional primary and secondary zones: • Automatic backup of zone information • Multimaster replication • Increased security 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  29. DNS Zone Storage in Active Directory • Two areas in Active Directory can be used to store DNS zones: • Domain directory partition • Application directory partition • The domain directory partition of Active Directory holds information specific to a particular Active Directory domain • This partition is replicated to all domain controllers in an Active Directory domain • The information in this partition cannot be replicated to domain controllers in other Active Directory domains 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  30. DNS Zone Storage in Active Directory (continued) • Application directory partitions allow information to be stored in Active Directory but be replicated only among a defined set of domain controllers 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  31. Activity 7-5: Promoting a Member Server to a Domain Controller • The purpose of this activity is to promote a member server to a domain controller 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  32. Activity 7-6: Creating an Active Directory Integrated Zone • The purpose of this activity is to create an Active Directory integrated zone 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  33. Integrating Active Directory Integrated Zones with Traditional DNS • Active Directory integrated zones interact with traditional zones by acting as a primary zone to traditional secondary zones 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  34. Stub Zones • A stub zone is a DNS zone that holds only NS records for a domain • NS records define the name servers that are responsible for a domain 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  35. Stub Zones (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  36. Activity 7-7: Removing Active Directory Integrated Zones • The purpose of this activity is to remove an Active Directory integrated zone 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  37. Activity 7-8: Creating a Stub Zone • The purpose of this activity is to create a stub zone to direct recursive queries 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  38. Active Directory and DNS • Active Directory requires DNS to function properly • The most important function that DNS performs for Active Directory is locating services, such as domain controllers 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  39. Dynamic DNS • Dynamic DNS is a system in which records can be updated on a DNS server automatically rather than forcing an administrator to create records manually 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  40. Activity 7-9: Testing Dynamic DNS • The purpose of this activity is to verify that a computer is registering a host name using Dynamic DNS 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  41. Dynamic DNS and DHCP • The Dynamic DNS information updated by Windows 2000/XP is negotiated with the DHCP server during the lease process • By default, a DHCP server running on Windows Server 2003 updates DNS records only for Windows 2000/XP clients and only if requested to do so 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  42. WINS Integration • To integrate with WINS, a DNS zone can be configured with a WINS server to help resolve names • If a DNS zone receives a query for a host name for which it has no A record, it forwards the request to a WINS server • This results in slower response times and increased processor utilization 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  43. WINS Integration (continued) • If DNS and WINS are running on separate servers, it also results in increased network traffic and even slower response times • Integrating a WINS server with a DNS forward lookup zone creates a WINS record in the zone • You can specify that records resolved via WINS are not replicated to other DNS servers by selecting the Do not replicate this record check box 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  44. WINS Integration (continued) • Can configure timeout intervals with the Advanced button on the WINS tab in the properties of a zone • The Cache time-out controls how long DNS servers and DNS clients cache this record after it is resolved • The Lookup time-out controls how long the DNS server waits for a response from WINS before sending an error to the requesting client 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  45. Summary • DNS is used to resolve host names to IP addresses and find services • Host name resolution is performed in four steps • Forward lookup resolves host names to IP addresses • Reverse lookup resolves an IP address to a host name • Recursive lookup is performed when a local DNS server queries the root servers on the Internet on behalf of a DNS client 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  46. Summary (continued) • DNS records are created on a DNS server to resolve queries • Each type of DNS record holds different information about a service, host name, IP address, or domain • A DNS zone holds records for a portion of the DNS namespace • Active Directory integrated zones are stored in Active Directory • Active Directory integrated zones can act as primary zones to secondary zones 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

  47. Summary (continued) • A stub zone contains name server records that are used for recursive lookups • Dynamic DNS allows records to be automatically updated on a DNS server • A WINS server can be used to help resolve host names if a DNS server does not have a record that matches a query 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

More Related