Transcript Chapter 9 PowerPoint

Chapter 9: DNS in Name Resolution
Designs




Designs That Include DNS
Essential DNS Design Concepts
Name Resolution Protection in DNS Designs
DNS Design Optimization
1
DNS and Microsoft Windows 2000
2
DNS Design Review






Amount of data transmitted
Segments requiring name resolution
Network growth plans
WAN connections in use
Current domain namespace design
Existing DNS servers
3
DNS Design Decisions

Integration into existing design







Existing domain namespace design
OSs in use and versions of DNS and Berkeley
Internet Name Domain (BIND)
Location of existing DNS servers
Existing Windows Internet Name Service (WINS)
servers
DNS zones
Availability to DNS clients
Optimization of DNS traffic
4
DNS and Active Directory Designs






Support for SRV resource records
Dynamic and incremental zone updating
Storage of zone databases in the Active
Directory directory service
Active Directory replication
Automatic management of DNS resource
records
Integration with WINS servers
5
Traditional DNS Designs

For interoperability, servers must support





A common character set
The same DNS zone transfer method
The same zone transfer compression method
The correct DNS resource record type
Dynamic DNS zone update protocol
6
Evaluating a Domain Namespace





Domain namespace and Internet naming
conventions
External and internal namespaces
Active Directory and domain namespace
Namespace and subdomains within the
namespace
Domain namespace and DNS zones
7
Domain Namespace Structure
8
Domain Namespace Structure
(Cont.)





Domain root
Top-level domain
Second-level domain
Subdomains
Host or resource name
9
External and Internal Domain
Namespace



External: visible to Internet computers
Internal: visible within organization only
Internal namespace


Can be part of external namespace
Must be different from other organizations’
external namespace
10
Combined Domain Namespace
11
Domain Namespace and
Subdomains
12
Domain Namespace and Active
Directory



Active Directory domains correspond to DNS
domains.
All domains must be in internal namespace.
DNS zone dynamic updating should be
enabled, if possible.
13
Domain Namespace and DNS Zones

Use a single DNS zone when




The namespace is small
Administration is centralized
The namespace is exclusively internal or external
The namespace is exclusively dynamic or manual
14
Domain Namespace and DNS Zones
(Cont.)

Use multiple DNS zones when




The namespace is large
Administration is decentralized
The namespace is internal or external
The namespace is dynamic or manual
15
Zone Types



Traditional DNS zones
Active Directory integrated zones
A combination of both zone types
16
Traditional DNS Zones




The operating system stores zone
information.
The primary zone has one read-write copy of
the zone information.
Secondary zones have read-only copies of the
zone information.
Zone information is replicated similarly to
BIND DNS.
17
When to Use Traditional DNS Zones





For interoperability with BIND DNS servers
When the organization doesn’t use Active
Directory
When the staff is familiar with BIND DNS
servers
When secured dynamic updates are not
required
When zone information on unsecured
segments is needed
18
Active Directory Integrated Zones

Store



Zone information in Active Directory
Multimaster, read-write copy of zone information
Use when



The design includes dynamically updated zones
Secured dynamic zone updates are required
You want to reduce replication administration
19
Combining Zone Types



Both zone types can be used in the design.
An Active Directory integrated zone can be
substituted for the primary zone.
Active Directory integrated zones can
replicate zone information using traditional
zones.
20
DNS Server Placement Objectives






Reduce network traffic.
Support Active Directory domain controllers.
Locally administer DNS servers.
Improve query response time.
Use load balancing.
Use multiple servers for redundancy.
21
Integrating Other DNS Versions


Can integrate with BIND and Microsoft
Windows NT 4.0 DNS
Involves the following issues:



Dynamically updated DNS zones
The character set supported in zones
The resource records supported in zones
22
Integrating DNS and WINS: An
Example
23
Integrating DNS and WINS


Is necessary for Windows NT networks
Requires you to specify



Subdomain for WINS resolution
Order for name resolution
IP addresses for WINS servers
24
Preventing Unauthorized Dynamic
Updates

Choose the method for dynamic zone
updates:



Dynamic Host Configuration Protocol (DHCP)
Server in Windows 2000
Windows 2000 DNS Client
Secure dynamic zone updates by specifying


The Active Directory integrated zone required
The permissions to update zones in Active
Directory
25
Preventing Unauthorized DNS Server
Access




Restrict DNS administrators.
Isolate read-write copies of DNS zones.
Isolate zones managing internal namespaces.
Require Active Directory integrated zones.
26
Enhancing DNS Availability



Replicate DNS zones across servers.
Use Windows Clustering.
Dedicate a computer to DNS.
27
Improving DNS Performance

Reduce DNS query resolution time.






Place DNS servers at remote locations.
Load balance queries across multiple DNS servers.
Divide domains into subdomains.
Include caching-only servers.
Reduce DNS zone replication traffic.
Dedicate a computer to DNS.
28
Chapter Summary

Use DNS to





Resolve resource names to IP addresses
Integrate WINS and other DNS versions
Determine support for Active Directory
integrated zones.
Consider domain namespace for placement.
Choose among several methods to


Secure DNS
Optimize DNS design
29