Objectives

70-293: MCSE Guide to Planning a Microsoft Windows

Server 2003 Network, Enhanced

Chapter 7: Planning a DNS Strategy

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 2

Objectives

• Describe the functions of the Domain Name System• Choose a DNS namespace strategy• Install DNS• Explain the function of DNS zones• Integrate Active Directory and DNS, including

Dynamic DNS• Integrate DNS with WINS


Functions of the Domain Name System

• DNS is used to resolve host names to IP addresses and find services

• DNS is an essential service for a network that uses Active Directory

• DNS is also required if you want resources such as Web servers available on the Internet

• The most common operating system DNS is implemented on is UNIX/Linux, and this can be integrated with the Windows version of DNS


Host Name Resolution

• Host names are used because they are easier to remember than IP addresses

• When a program uses a host name, the host name must be converted to an IP address before the resource can be contacted


Host Name Resolution (continued)

• The contents of a hosts file are a list of IP addresses and host names

• The steps followed by Windows Server 2003 to resolve host names are:• Host name is checked

• Hosts file is loaded into cache

• DNS cache is searched

• DNS server is queried


Host Name Resolution (continued)


Activity 7-1: Configuring a Hosts File

• The purpose of this activity is to configure and test a hosts file


Forward Lookup

• When a DNS server resolves a host name to an IP address it is known as forward lookup

• Resolving host names within an organization is a two-packet process

• In recursive lookup a DNS query that is resolved through other DNS servers until the requested information is located


Forward Lookup (continued)


Registering a Domain Name

• To participate in the worldwide DNS lookup system, you must register your domain name with a registrar

• A top-level domain (TLD) name is the highest level of domain in the DNS system

• A registrar is an organization that puts domain information into the top-level domain DNS servers so that your domain will be integrated with the worldwide DNS system


Registering a Domain Name (continued)


Reverse Lookup

• When DNS is used to resolve IP addresses to host names, the process is known as reverse lookup

• A reverse lookup allows you to specify an IP address and the DNS server returns the host name that is defined for it


DNS Record Types

• DNS records are created on a DNS server to resolve queries

• Each type of record holds different information about a service, host name, IP address, or domain

• Different queries request information contained in specific DNS record types


DNS and BIND

• Berkeley Internet Name Domain (BIND) is a version of DNS that runs on UNIX/Linux

• It is the de facto standard for DNS implementation and many other implementations of DNS reference BIND version numbers for feature compatibility


DNS Namespace Strategies

• DNS namespace can be broken into external and internal DNS

• External DNS is used to hold records for Internet resources, such as company Web servers and e-mail servers

• Internal DNS is used to hold records for internal resources, such as Active Directory and internal Web applications


DNS Namespace Strategies (continued)

• To maintain security, the servers holding internal and external DNS records must remain separate

• The three options for utilizing DNS namespaces in Windows Server 2003 are as follows:• Use the existing external namespace

• Use a delegated subdomain of the external namespace

• Use a separate unique namespace


Using the Existing External Namespace

• Using the existing external namespace has some disadvantages:• It is awkward to synchronize DNS records between the

internal and external DNS servers because no automated mechanism can be used (not recommended)

• The automated synchronization mechanisms synchronize all DNS records between two DNS servers, not just the appropriate records; this results in internal DNS records being available on the external DNS servers (security risk)


Using the Existing External Namespace (continued)

• The records for external resources must be manually added to the internal DNS servers

• If not, users cannot resolve the names of external resources properly


Using a Delegated Subdomain of the External Namespace

• A delegated subdomain: • Has been configured as its own zone so that it can be

placed on DNS servers independently of the parent domain

• Allows you to keep separate DNS servers for internal and external resources with no need to synchronize records


Using a Separate Unique Namespace

• Do not use a domain name for your internal namespace if it has already been registered for use on the Internet

• You should register the internal namespace you choose, if possible

• You can also choose a domain name that is not even possible to use on the Internet


Installing DNS

• Windows Server 2003 can act as a DNS server• Can install DNS on multiple servers and you must

add DNS individually to each of these servers • To reduce WAN traffic in large organizations, DNS

servers can be placed in each physical location• To decide the best placement of DNS servers during

the planning process, estimate the amount of traffic that will be generated by DNS


Activity 7-2: Installing DNS

• The purpose of this activity is to install DNS on your server and confirm it is running


DNS Zones

• A DNS zone is the part of the DNS namespace for which a DNS server is responsible

• Once inside the zone, you can create DNS records and subdomains

• When a zone is created, you designate whether it will hold records for forward lookups or reverse lookups• Forward lookup zone: holds records for forward lookups

• Reverse lookup zone: holds records for reverse lookups


Primary and Secondary Zones• Primary and secondary zones are used to synchronize

DNS information automatically between DNS servers• A primary zone is the first to be created, and all of the

DNS records are created in the primary zone • A secondary zone takes copies of primary zone

information• You cannot directly edit the records in a secondary

zone because they are copied from the primary zone• The process of moving information from the primary

zone to the secondary zone is called a zone transfer


Activity 7-3: Creating a Primary Zone

• The purpose of this activity is to create a primary zone to hold resource records


Activity 7-4: Creating a Secondary Zone

• The purpose of this activity is to create a local copy of DNS information using a secondary zone


Active Directory Integrated Zones

• An Active Directory integrated zone stores information in Active Directory rather than in a file on the local hard drive • To store DNS information in an Active Directory

integrated zone, the DNS server must also be a domain controller


Active Directory Integrated Zones (continued)

• Storing DNS information in Active Directory offers the following advantages over traditional primary and secondary zones:• Automatic backup of zone information

• Multimaster replication

• Increased security


DNS Zone Storage in Active Directory

• Two areas in Active Directory can be used to store DNS zones:• Domain directory partition• Application directory partition

• The domain directory partition of Active Directory holds information specific to a particular Active Directory domain• This partition is replicated to all domain controllers in an

Active Directory domain• The information in this partition cannot be replicated to

domain controllers in other Active Directory domains


DNS Zone Storage in Active Directory (continued)

• Application directory partitions allow information to be stored in Active Directory but be replicated only among a defined set of domain controllers


Activity 7-5: Promoting a Member Server to a Domain Controller

• The purpose of this activity is to promote a member server to a domain controller


Activity 7-6: Creating an Active Directory Integrated Zone

• The purpose of this activity is to create an Active Directory integrated zone


Integrating Active Directory Integrated Zones with

Traditional DNS

• Active Directory integrated zones interact with traditional zones by acting as a primary zone to traditional secondary zones


Stub Zones

• A stub zone is a DNS zone that holds only NS records for a domain

• NS records define the name servers that are responsible for a domain


Stub Zones (continued)


Activity 7-7: Removing Active Directory Integrated Zones

• The purpose of this activity is to remove an Active Directory integrated zone


Activity 7-8: Creating a Stub Zone

• The purpose of this activity is to create a stub zone to direct recursive queries


Active Directory and DNS

• Active Directory requires DNS to function properly

• The most important function that DNS performs for Active Directory is locating services, such as domain controllers


Dynamic DNS

• Dynamic DNS is a system in which records can be updated on a DNS server automatically rather than forcing an administrator to create records manually


Activity 7-9: Testing Dynamic DNS

• The purpose of this activity is to verify that a computer is registering a host name using Dynamic DNS


Dynamic DNS and DHCP

• The Dynamic DNS information updated by Windows 2000/XP is negotiated with the DHCP server during the lease process

• By default, a DHCP server running on Windows Server 2003 updates DNS records only for Windows 2000/XP clients and only if requested to do so


WINS Integration

• To integrate with WINS, a DNS zone can be configured with a WINS server to help resolve names

• If a DNS zone receives a query for a host name for which it has no A record, it forwards the request to a WINS server• This results in slower response times and increased

processor utilization


WINS Integration (continued)

• If DNS and WINS are running on separate servers, it also results in increased network traffic and even slower response times

• Integrating a WINS server with a DNS forward lookup zone creates a WINS record in the zone

• You can specify that records resolved via WINS are not replicated to other DNS servers by selecting the Do not replicate this record check box


WINS Integration (continued)

• Can configure timeout intervals with the Advanced button on the WINS tab in the properties of a zone

• The Cache time-out controls how long DNS servers and DNS clients cache this record after it is resolved

• The Lookup time-out controls how long the DNS server waits for a response from WINS before sending an error to the requesting client


Summary

• DNS is used to resolve host names to IP addresses and find services

• Host name resolution is performed in four steps• Forward lookup resolves host names to IP addresses• Reverse lookup resolves an IP address to a host name• Recursive lookup is performed when a local DNS

server queries the root servers on the Internet on behalf of a DNS client


Summary (continued)

• DNS records are created on a DNS server to resolve queries

• Each type of DNS record holds different information about a service, host name, IP address, or domain

• A DNS zone holds records for a portion of the DNS namespace

• Active Directory integrated zones are stored in Active Directory

• Active Directory integrated zones can act as primary zones to secondary zones


Summary (continued)

• A stub zone contains name server records that are used for recursive lookups

• Dynamic DNS allows records to be automatically updated on a DNS server

• A WINS server can be used to help resolve host names if a DNS server does not have a record that matches a query

Objectives

Documents

microsoft windows server

mcse guide

windows version of dns

domain dns servers

searcheddns server

dns query

dns strategy70

active directory dns