Title: 70293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network Chapter 7: Planning a DNS Stra
170-293 MCSE Guide to Planning a Microsoft
Windows Server 2003 Network Chapter 7
Planning a DNS Strategy
2Objectives
- Describe the functions of the Domain Name System
- Choose a DNS namespace strategy
- Install DNS
- Explain the function of DNS zones
- Integrate Active Directory and DNS, including
Dynamic DNS - Integrate DNS with WINS
3Functions of the Domain Name System
- DNS is used to resolve host names to IP addresses
and find services - DNS is an essential service for a network that
uses Active Directory - DNS is also required if you want resources such
as Web servers available on the Internet - The most common operating system DNS is
implemented on is UNIX/Linux, and this can be
integrated with the Windows version of DNS
4Host Name Resolution
- Host names are used because they are easier to
remember than IP addresses - When a program uses a host name, the host name
must be converted to an IP address before the
resource can be contacted
5Host Name Resolution (continued)
- The contents of a hosts file are a list of IP
addresses and host names - The steps followed by Windows Server 2003 to
resolve host names are - Host name is checked
- Hosts file is loaded into cache
- DNS cache is searched
- DNS server is queried
6Host Name Resolution (continued)
7Activity 7-1 Configuring a Hosts File
- The purpose of this activity is to configure and
test a hosts file
8Forward Lookup
- When a DNS server resolves a host name to an IP
address it is known as forward lookup - Resolving host names within an organization is a
two-packet process - In recursive lookup a DNS query that is resolved
through other DNS servers until the requested
information is located
9Forward Lookup (continued)
10Registering a Domain Name
- To participate in the worldwide DNS lookup
system, you must register your domain name with a
registrar - A top-level domain (TLD) name is the highest
level of domain in the DNS system - A registrar is an organization that puts domain
information into the top-level domain DNS servers
so that your domain will be integrated with the
worldwide DNS system
11Registering a Domain Name (continued)
12Reverse Lookup
- When DNS is used to resolve IP addresses to host
names, the process is known as reverse lookup - A reverse lookup allows you to specify an IP
address and the DNS server returns the host name
that is defined for it
13DNS Record Types
- DNS records are created on a DNS server to
resolve queries - Each type of record holds different information
about a service, host name, IP address, or domain - Different queries request information contained
in specific DNS record types
14DNS and BIND
- Berkeley Internet Name Domain (BIND) is a version
of DNS that runs on UNIX/Linux - It is the de facto standard for DNS
implementation and many other implementations of
DNS reference BIND version numbers for feature
compatibility
15DNS Namespace Strategies
- DNS namespace can be broken into external and
internal DNS - External DNS is used to hold records for Internet
resources, such as company Web servers and e-mail
servers - Internal DNS is used to hold records for internal
resources, such as Active Directory and internal
Web applications
16DNS Namespace Strategies (continued)
- To maintain security, the servers holding
internal and external DNS records must remain
separate - The three options for utilizing DNS namespaces in
Windows Server 2003 are as follows - Use the existing external namespace
- Use a delegated subdomain of the external
namespace - Use a separate unique namespace
17Using the Existing External Namespace
- Using the existing external namespace has some
disadvantages - It is awkward to synchronize DNS records between
the internal and external DNS servers because no
automated mechanism can be used (not recommended) - The automated synchronization mechanisms
synchronize all DNS records between two DNS
servers, not just the appropriate records this
results in internal DNS records being available
on the external DNS servers (security risk)
18Using the Existing External Namespace (continued)
- The records for external resources must be
manually added to the internal DNS servers - If not, users cannot resolve the names of
external resources properly
19Using a Delegated Subdomain of the External
Namespace
- A delegated subdomain
- Has been configured as its own zone so that it
can be placed on DNS servers independently of the
parent domain - Allows you to keep separate DNS servers for
internal and external resources with no need to
synchronize records
20Using a Separate Unique Namespace
- Do not use a domain name for your internal
namespace if it has already been registered for
use on the Internet - You should register the internal namespace you
choose, if possible - You can also choose a domain name that is not
even possible to use on the Internet
21Installing DNS
- Windows Server 2003 can act as a DNS server
- Can install DNS on multiple servers and you must
add DNS individually to each of these servers - To reduce WAN traffic in large organizations, DNS
servers can be placed in each physical location - To decide the best placement of DNS servers
during the planning process, estimate the amount
of traffic that will be generated by DNS
22Activity 7-2 Installing DNS
- The purpose of this activity is to install DNS on
your server and confirm it is running
23DNS Zones
- A DNS zone is the part of the DNS namespace for
which a DNS server is responsible - Once inside the zone, you can create DNS records
and subdomains - When a zone is created, you designate whether it
will hold records for forward lookups or reverse
lookups - Forward lookup zone holds records for forward
lookups - Reverse lookup zone holds records for reverse
lookups
24Primary and Secondary Zones
- Primary and secondary zones are used to
synchronize DNS information automatically between
DNS servers - A primary zone is the first to be created, and
all of the DNS records are created in the primary
zone - A secondary zone takes copies of primary zone
information - You cannot directly edit the records in a
secondary zone because they are copied from the
primary zone - The process of moving information from the
primary zone to the secondary zone is called a
zone transfer
25Activity 7-3 Creating a Primary Zone
- The purpose of this activity is to create a
primary zone to hold resource records
26Activity 7-4 Creating a Secondary Zone
- The purpose of this activity is to create a local
copy of DNS information using a secondary zone
27Active Directory Integrated Zones
- An Active Directory integrated zone stores
information in Active Directory rather than in a
file on the local hard drive - To store DNS information in an Active Directory
integrated zone, the DNS server must also be a
domain controller
28Active Directory Integrated Zones (continued)
- Storing DNS information in Active Directory
offers the following advantages over traditional
primary and secondary zones - Automatic backup of zone information
- Multimaster replication
- Increased security
29DNS Zone Storage in Active Directory
- Two areas in Active Directory can be used to
store DNS zones - Domain directory partition
- Application directory partition
- The domain directory partition of Active
Directory holds information specific to a
particular Active Directory domain - This partition is replicated to all domain
controllers in an Active Directory domain - The information in this partition cannot be
replicated to domain controllers in other Active
Directory domains
30DNS Zone Storage in Active Directory (continued)
- Application directory partitions allow
information to be stored in Active Directory but
be replicated only among a defined set of domain
controllers
31Activity 7-5 Promoting a Member Server to a
Domain Controller
- The purpose of this activity is to promote a
member server to a domain controller
32Activity 7-6 Creating an Active Directory
Integrated Zone
- The purpose of this activity is to create an
Active Directory integrated zone
33Integrating Active Directory Integrated Zones
with Traditional DNS
- Active Directory integrated zones interact with
traditional zones by acting as a primary zone to
traditional secondary zones
34Stub Zones
- A stub zone is a DNS zone that holds only NS
records for a domain - NS records define the name servers that are
responsible for a domain
35Stub Zones (continued)
36Activity 7-7 Removing Active Directory
Integrated Zones
- The purpose of this activity is to remove an
Active Directory integrated zone
37Activity 7-8 Creating a Stub Zone
- The purpose of this activity is to create a stub
zone to direct recursive queries
38Active Directory and DNS
- Active Directory requires DNS to function
properly - The most important function that DNS performs for
Active Directory is locating services, such as
domain controllers
39Dynamic DNS
- Dynamic DNS is a system in which records can be
updated on a DNS server automatically rather than
forcing an administrator to create records
manually
40Activity 7-9 Testing Dynamic DNS
- The purpose of this activity is to verify that a
computer is registering a host name using Dynamic
DNS
41Dynamic DNS and DHCP
- The Dynamic DNS information updated by Windows
2000/XP is negotiated with the DHCP server during
the lease process - By default, a DHCP server running on Windows
Server 2003 updates DNS records only for Windows
2000/XP clients and only if requested to do so
42WINS Integration
- To integrate with WINS, a DNS zone can be
configured with a WINS server to help resolve
names - If a DNS zone receives a query for a host name
for which it has no A record, it forwards the
request to a WINS server - This results in slower response times and
increased processor utilization
43WINS Integration (continued)
- If DNS and WINS are running on separate servers,
it also results in increased network traffic and
even slower response times - Integrating a WINS server with a DNS forward
lookup zone creates a WINS record in the zone - You can specify that records resolved via WINS
are not replicated to other DNS servers by
selecting the Do not replicate this record check
box
44WINS Integration (continued)
- Can configure timeout intervals with the Advanced
button on the WINS tab in the properties of a
zone - The Cache time-out controls how long DNS servers
and DNS clients cache this record after it is
resolved - The Lookup time-out controls how long the DNS
server waits for a response from WINS before
sending an error to the requesting client
45Summary
- DNS is used to resolve host names to IP addresses
and find services - Host name resolution is performed in four steps
- Forward lookup resolves host names to IP
addresses - Reverse lookup resolves an IP address to a host
name - Recursive lookup is performed when a local DNS
server queries the root servers on the Internet
on behalf of a DNS client
46Summary (continued)
- DNS records are created on a DNS server to
resolve queries - Each type of DNS record holds different
information about a service, host name, IP
address, or domain - A DNS zone holds records for a portion of the DNS
namespace - Active Directory integrated zones are stored in
Active Directory - Active Directory integrated zones can act as
primary zones to secondary zones
47Summary (continued)
- A stub zone contains name server records that are
used for recursive lookups - Dynamic DNS allows records to be automatically
updated on a DNS server - A WINS server can be used to help resolve host
names if a DNS server does not have a record that
matches a query