Docstoc

Chapter 2

Document Sample
Chapter 2 Powered By Docstoc
					                    1




Chapter 2

DESIGNING THE DNS
STRUCTURE
           Chapter 2: DESIGNING THE DNS STRUCTURE   2




NAME RESOLUTION PROCESS
          Chapter 2: DESIGNING THE DNS STRUCTURE   3




DNS FORWARDING
           Chapter 2: DESIGNING THE DNS STRUCTURE   4




DNS DELEGATION AND NAME RESOLUTION
            Chapter 2: DESIGNING THE DNS STRUCTURE   5




ANALYZING THE EXISTING DNS
IMPLEMENTATION
                   Chapter 2: DESIGNING THE DNS STRUCTURE   6




COMPONENTS OF DNS

 DNS zones
 Zone transfers
 Server roles
            Chapter 2: DESIGNING THE DNS STRUCTURE   7




DNS ZONES
                   Chapter 2: DESIGNING THE DNS STRUCTURE   8




ZONE TRANSFERS

 Full zone transfer (AXFR)
    All resource records for a zone are copied.
 Incremental zone transfer (IXFR)
    Only the changes made to resource records are
     copied.
    Results in less network traffic.
                 Chapter 2: DESIGNING THE DNS STRUCTURE   9




SERVER ROLES

 Primary DNS server
   Contains the local zone database file
 Secondary DNS server
   Contains a copy of the zone database file
 Caching-only DNS server
   Caches the answers to queries and returns the results
   Does not contain zone information
            Chapter 2: DESIGNING THE DNS STRUCTURE   10




IDENTIFYING THE CURRENT NAMESPACE
                 Chapter 2: DESIGNING THE DNS STRUCTURE   11




DNS NAMESPACE DESIGN

 The following business needs affect the DNS
  naming strategy:
   The intended scope of Active Directory
   Internet presence
   Whether DNS must support Active Directory
                 Chapter 2: DESIGNING THE DNS STRUCTURE   12




CHOOSING A DNS NAME

 Choose and register a root domain name that is
  unique on the Internet.
 The root domain name must conform to DNS
  naming standards.
 Choose meaningful, stable, scalable names.
 The root domain name can be an existing DNS
  domain name.
                    Chapter 2: DESIGNING THE DNS STRUCTURE   13




DNS INTEROPERABILITY WITH ACTIVE
DIRECTORY
 Active Directory–integrated zone transfers
 Multi-master replication
 Fault tolerance
 Secure updates
 Single replication topology
            Chapter 2: DESIGNING THE DNS STRUCTURE   14




DNS INTEROPERABILITY WITH ACTIVE
DIRECTORY
            Chapter 2: DESIGNING THE DNS STRUCTURE   15




DNS INTEROPERABILITY WITH DHCP
            Chapter 2: DESIGNING THE DNS STRUCTURE   16




DNS INTEROPERABILITY WITH WINS
           Chapter 2: DESIGNING THE DNS STRUCTURE   17




ZONE REQUIREMENTS
                 Chapter 2: DESIGNING THE DNS STRUCTURE   18




SECURITY

 Potential security threats
 Securing the DNS infrastructure
 Securing replication data
                 Chapter 2: DESIGNING THE DNS STRUCTURE   19




SECURING THE DNS INFRASTRUCTURE

 Use a private namespace
 UDP and TCP port 53
 Disable recursion
 Restrict zone transfers
 NTFS
 Secure updates
            Chapter 2: DESIGNING THE DNS STRUCTURE   20




SECURING REPLICATION DATA
                 Chapter 2: DESIGNING THE DNS STRUCTURE   21




DNS INTEROPERABILITY WITH UNIX BERKELEY
INTERNET NAME DOMAIN (BIND)
 Windows Server 2003 DNS offers maximum
 compatibility with Active Directory.
   BIND DNS servers can be integrated with Active
    Directory.
   BIND 8.2.2 and later support dynamic updates.
           Chapter 2: DESIGNING THE DNS STRUCTURE   22




WINDOWS SERVER 2003 DNS AND BIND
COMPARED
           Chapter 2: DESIGNING THE DNS STRUCTURE   23




DESIGNING DNS SERVER PLACEMENT
                    Chapter 2: DESIGNING THE DNS STRUCTURE   24




SERVER PLACEMENT

 Fault tolerance
 High availability
           Chapter 2: DESIGNING THE DNS STRUCTURE   25




MONITORING DNS
           Chapter 2: DESIGNING THE DNS STRUCTURE   26




CACHING-ONLY DNS SERVERS
           Chapter 2: DESIGNING THE DNS STRUCTURE   27




LOAD BALANCING
                Chapter 2: DESIGNING THE DNS STRUCTURE   28




SUMMARY

 Before you design DNS, what information do you
  need about the existing DNS infrastructure?
 What are some of the benefits of choosing Active
  Directory–integrated zones?
 What factors influence the DNS namespace design?
 How can zone replication data be secured?
 What are some ways to improve DNS performance?

				
DOCUMENT INFO