ITMT 2302 - HCC Learning Web
Download
Report
Transcript ITMT 2302 - HCC Learning Web
Configuring Name Resolution
and Additional Services
Lesson 12
Name Resolution
• Name resolution is an essential function on all
Transmission Control Protocol/Internet Protocol
(TCP/IP) networks, regardless of the operating
system that an individual computer is running.
Host Name Resolution
• Host name can be resolved by host file or the
Domain Name System (DNS).
• The Domain Name System (DNS) provides the
default name resolution mechanism for Active
Directory, the Internet, and the majority of
modern TCP/IP networks.
NetBIOS Name Resolution
• NetBIOS/Computer Names can be resolved by
lmhost file or Windows Internet Naming Service
(WINS).
Domain Name System (DNS)
• Main components of DNS:
– DNS namespace.
– Name Server.
– Resolver.
DNS Namespace
• In a specification for a tree-structured namespace,
each branch of the tree identifies a domain.
• Each domain contains an information set that
consists of host names, IP addresses, and
comments.
• Query operations are attempts to retrieve specific
information from a particular information set.
DNS Namespace
Name Servers
• Applications running on server computers
maintain information about the domain tree
structure and contain authoritative information
about specific areas of that structure.
• The application is capable of responding to
queries for information about the areas for which
it is the authority, and it has pointers to other
name servers that enable it to access information
about any other area of the tree.
Resolvers
• Client programs generate requests for DNS
information and send them to name servers for
fulfillment. A resolver has direct access to at least
one name server.
Domain Name System (DNS)
• The DNS Server service in Windows Server 2008
supports both standard and Active Directory–
integrated DNS zones.
• DNS root name servers are the highest-level DNS
servers in the entire namespace.
Domain Name System (DNS)
• You can divide a DNS namespace into zones to
store them on different servers and to delegate
their administration to different people.
• Windows Server 2008 supports primary zones,
secondary zones, and stub zones. Primary and
stub zones can be integrated into Active Directory.
Resource Records
• The resource record is the fundamental data storage unit
in all DNS servers.
–
–
–
–
–
–
–
–
Start of Authority (SOA)
Name Server (NS)
Host (A)
Host (AAAA)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Service Record (SRV)
Resource Records
• The Start of Authority (SOA) resource record
identifies which name server is the authoritative
source of information for data within this domain.
– The first record in the zone database file must be an
SOA record. In the Windows Server 2008 DNS server,
SOA records are created automatically with default
values when you create a new zone.
Resource Records
Resource Records
• Name Server (NS) resource record identifies the
name server that is the authority for the
particular zone or domain; that is, the server that
can provide an authoritative name-to-IP address
mapping for a zone or domain.
Resource Records
• The A resource record is the fundamental data
unit of the DNS that is used to translate the host
name to the IPv4 address.
• The AAAA resource record is used to translate the
host name to the IPv6 address.
• The Pointer (PTR) resource record is the functional
opposite of the A record, providing an IP addressto-name mapping, which is found in the reverse
lookup zones.
Resource Record
• The Canonical Name (CNAME) resource record,
sometimes called an Alias record, is used to
specify an alternative name, for the system
specified in the Name field.
Resource Records
• Mail Exchanger (MX) resource record identifies
the email servers for a domain.
• Service Record (SRV) resource record enables
clients to locate servers that are providing a
particular service.
– Windows Server 2008 Active Directory clients rely on
the SRV record to locate the domain controllers they
need to validate logon requests.
DNS Referrals and Queries.
• The process by which one DNS server sends a
name resolution request to another DNS server is
called a referral.
• DNS servers recognize two types of name
resolution requests:
– Recursive Query.
– Iterative Query.
Recursive Query
• The DNS server receiving the name resolution
request takes full responsibility for resolving the
name.
– If the server possesses information about the
requested name, it replies immediately to the
requester.
– If the server has no information about the name, it
sends referrals to other DNS servers until it obtains the
information it needs.
– TCP/IP client resolvers always send recursive queries
to their designated DNS servers.
Iterative Query
• The server that receives the name resolution request
immediately responds to the requester with the best
information it possesses.
– This information can be cached or authoritative, and it can
be a resource record containing a fully resolved name or a
reference to another DNS server.
– DNS servers use iterative queries when communicating
with each other.
– It would be improper to configure one DNS server to send
a recursive query to another DNS server.
Reverse Name Resolution
• Used to convert an IP address into a DNS name.
• Uses reverse lookup zones and Pointer (PTR)
resource records.
• The DNS developers created a special domain
called in-addr.arpa that is specifically designed for
reverse name resolution.
Internal and External DNS Name
Resolution
• Use the same domain name internally and
externally.
• Create separate and unrelated internal and
external domains.
• Make the internal domain a subdomain of the
external domain.
DNS Server Types
• Caching-Only Server.
– Contains no zones and host.
– Provide name resolution for your clients by caching
values as it forwards the requests to other DNS
servers.
DNS Server Type
• Forward.
– Receives queries from other DNS servers that are
explicitly configured to send them.
• Conditional Forwarder.
– Will forward queries selectively based on the domain
specified in the name resolution request.
DNS Zones
• A zone is an administrative entity on a DNS server
that represents a discrete portion of the DNS
namespace.
• Administrators typically divide the DNS
namespace into zones to store them on different
servers and to delegate their administration to
different people.
• Zones always consist of entire domains or
subdomains.
DNS Zones
• Every zone consists of a zone database that
contains the resource records for the domains in
that zone.
• The DNS server in Windows Server 2003 supports
three zone types that specify where the server
stores the zone database and the kind of
information it contains:
– Primary zone.
– Secondary zone.
– Stub zone.
Primary Zone
• A primary zone contains the master copy of the zone
database, in which administrators make all changes to
the zone’s resource records.
– If the Store The Zone In Active Directory (Available Only If
DNS Server Is A Domain Controller) checkbox is not
selected, the server creates a primary master zone
database file on the local drive, also called a standard zone
(simple text file).
– If the checkbox is selected, it is an AD–integrated zone,
which the DNS data is stored within the Active Directory
database itself.
Secondary Zone
• A secondary zone is a read-only copy of the data that is stored
within a primary zone on another server.
• The secondary zone contains a backup copy of the primary master
zone database file, stored as an identical text file on the server’s
local drive.
• Because the secondary zone is read-only, you cannot modify the
resource records in a secondary zone manually. You can only
update them by replicating the primary master zone database file
using the zone transfer process.
• You should always create at least one secondary zone for each
standard primary zone in your namespace to provide fault
tolerance and to balance the DNS traffic load.
Stub Zone
• A stub zone is a copy of a primary zone that contains SOA and NS
resource records, plus the Host (A) resource records that identify
the authoritative servers for the zone.
• The stub zone forwards or refers requests to the appropriate
server that hosts a primary zone for the selected query.
• When you create a stub zone, you configure it with the IP address
of the server that hosts the primary zone from which the stub zone
was created.
• When the server hosting the stub zone receives a query for a name
in that zone, it either forwards the request to the host of the zone
or replies with a referral to that host, depending on whether the
query is recursive or iterative.
DNS and DHCP
• You can use DHCP to streamline the process of
assigning DNS servers to your clients to use for
name resolution.
Additional Services
• Active Directory Rights Management Service (AD
RMS) is a Windows Server 2008 service that you
can use to protect sensitive data on a Windows
network.
• The Active Directory Federation Services (AD FS)
role allows administrators to configure Single
Sign-On (SSO) for Web-based applications across
multiple organizations.
Summary
• The Domain Name System (DNS) provides the
default name resolution mechanism for Active
Directory, the Internet, and the majority of
modern TCP/IP networks.
• Windows operating systems prior to Windows
2000 used NetBIOS names to identify the
computers on the network.
• The resource record is the fundamental data
storage unit in all DNS servers.
Summary
• The DNS Server service in Windows Server 2008
supports both standard and Active Directory–
integrated DNS zones.
• DNS root name servers are the highest-level DNS
servers in the entire namespace.
• You can divide a DNS namespace into zones to
store them on different servers and to delegate
their administration to different people.
Summary
• Windows Server 2008 supports primary zones,
secondary zones, and stub zones. Primary and
stub zones can be integrated into Active Directory.
• You can use DHCP to streamline the process of
assigning DNS servers to your clients to use for
name resolution.
Summary
• Active Directory Rights Management Service (AD
RMS) is a Windows Server 2008 service that you
can use to protect sensitive data on a Windows
network.
• The Active Directory Federation Services (AD FS)
role allows administrators to configure Single
Sign-On (SSO) for Web-based applications across
multiple organizations.