ch12

Download Report

Transcript ch12 

Configuring Name Resolution
and Additional Services
Lesson 12
Skills Matrix
Technology Skill
Objective Domain
Objective #
Creating DNS zones
Configure zones
1.1
Creating DNS zones
Configure DNS server
setting
1.2
Creating DNS zones
Configure zone transfers
and replication
1.3
Configuring Additional
Services
Configure Active Directory
Rights Management
Service (AD RMS)
3.2
Configuring Additional
Services
Configure Active Directory 3.4
Federation Services (ADFS)
Name Resolution
• Name resolution is an essential function on
all Transmission Control Protocol/Internet
Protocol (TCP/IP) networks, regardless of the
operating system that an individual
computer is running.
Host Name Resolution
• Host name can be resolved by host file or
the Domain Name System (DNS).
• The Domain Name System (DNS) provides
the default name resolution mechanism for
Active Directory, the Internet, and the
majority of modern TCP/IP networks.
NetBIOS Name Resolution
• NetBIOS/Computer Names can be resolved
by lmhost file or Windows Internet Naming
Service (WINS).
Domain Name System (DNS)
• Main components of DNS:
– DNS namespace.
– Name Server.
– Resolver.
DNS Namespace
• In a specification for a tree-structured
namespace, each branch of the tree
identifies a domain.
• Each domain contains an information set
that consists of host names, IP addresses,
and comments.
• Query operations are attempts to retrieve
specific information from a particular
information set.
DNS Namespace
Name Servers
• Applications running on server computers
maintain information about the domain tree
structure and contain authoritative
information about specific areas of that
structure.
• The application is capable of responding to
queries for information about the areas for
which it is the authority, and it has pointers
to other name servers that enable it to
access information about any other area of
the tree.
Resolvers
• Client programs generate requests for DNS
information and send them to name servers
for fulfillment. A resolver has direct access to
at least one name server.
Domain Name System (DNS)
• The DNS Server service in Windows Server
2008 supports both standard and Active
Directory–integrated DNS zones.
• DNS root name servers are the highest-level
DNS servers in the entire namespace.
Domain Name System (DNS)
• You can divide a DNS namespace into zones
to store them on different servers and to
delegate their administration to different
people.
• Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory.
Resource Records
• The resource record is the fundamental data
storage unit in all DNS servers.
– Start of Authority (SOA)
– Name Server (NS)
– Host (A)
– Host (AAAA)
– Canonical Name (CNAME)
– Mail Exchanger (MX)
– Pointer (PTR)
– Service Record (SRV)
Resource Records
• The Start of Authority (SOA) resource record
identifies which name server is the
authoritative source of information for data
within this domain.
– The first record in the zone database file
must be an SOA record. In the Windows
Server 2008 DNS server, SOA records are
created automatically with default values
when you create a new zone.
Resource Records
Resource Records
• Name Server (NS) resource record identifies
the name server that is the authority for the
particular zone or domain; that is, the server
that can provide an authoritative name-to-IP
address mapping for a zone or domain.
Resource Records
• The A resource record is the fundamental
data unit of the DNS that is used to translate
the host name to the IPv4 address.
• The AAAA resource record is used to
translate the host name to the IPv6 address.
• The Pointer (PTR) resource record is the
functional opposite of the A record, providing
an IP address-to-name mapping, which is
found in the reverse lookup zones.
Resource Record
• The Canonical Name (CNAME) resource
record, sometimes called an Alias record, is
used to specify an alternative name, for the
system specified in the Name field.
Resource Records
• Mail Exchanger (MX) resource record
identifies the email servers for a domain.
• Service Record (SRV) resource record
enables clients to locate servers that are
providing a particular service.
– Windows Server 2008 Active Directory clients
rely on the SRV record to locate the domain
controllers they need to validate logon
requests.
DNS Referrals and Queries.
• The process by which one DNS server sends
a name resolution request to another DNS
server is called a referral.
• DNS servers recognize two types of name
resolution requests:
– Recursive Query.
– Iterative Query.
Recursive Query
• The DNS server receiving the name
resolution request takes full responsibility
for resolving the name.
– If the server possesses information about the
requested name, it replies immediately to the
requester.
– If the server has no information about the
name, it sends referrals to other DNS servers
until it obtains the information it needs.
– TCP/IP client resolvers always send recursive
queries to their designated DNS servers.
Iterative Query
• The server that receives the name resolution
request immediately responds to the requester
with the best information it possesses.
– This information can be cached or authoritative, and
it can be a resource record containing a fully
resolved name or a reference to another DNS
server.
– DNS servers use iterative queries when
communicating with each other.
– It would be improper to configure one DNS server to
send a recursive query to another DNS server.
Reverse Name Resolution
• Used to convert an IP address into a DNS
name.
• Uses reverse lookup zones and Pointer (PTR)
resource records.
• The DNS developers created a special
domain called in-addr.arpa that is
specifically designed for reverse name
resolution.
Internal and External DNS Name Resolution
• Use the same domain name internally and
externally.
• Create separate and unrelated internal and
external domains.
• Make the internal domain a subdomain of
the external domain.
DNS Server Types
• Caching-Only Server.
– Contains no zones and host.
– Provide name resolution for your clients by
caching values as it forwards the requests to
other DNS servers.
DNS Server Type
• Forward.
– Receives queries from other DNS servers
that are explicitly configured to send them.
• Conditional Forwarder.
– Will forward queries selectively based on the
domain specified in the name resolution
request.
DNS Zones
• A zone is an administrative entity on a DNS
server that represents a discrete portion of
the DNS namespace.
• Administrators typically divide the DNS
namespace into zones to store them on
different servers and to delegate their
administration to different people.
• Zones always consist of entire domains or
subdomains.
DNS Zones
• Every zone consists of a zone database that
contains the resource records for the
domains in that zone.
• The DNS server in Windows Server 2003
supports three zone types that specify where
the server stores the zone database and the
kind of information it contains:
– Primary zone.
– Secondary zone.
– Stub zone.
Primary Zone
• A primary zone contains the master copy of the
zone database, in which administrators make all
changes to the zone’s resource records.
– If the Store The Zone In Active Directory (Available
Only If DNS Server Is A Domain Controller) checkbox
is not selected, the server creates a primary master
zone database file on the local drive, also called a
standard zone (simple text file).
– If the checkbox is selected, it is an AD–integrated
zone, which the DNS data is stored within the Active
Directory database itself.
Secondary Zone
• A secondary zone is a read-only copy of the data that is
stored within a primary zone on another server.
• The secondary zone contains a backup copy of the primary
master zone database file, stored as an identical text file on
the server’s local drive.
• Because the secondary zone is read-only, you cannot
modify the resource records in a secondary zone manually.
You can only update them by replicating the primary master
zone database file using the zone transfer process.
• You should always create at least one secondary zone for
each standard primary zone in your namespace to provide
fault tolerance and to balance the DNS traffic load.
Stub Zone
• A stub zone is a copy of a primary zone that contains SOA
and NS resource records, plus the Host (A) resource records
that identify the authoritative servers for the zone.
• The stub zone forwards or refers requests to the
appropriate server that hosts a primary zone for the
selected query.
• When you create a stub zone, you configure it with the IP
address of the server that hosts the primary zone from
which the stub zone was created.
• When the server hosting the stub zone receives a query for
a name in that zone, it either forwards the request to the
host of the zone or replies with a referral to that host,
depending on whether the query is recursive or iterative.
DNS and DHCP
• You can use DHCP to streamline the process
of assigning DNS servers to your clients to
use for name resolution.
Additional Services
• Active Directory Rights Management Service
(AD RMS) is a Windows Server 2008 service
that you can use to protect sensitive data on
a Windows network.
• The Active Directory Federation Services (AD
FS) role allows administrators to configure
Single Sign-On (SSO) for Web-based
applications across multiple organizations.
Summary
• The Domain Name System (DNS) provides
the default name resolution mechanism for
Active Directory, the Internet, and the
majority of modern TCP/IP networks.
• Windows operating systems prior to
Windows 2000 used NetBIOS names to
identify the computers on the network.
• The resource record is the fundamental data
storage unit in all DNS servers.
Summary
• The DNS Server service in Windows Server
2008 supports both standard and Active
Directory–integrated DNS zones.
• DNS root name servers are the highest-level
DNS servers in the entire namespace.
• You can divide a DNS namespace into zones
to store them on different servers and to
delegate their administration to different
people.
Summary
• Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory.
• You can use DHCP to streamline the process
of assigning DNS servers to your clients to
use for name resolution.
Summary
• Active Directory Rights Management Service
(AD RMS) is a Windows Server 2008 service
that you can use to protect sensitive data on
a Windows network.
• The Active Directory Federation Services (AD
FS) role allows administrators to configure
Single Sign-On (SSO) for Web-based
applications across multiple organizations.