DESIGNING THE DNS STRUCTURE
description
Transcript of DESIGNING THE DNS STRUCTURE
11
DESIGNING THE DNS STRUCTURE
Chapter 2
Chapter 2: DESIGNING THE DNS STRUCTURE 2
NAME RESOLUTION PROCESS
Chapter 2: DESIGNING THE DNS STRUCTURE 3
DNS FORWARDING
Chapter 2: DESIGNING THE DNS STRUCTURE 4
DNS DELEGATION AND NAME RESOLUTION
Chapter 2: DESIGNING THE DNS STRUCTURE 5
ANALYZING THE EXISTING DNS IMPLEMENTATION
Chapter 2: DESIGNING THE DNS STRUCTURE 6
COMPONENTS OF DNS
DNS zones
Zone transfers
Server roles
Chapter 2: DESIGNING THE DNS STRUCTURE 7
DNS ZONES
Chapter 2: DESIGNING THE DNS STRUCTURE 8
ZONE TRANSFERS
Full zone transfer (AXFR) All resource records for a zone are copied.
Incremental zone transfer (IXFR) Only the changes made to resource records
are copied.
Results in less network traffic.
Chapter 2: DESIGNING THE DNS STRUCTURE 9
SERVER ROLES
Primary DNS server Contains the local zone database file
Secondary DNS server Contains a copy of the zone database file
Caching-only DNS server Caches the answers to queries and returns
the results
Does not contain zone information
Chapter 2: DESIGNING THE DNS STRUCTURE 10
IDENTIFYING THE CURRENT NAMESPACE
Chapter 2: DESIGNING THE DNS STRUCTURE 11
DNS NAMESPACE DESIGN
The following business needs affect the DNS naming strategy: The intended scope of Active Directory
Internet presence
Whether DNS must support Active Directory
Chapter 2: DESIGNING THE DNS STRUCTURE 12
CHOOSING A DNS NAME
Choose and register a root domain name that is unique on the Internet.
The root domain name must conform to DNS naming standards.
Choose meaningful, stable, scalable names.
The root domain name can be an existing DNS domain name.
Chapter 2: DESIGNING THE DNS STRUCTURE 13
DNS INTEROPERABILITY WITH ACTIVE DIRECTORY
Active Directory–integrated zone transfers
Multi-master replication
Fault tolerance
Secure updates
Single replication topology
Chapter 2: DESIGNING THE DNS STRUCTURE 14
DNS INTEROPERABILITY WITH ACTIVE DIRECTORY
Chapter 2: DESIGNING THE DNS STRUCTURE 15
DNS INTEROPERABILITY WITH DHCP
Chapter 2: DESIGNING THE DNS STRUCTURE 16
DNS INTEROPERABILITY WITH WINS
Chapter 2: DESIGNING THE DNS STRUCTURE 17
ZONE REQUIREMENTS
Chapter 2: DESIGNING THE DNS STRUCTURE 18
SECURITY
Potential security threats
Securing the DNS infrastructure
Securing replication data
Chapter 2: DESIGNING THE DNS STRUCTURE 19
SECURING THE DNS INFRASTRUCTURE
Use a private namespace
UDP and TCP port 53
Disable recursion
Restrict zone transfers
NTFS
Secure updates
Chapter 2: DESIGNING THE DNS STRUCTURE 20
SECURING REPLICATION DATA
Chapter 2: DESIGNING THE DNS STRUCTURE 21
DNS INTEROPERABILITY WITH UNIX BERKELEY INTERNET NAME DOMAIN (BIND) Windows Server 2003 DNS offers maximum
compatibility with Active Directory. BIND DNS servers can be integrated with
Active Directory.
BIND 8.2.2 and later support dynamic updates.
Chapter 2: DESIGNING THE DNS STRUCTURE 22
WINDOWS SERVER 2003 DNS AND BIND COMPARED
Chapter 2: DESIGNING THE DNS STRUCTURE 23
DESIGNING DNS SERVER PLACEMENT
Chapter 2: DESIGNING THE DNS STRUCTURE 24
SERVER PLACEMENT
Fault tolerance
High availability
Chapter 2: DESIGNING THE DNS STRUCTURE 25
MONITORING DNS
Chapter 2: DESIGNING THE DNS STRUCTURE 26
CACHING-ONLY DNS SERVERS
Chapter 2: DESIGNING THE DNS STRUCTURE 27
LOAD BALANCING
Chapter 2: DESIGNING THE DNS STRUCTURE 28
SUMMARY
Before you design DNS, what information do you need about the existing DNS infrastructure?
What are some of the benefits of choosing Active Directory–integrated zones?
What factors influence the DNS namespace design?
How can zone replication data be secured?
What are some ways to improve DNS performance?