8/10/2019 70-640_Lesson12_PPT_041009.ppt
1/37
Configuring Name Resolution
and Additional ServicesLesson 12
8/10/2019 70-640_Lesson12_PPT_041009.ppt
2/37
Skills Matrix
Technology Skill Objective Domain Objective #
Creating DNS zones Configure zones 1.1
Creating DNS zones Configure DNS serversetting
1.2
Creating DNS zones Configure zone transfersand replication
1.3
Configuring Additional
Services
Configure Active Directory
Rights Management Service
(AD RMS)
3.2
Configuring Additional
Services
Configure Active Directory
Federation Services (ADFS)
3.4
8/10/2019 70-640_Lesson12_PPT_041009.ppt
3/37
Name Resolution
Name resolution is an essential functionon all Transmission Control
Protocol/Internet Protocol (TCP/IP)
networks, regardless of the operatingsystem that an individual computer is
running.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
4/37
Host Name Resolution
Host name can be resolved by host file orthe Domain Name System (DNS).
The Domain Name System (DNS)
provides the default name resolutionmechanism for Active Directory, the
Internet, and the majority of modern
TCP/IP networks.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
5/37
NetBIOS Name Resolution
NetBIOS/Computer Names can beresolved by lmhost file or Windows
In ternet Naming Serv ice (WINS).
8/10/2019 70-640_Lesson12_PPT_041009.ppt
6/37
Domain Name System (DNS)
Main components of DNS:
DNS namespace.
Name Server.
Resolver.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
7/37
DNS Namespace
In a specification for a tree-structurednamespace, each branch of the tree
identifies a domain.
Each domain contains an information setthat consists of host names, IP addresses,
and comments.
Query operations are attempts to retrievespecific information from a particular
information set.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
8/37
DNS Namespace
8/10/2019 70-640_Lesson12_PPT_041009.ppt
9/37
Name Servers
Applications running on server computersmaintain information about the domaintree structure and contain authoritative
information about specific areas of thatstructure.
The application is capable of respondingto queries for information about the areas
for which it is the authority, and it haspointers to other name servers that enableit to access information about any otherarea of the tree.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
10/37
Resolvers
Client programs generate requests forDNS information and send them to name
servers for fulfillment. A resolver has direct
access to at least one name server.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
11/37
Domain Name System (DNS)
The DNS Server service in WindowsServer 2008 supports both standard and
Active Directoryintegrated DNS zones.
DNS root name servers are the highest-level DNS servers in the entire
namespace.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
12/37
Domain Name System (DNS)
You can divide a DNS namespace intozones to store them on different servers
and to delegate their administration to
different people. Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integratedinto Active Directory.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
13/37
Resource Records
The resource record is the fundamental datastorage unit in all DNS servers. Start of Authority (SOA)
Name Server (NS)
Host (A) Host (AAAA)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR) Service Record (SRV)
8/10/2019 70-640_Lesson12_PPT_041009.ppt
14/37
Resource Records
The Start of Authority (SOA) resourcerecord identifies which name server is the
authoritative source of information for data
within this domain. The first record in the zone database file
must be an SOA record. In the Windows
Server 2008 DNS server, SOA records arecreated automatically with default values
when you create a new zone.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
15/37
Resource Records
8/10/2019 70-640_Lesson12_PPT_041009.ppt
16/37
Resource Records
Name Server (NS) resource recordidentifies the name server that is the
authority for the particular zone or domain;
that is, the server that can provide anauthoritative name-to-IP address mapping
for a zone or domain.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
17/37
Resource Records
The A resource record is the fundamentaldata unit of the DNS that is used to
translate the host name to the IPv4
address. The AAAA resource record is used to
translate the host name to the IPv6
address. The Pointer (PTR)resource record is the
functional opposite of the A record,
providing an IP address-to-name mapping,
8/10/2019 70-640_Lesson12_PPT_041009.ppt
18/37
Resource Record
The Canonical Name (CNAME) resourcerecord, sometimes called anAlias record,
is used to specify an alternative name, for
the system specified in the Name field.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
19/37
Resource Records
Mail Exchanger (MX) resource recordidentifies the email servers for a domain.
Service Record (SRV) resource record
enables clients to locate servers that areproviding a particular service.
Windows Server 2008 Active Directory
clients rely on the SRV record to locate thedomain controllers they need to validate
logon requests.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
20/37
DNS Referrals and Queries.
The process by which one DNS serversends a name resolution request to
another DNS server is called a referral.
DNS servers recognize two types of nameresolution requests:
Recursive Query.
Iterative Query.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
21/37
Recursive Query
The DNS server receiving the nameresolution request takes full responsibilityfor resolving the name.
If the server possesses information aboutthe requested name, it replies immediatelyto the requester.
If the server has no information about the
name, it sends referrals to other DNSservers until it obtains the information itneeds.
TCP/IP client resolvers always sendrecursive queries to their designated DNS
8/10/2019 70-640_Lesson12_PPT_041009.ppt
22/37
Iterative Query
The server that receives the name resolutionrequest immediately responds to the requester
with the best information it possesses.
This information can be cached or authoritative,
and it can be a resource record containing a fully
resolved name or a reference to another DNS
server.
DNS servers use iterative queries whencommunicating with each other.
It would be improper to configure one DNS server
to send a recursive query to another DNS server.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
23/37
Reverse Name Resolution
Used to convert an IP address into a DNSname.
Uses reverse lookup zones and Pointer
(PTR) resource records.
The DNS developers created a special
domain called in-addr.arpa that is
specifically designed for reverse nameresolution.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
24/37
Internal and External DNS Name Resolution
Use the same domain name internally andexternally.
Create separate and unrelated internal
and external domains.
Make the internal domain a subdomain of
the external domain.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
25/37
DNS Server Types
Caching-Only Server.
Contains no zones and host.
Provide name resolution for your clients by
caching values as it forwards the requeststo other DNS servers.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
26/37
DNS Server Type
Forward.
Receives queries from other DNS servers
that are explicitly configured to send them.
Conditional Forwarder. Will forward queries selectively based on
the domain specified in the name
resolution request.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
27/37
DNS Zones
A zone is an administrative entity on aDNS server that represents a discrete
portion of the DNS namespace.
Administrators typically divide the DNSnamespace into zones to store them on
different servers and to delegate their
administration to different people. Zones always consist of entire domains or
subdomains.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
28/37
DNS Zones
Every zone consists of a zone databasethat contains the resource records for thedomains in that zone.
The DNS server in Windows Server 2003supports three zone types that specifywhere the server stores the zone databaseand the kind of information it contains:
Primary zone. Secondary zone.
Stub zone.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
29/37
Primary Zone
A primary zone contains the master copy of thezone database, in which administrators make all
changes to the zones resource records.
If the Store The Zone In Active Directory
(Available Only If DNS Server Is A Domain
Controller) checkbox is not selected, the server
creates a primary master zone database file on
the local drive, also called a standard zone
(simple text file).
If the checkbox is selected, it is an AD
integrated zone, which the DNS data is stored
within the Active Directory database itself.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
30/37
Secondary Zone
A secondary zone is a read-only copy of the data that isstored within a primary zone on another server.
The secondary zone contains a backup copy of theprimary master zone database file, stored as an identicaltext file on the servers local drive.
Because the secondary zone is read-only, you cannotmodify the resource records in a secondary zonemanually. You can only update them by replicating theprimary master zone database file using the zone
transfer process. You should always create at least one secondary zone
for each standard primary zone in your namespace toprovide fault tolerance and to balance the DNS trafficload.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
31/37
Stub Zone
A stub zone is a copy of a primary zone that containsSOA and NS resource records, plus the Host (A)resource records that identify the authoritative serversfor the zone.
The stub zone forwards or refers requests to theappropriate server that hosts a primary zone for theselected query.
When you create a stub zone, you configure it with theIP address of the server that hosts the primary zone from
which the stub zone was created. When the server hosting the stub zone receives a query
for a name in that zone, it either forwards the request tothe host of the zone or replies with a referral to that host,depending on whether the query is recursive or iterative.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
32/37
DNS and DHCP
You can use DHCP to streamline theprocess of assigning DNS servers to your
clients to use for name resolution.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
33/37
Additional Services
Active Directory Rights ManagementService (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network. The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Web-based applications across multiple
organizations.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
34/37
Summary
The Domain Name System (DNS)provides the default name resolution
mechanism for Active Directory, the
Internet, and the majority of modernTCP/IP networks.
Windows operating systems prior to
Windows 2000 used NetBIOS names toidentify the computers on the network.
The resource record is the fundamental
data storage unit in all DNS servers.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
35/37
Summary
The DNS Server service in WindowsServer 2008 supports both standard and
Active Directoryintegrated DNS zones.
DNS root name servers are the highest-level DNS servers in the entire
namespace.
You can divide a DNS namespace intozones to store them on different servers
and to delegate their administration to
different people.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
36/37
Summary
Windows Server 2008 supports primaryzones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory. You can use DHCP to streamline the
process of assigning DNS servers to your
clients to use for name resolution.
8/10/2019 70-640_Lesson12_PPT_041009.ppt
37/37
Summary
Active Directory Rights ManagementService (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network. The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Web-based applications across multiple
organizations.