70293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network Chapter 7: Planning a DNS Stra

1
70-293 MCSE Guide to Planning a Microsoft
Windows Server 2003 Network Chapter 7
Planning a DNS Strategy
2
Objectives

• Describe the functions of the Domain Name System
• Choose a DNS namespace strategy
• Install DNS
• Explain the function of DNS zones
• Integrate Active Directory and DNS, including
  Dynamic DNS
• Integrate DNS with WINS

3
Functions of the Domain Name System

• DNS is used to resolve host names to IP addresses
  and find services
• DNS is an essential service for a network that
  uses Active Directory
• DNS is also required if you want resources such
  as Web servers available on the Internet
• The most common operating system DNS is
  implemented on is UNIX/Linux, and this can be
  integrated with the Windows version of DNS

4
Host Name Resolution

• Host names are used because they are easier to
  remember than IP addresses
• When a program uses a host name, the host name
  must be converted to an IP address before the
  resource can be contacted

5
Host Name Resolution (continued)

• The contents of a hosts file are a list of IP
  addresses and host names
• The steps followed by Windows Server 2003 to
  resolve host names are
• Host name is checked
• Hosts file is loaded into cache
• DNS cache is searched
• DNS server is queried

6
Host Name Resolution (continued)
7
Activity 7-1 Configuring a Hosts File

• The purpose of this activity is to configure and
  test a hosts file

8
Forward Lookup

• When a DNS server resolves a host name to an IP
  address it is known as forward lookup
• Resolving host names within an organization is a
  two-packet process
• In recursive lookup a DNS query that is resolved
  through other DNS servers until the requested
  information is located

9
Forward Lookup (continued)
10
Registering a Domain Name

• To participate in the worldwide DNS lookup
  system, you must register your domain name with a
  registrar
• A top-level domain (TLD) name is the highest
  level of domain in the DNS system
• A registrar is an organization that puts domain
  information into the top-level domain DNS servers
  so that your domain will be integrated with the
  worldwide DNS system

11
Registering a Domain Name (continued)
12
Reverse Lookup

• When DNS is used to resolve IP addresses to host
  names, the process is known as reverse lookup
• A reverse lookup allows you to specify an IP
  address and the DNS server returns the host name
  that is defined for it

13
DNS Record Types

• DNS records are created on a DNS server to
  resolve queries
• Each type of record holds different information
  about a service, host name, IP address, or domain
• Different queries request information contained
  in specific DNS record types

14
DNS and BIND

• Berkeley Internet Name Domain (BIND) is a version
  of DNS that runs on UNIX/Linux
• It is the de facto standard for DNS
  implementation and many other implementations of
  DNS reference BIND version numbers for feature
  compatibility

15
DNS Namespace Strategies

• DNS namespace can be broken into external and
  internal DNS
• External DNS is used to hold records for Internet
  resources, such as company Web servers and e-mail
  servers
• Internal DNS is used to hold records for internal
  resources, such as Active Directory and internal
  Web applications

16
DNS Namespace Strategies (continued)

• To maintain security, the servers holding
  internal and external DNS records must remain
  separate
• The three options for utilizing DNS namespaces in
  Windows Server 2003 are as follows
• Use the existing external namespace
• Use a delegated subdomain of the external
  namespace
• Use a separate unique namespace

17
Using the Existing External Namespace

• Using the existing external namespace has some
  disadvantages
• It is awkward to synchronize DNS records between
  the internal and external DNS servers because no
  automated mechanism can be used (not recommended)
• The automated synchronization mechanisms
  synchronize all DNS records between two DNS
  servers, not just the appropriate records this
  results in internal DNS records being available
  on the external DNS servers (security risk)

18
Using the Existing External Namespace (continued)

• The records for external resources must be
  manually added to the internal DNS servers
• If not, users cannot resolve the names of
  external resources properly

19
Using a Delegated Subdomain of the External
Namespace

• A delegated subdomain
• Has been configured as its own zone so that it
  can be placed on DNS servers independently of the
  parent domain
• Allows you to keep separate DNS servers for
  internal and external resources with no need to
  synchronize records

20
Using a Separate Unique Namespace

• Do not use a domain name for your internal
  namespace if it has already been registered for
  use on the Internet
• You should register the internal namespace you
  choose, if possible
• You can also choose a domain name that is not
  even possible to use on the Internet

21
Installing DNS

• Windows Server 2003 can act as a DNS server
• Can install DNS on multiple servers and you must
  add DNS individually to each of these servers
• To reduce WAN traffic in large organizations, DNS
  servers can be placed in each physical location
• To decide the best placement of DNS servers
  during the planning process, estimate the amount
  of traffic that will be generated by DNS

22
Activity 7-2 Installing DNS

• The purpose of this activity is to install DNS on
  your server and confirm it is running

23
DNS Zones

• A DNS zone is the part of the DNS namespace for
  which a DNS server is responsible
• Once inside the zone, you can create DNS records
  and subdomains
• When a zone is created, you designate whether it
  will hold records for forward lookups or reverse
  lookups
• Forward lookup zone holds records for forward
  lookups
• Reverse lookup zone holds records for reverse
  lookups

24
Primary and Secondary Zones

• Primary and secondary zones are used to
  synchronize DNS information automatically between
  DNS servers
• A primary zone is the first to be created, and
  all of the DNS records are created in the primary
  zone
• A secondary zone takes copies of primary zone
  information
• You cannot directly edit the records in a
  secondary zone because they are copied from the
  primary zone
• The process of moving information from the
  primary zone to the secondary zone is called a
  zone transfer

25
Activity 7-3 Creating a Primary Zone

• The purpose of this activity is to create a
  primary zone to hold resource records

26
Activity 7-4 Creating a Secondary Zone

• The purpose of this activity is to create a local
  copy of DNS information using a secondary zone

27
Active Directory Integrated Zones

• An Active Directory integrated zone stores
  information in Active Directory rather than in a
  file on the local hard drive
• To store DNS information in an Active Directory
  integrated zone, the DNS server must also be a
  domain controller

28
Active Directory Integrated Zones (continued)

• Storing DNS information in Active Directory
  offers the following advantages over traditional
  primary and secondary zones
• Automatic backup of zone information
• Multimaster replication
• Increased security

29
DNS Zone Storage in Active Directory

• Two areas in Active Directory can be used to
  store DNS zones
• Domain directory partition
• Application directory partition
• The domain directory partition of Active
  Directory holds information specific to a
  particular Active Directory domain
• This partition is replicated to all domain
  controllers in an Active Directory domain
• The information in this partition cannot be
  replicated to domain controllers in other Active
  Directory domains

30
DNS Zone Storage in Active Directory (continued)

• Application directory partitions allow
  information to be stored in Active Directory but
  be replicated only among a defined set of domain
  controllers

31
Activity 7-5 Promoting a Member Server to a
Domain Controller

• The purpose of this activity is to promote a
  member server to a domain controller

32
Activity 7-6 Creating an Active Directory
Integrated Zone

• The purpose of this activity is to create an
  Active Directory integrated zone

33
Integrating Active Directory Integrated Zones
with Traditional DNS

• Active Directory integrated zones interact with
  traditional zones by acting as a primary zone to
  traditional secondary zones

34
Stub Zones

• A stub zone is a DNS zone that holds only NS
  records for a domain
• NS records define the name servers that are
  responsible for a domain

35
Stub Zones (continued)
36
Activity 7-7 Removing Active Directory
Integrated Zones

• The purpose of this activity is to remove an
  Active Directory integrated zone

37
Activity 7-8 Creating a Stub Zone

• The purpose of this activity is to create a stub
  zone to direct recursive queries

38
Active Directory and DNS

• Active Directory requires DNS to function
  properly
• The most important function that DNS performs for
  Active Directory is locating services, such as
  domain controllers

39
Dynamic DNS

• Dynamic DNS is a system in which records can be
  updated on a DNS server automatically rather than
  forcing an administrator to create records
  manually

40
Activity 7-9 Testing Dynamic DNS

• The purpose of this activity is to verify that a
  computer is registering a host name using Dynamic
  DNS

41
Dynamic DNS and DHCP

• The Dynamic DNS information updated by Windows
  2000/XP is negotiated with the DHCP server during
  the lease process
• By default, a DHCP server running on Windows
  Server 2003 updates DNS records only for Windows
  2000/XP clients and only if requested to do so

42
WINS Integration

• To integrate with WINS, a DNS zone can be
  configured with a WINS server to help resolve
  names
• If a DNS zone receives a query for a host name
  for which it has no A record, it forwards the
  request to a WINS server
• This results in slower response times and
  increased processor utilization

43
WINS Integration (continued)

• If DNS and WINS are running on separate servers,
  it also results in increased network traffic and
  even slower response times
• Integrating a WINS server with a DNS forward
  lookup zone creates a WINS record in the zone
• You can specify that records resolved via WINS
  are not replicated to other DNS servers by
  selecting the Do not replicate this record check
  box

44
WINS Integration (continued)

• Can configure timeout intervals with the Advanced
  button on the WINS tab in the properties of a
  zone
• The Cache time-out controls how long DNS servers
  and DNS clients cache this record after it is
  resolved
• The Lookup time-out controls how long the DNS
  server waits for a response from WINS before
  sending an error to the requesting client

45
Summary

• DNS is used to resolve host names to IP addresses
  and find services
• Host name resolution is performed in four steps
• Forward lookup resolves host names to IP
  addresses
• Reverse lookup resolves an IP address to a host
  name
• Recursive lookup is performed when a local DNS
  server queries the root servers on the Internet
  on behalf of a DNS client

46
Summary (continued)

• DNS records are created on a DNS server to
  resolve queries
• Each type of DNS record holds different
  information about a service, host name, IP
  address, or domain
• A DNS zone holds records for a portion of the DNS
  namespace
• Active Directory integrated zones are stored in
  Active Directory
• Active Directory integrated zones can act as
  primary zones to secondary zones

47
Summary (continued)

• A stub zone contains name server records that are
  used for recursive lookups
• Dynamic DNS allows records to be automatically
  updated on a DNS server
• A WINS server can be used to help resolve host
  names if a DNS server does not have a record that
  matches a query