deploying domain name system (dns)
TRANSCRIPT
-
8/14/2019 Deploying Domain Name System (DNS)
1/11
Deploying Domain Name System (DNS)
Microsoft Windows Server 2003 Domain Name System (DNS) provides efficient
name resolution and interoperability with standards-based technologies. Deploying DNSin your client/server infrastructure enables resources on a TCP/IP network to locate other
resources on the network by using host name-to-IP address resolution and IP address-to-host name resolution. The Active Directory directory service requires DNS for locatingnetwork resources.
In This Chapter
Overview of DNS Deployment
Examining Your Current Environment
Designing a DNS Namespace
Designing a DNS Server Infrastructure
Designing DNS Zones
Configuring and Managing DNS Clients
Securing Your DNS Infrastructure
Integrating DNS with Other Windows Server 2003 Services
Implementing Windows Server 2003 DNS
Additional Resources for Deploying DNS
Overview of DNS Deployment
DNS is the primary method for name resolution in the Microsoft Windows
Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and
Windows Server 2003, Datacenter Edition operating systems (collectively referred to as"Windows Server 2003" in this chapter). DNS is also a requirement for deploying Active
Directory, but Active Directory is not a requirement for deploying DNS. However,integrating DNS with Active Directory enables DNS servers to take advantage of the
security, performance, and fault tolerance capabilities of Active Directory.
If you are planning to deploy DNS to support Active Directory, plan your DNS
namespace in conjunction with planning your Active Directory logical structure. For
more information about designing the Active Directory logical structure, see "Designing
http://technet.microsoft.com/en-us/library/a43f5523-f0e9-4561-8cfc-db09d2c0aed1http://technet.microsoft.com/en-us/library/ec644321-58d6-496a-9e72-8fa4ff7858f2http://technet.microsoft.com/en-us/library/f92e0417-4d04-40c1-983d-2aaea8881f0ahttp://technet.microsoft.com/en-us/library/e6309c43-368a-49aa-805a-fa39a30e9e82http://technet.microsoft.com/en-us/library/d5a0cfb8-fda7-4e14-928c-97e0d9b6c088http://technet.microsoft.com/en-us/library/0eb2147e-9db1-4987-a9f6-75df9905e1cchttp://technet.microsoft.com/en-us/library/f1ecdb40-8641-4306-a1f1-380fb7689536http://technet.microsoft.com/en-us/library/4dd2d703-ee99-40b1-b129-b500f7c8e068http://technet.microsoft.com/en-us/library/39b70f50-3b67-4b89-813d-ab2981e58b19http://technet.microsoft.com/en-us/library/705e0da6-eacc-46e5-85f1-fe3a8283bda1http://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436http://technet.microsoft.com/en-us/library/ec644321-58d6-496a-9e72-8fa4ff7858f2http://technet.microsoft.com/en-us/library/f92e0417-4d04-40c1-983d-2aaea8881f0ahttp://technet.microsoft.com/en-us/library/e6309c43-368a-49aa-805a-fa39a30e9e82http://technet.microsoft.com/en-us/library/d5a0cfb8-fda7-4e14-928c-97e0d9b6c088http://technet.microsoft.com/en-us/library/0eb2147e-9db1-4987-a9f6-75df9905e1cchttp://technet.microsoft.com/en-us/library/f1ecdb40-8641-4306-a1f1-380fb7689536http://technet.microsoft.com/en-us/library/4dd2d703-ee99-40b1-b129-b500f7c8e068http://technet.microsoft.com/en-us/library/39b70f50-3b67-4b89-813d-ab2981e58b19http://technet.microsoft.com/en-us/library/705e0da6-eacc-46e5-85f1-fe3a8283bda1http://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436http://technet.microsoft.com/en-us/library/a43f5523-f0e9-4561-8cfc-db09d2c0aed1 -
8/14/2019 Deploying Domain Name System (DNS)
2/11
the Active Directory Logical Structure" in Designing and Deploying Directory andSecurity Services of this kit.
Examining Your Current Environment
Before you deploy Windows Server 2003 DNS, you must assess your current
environment to determine the DNS needs and constraints of your organization. After that,
create a Windows Server 2003 DNS deployment plan to match those needs andconstraints. Figure 3.2 shows the process for examining your current environment.
Figure 3.2 Examining Your Current Environment
http://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436http://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436 -
8/14/2019 Deploying Domain Name System (DNS)
3/11
Designing a DNS Namespace
Before you deploy a DNS infrastructure, the DNS designer in your organization must
design a DNS namespace. You can design an external namespace that is visible toInternet users and computers, or you can design an internal namespace that is accessible
only to users and computers that are within the internal network. After your DNS
namespace has been deployed, DNS administrators are responsible for managing andmaintaining the DNS namespace. Figure 3.3 shows the process for designing a DNS
namespace.
Figure 3.3 Designing a DNS Namespace
-
8/14/2019 Deploying Domain Name System (DNS)
4/11
Designing a DNS Server Infrastructure
DNS servers store information about the DNS namespace and use the information to
answer queries from DNS clients. The size of the DNS zone data, how many DNS clientsyou have, and where these clients are physically located all impact your DNS server
topology.
The DNS designer in your organization designs DNS servers that enable you to create an
effective DNS data distribution and update topology while minimizing query and zonetransfer network traffic. The DNS administrators in your organization manage and
maintain your DNS servers. Figure 3.6 shows the process for designing DNS servers.
Figure 3.6 Designing a DNS Server Infrastructure
-
8/14/2019 Deploying Domain Name System (DNS)
5/11
Designing DNS Zones
Each zone type that is available in Windows Server 2003 DNS has a specific purpose.
The DNS designer in your organization selects the type of zones to deploy based on thepractical purpose of each zone. The DNS administrators in your organization manage and
maintain your DNS zones. Figure 3.8 shows the process for designing DNS zones.
Figure 3.8 Designing DNS Zones
-
8/14/2019 Deploying Domain Name System (DNS)
6/11
Configuring and Managing DNS Clients
When you configure DNS clients, you must specify a list of DNS servers for clients to
use when resolving DNS names. You can also specify a DNS suffix search list to be usedby the clients when performing DNS query searches for short, unqualified domain names.
Figure 3.9 shows the process for configuring and managing DNS clients.
Figure 3.9 Configuring and Managing DNS Clients
-
8/14/2019 Deploying Domain Name System (DNS)
7/11
Securing Your DNS Infrastructure
Because DNS was designed to be an open protocol, DNS data can be vulnerable to
security attacks. Windows Server 2003 DNS provides improved security features todecrease this security issue. The DNS designer in your organization is responsible for
creating a secure DNS infrastructure. The DNS administrators in your organization are
responsible for maintaining network security by anticipating and mitigating new securitythreats.
Figure 3.10 shows the process for securing your DNS infrastructure.
Figure 3.10 Securing Your DNS Infrastructure
-
8/14/2019 Deploying Domain Name System (DNS)
8/11
Integrating DNS with Other Windows Server 2003
Services
When you deploy Windows Server 2003 DNS, it is important to integrate the DNS
service with other Windows Server 2003 services, such as DHCP and WINS. DNSadministrators are responsible for integrating DNS with WINS and DHCP. Figure 3.11shows the process for integrating Windows Server 2003 DNS with other Windows
Server 2003 services.
Figure 3.11 Integrating DNS with Other Windows Server 2003 Services
-
8/14/2019 Deploying Domain Name System (DNS)
9/11
Implementing Windows Server 2003 DNS
After you have tested your configuration in a pilot lab, you can implement your changes
in your production environment. Figure 3.12 shows the process for implementingWindows Server 2003 DNS.
Figure 3.12 Implementing Windows Server 2003 DNS
-
8/14/2019 Deploying Domain Name System (DNS)
10/11
Additional Resources for Deploying DNS
These resources contain additional information and tools related to this chapter.
Related Information "Designing a Resource Authorization Strategy" in Designing and Deploying
Directory and Security Services of this kit for information about establishing
security policies.
"Designing the Active Directory Logical Structure" inDesigning and Deploying
Directory and Security Services of this kit for information about how to deploy
DNS specifically for Active Directory.
"Designing Security Policy" in Designing a Managed Environmentof this kit formore information about security policies.
"Designing an Authentication Strategy" in Designing and Deploying Directory
and Security Services of this kit. "Deploying ISA Server" in this book for more information about perimeter
networks.
"Deploying DHCP" in this book.
"Designing a Group Policy Infrastructure" in Designing a Managed Environment
of this kit.
TheNetworking Collection of the Windows Server 2003 Technical Reference (or
see the Networking Collection on the Web at http://www.microsoft.com/reskit)for more information about the DNS Server service and DNS troubleshooting.
The Windows Security Collection of the Windows Server 2003 TechnicalReference (or see the Windows Security Collection on the Web at
http://www.microsoft.com/reskit) for more information, about Active Directoryinstallation and removal.
RFC 1035:Domain Names Implementation and Specification.
DNS and BIND, 4th ed., by Paul Albitz and Cricket Liu, 2001, Sebastopol, CA:
OReilly & Associates for more information about DNS.
Windows 2000 TCP/IP Protocols and Services, by Thomas Lee and Joseph
Davies, 2000, Redmond, Washington: Microsoft Press for more information aboutthe DNS wire protocol.
The Internet Engineering Task Force (IETF) link on the Web Resources pageat
http://www.microsoft.com/windows/reskits/webresources for more informationabout Request for Comments (RFC) documents and IETF Internet-Drafts.
http://technet.microsoft.com/en-us/library/c2416a58-0946-4873-a457-3de6814839behttp://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436http://technet.microsoft.com/en-us/library/b97164c5-d1b0-4767-aa65-c32d5b438da6http://technet.microsoft.com/en-us/library/736bf467-9423-4d0d-ae9e-0322713ab2cahttp://technet.microsoft.com/en-us/library/ab247787-cec4-4406-96f4-41d05f0cb5bahttp://technet.microsoft.com/en-us/library/e24cbe2a-b9f4-412d-9a4a-1c085b2866f1http://technet.microsoft.com/en-us/library/c75e3e6f-c322-4220-b205-46c6e9ba7674http://go.microsoft.com/fwlink/?linkid=4614http://go.microsoft.com/fwlink/?linkid=9435http://go.microsoft.com/fwlink/?linkid=291http://go.microsoft.com/fwlink/?linkid=291http://technet.microsoft.com/en-us/library/c2416a58-0946-4873-a457-3de6814839behttp://technet.microsoft.com/en-us/library/2bd36720-ed2e-47ed-a80d-fa43a403b436http://technet.microsoft.com/en-us/library/b97164c5-d1b0-4767-aa65-c32d5b438da6http://technet.microsoft.com/en-us/library/736bf467-9423-4d0d-ae9e-0322713ab2cahttp://technet.microsoft.com/en-us/library/ab247787-cec4-4406-96f4-41d05f0cb5bahttp://technet.microsoft.com/en-us/library/e24cbe2a-b9f4-412d-9a4a-1c085b2866f1http://technet.microsoft.com/en-us/library/c75e3e6f-c322-4220-b205-46c6e9ba7674http://go.microsoft.com/fwlink/?linkid=4614http://go.microsoft.com/fwlink/?linkid=9435http://go.microsoft.com/fwlink/?linkid=291 -
8/14/2019 Deploying Domain Name System (DNS)
11/11
Related Tools
For information about installing and using the Windows Server 2003 Support Tools and
Support Tools Help, see the file Sreadme.doc in the \Support\Tools folder of theWindows Server 2003 operating system CD.
Dnscmd.exe
You can use the Dnscmd.exe command-line tool to perform most of the tasks that
you can perform from the DNS MMC snap-in.
DNSLint
DNSLint is a command-line tool that you can use to address some common DNS
name resolution issues, such as lame delegation, DNS record verification, andverifying DNS records that are used for Active Directory replication.
Netdiag.exe
Netdiag.exe helps you to isolate networking and connectivity problems byperforming a series of tests to determine the state of your network client and
whether it is functional. Nslookup.exe
You can use the Nslookup.exe command-line tool to submit DNS queries anddisplay the results of the queries.
Related Help Topics
For best results in identifying Help topics by title, in Help and Support Center, under the
Search box, click Set search options. Under Help Topics, select the Search in title
only checkbox.
"Migrating servers" in Help and Support Center for Windows Server 2003 for
information about upgrading your existing DNS servers or migrating third-partyDNS servers.
"Monitor Servers" in Help and Support Center for Windows Server 2003 for more
information about testing DNS server performance.
"Initiate a zone transfer at a secondary server" in Help and Support Center forWindows Server 2003 for more information about using zone transfer.
"Dynamic update" in Help and Support Center for Windows Server 2003 for
information about how to configure dynamic updates.
"Allow only secure dynamic updates" in Help and Support Center for Windows
Server 2003 for information about how to allow only secure dynamic updates.
"Configuring DNS client settings" in Help and Support Center for WindowsServer 2003 for more information about how to install and configure D
http://technet.microsoft.com/en-us/library/6b03afbc-3d4f-4e3a-bda0-8fc408770837http://technet.microsoft.com/en-us/library/e740cd69-9e55-47e8-a330-fae0fc3b6ec3http://technet.microsoft.com/en-us/library/66cb82ca-c510-4c5d-aee7-a5784ba7e417http://technet.microsoft.com/en-us/library/e760737e-9e55-458d-b5ed-a1ae9e04819ehttp://technet.microsoft.com/en-us/library/7fbd5b1f-4f7c-4e7c-a55c-cad9e092da15http://technet.microsoft.com/en-us/library/5fe46cef-db12-4b78-94d2-2a0b62a28271http://technet.microsoft.com/en-us/library/6b03afbc-3d4f-4e3a-bda0-8fc408770837http://technet.microsoft.com/en-us/library/e740cd69-9e55-47e8-a330-fae0fc3b6ec3http://technet.microsoft.com/en-us/library/66cb82ca-c510-4c5d-aee7-a5784ba7e417http://technet.microsoft.com/en-us/library/e760737e-9e55-458d-b5ed-a1ae9e04819ehttp://technet.microsoft.com/en-us/library/7fbd5b1f-4f7c-4e7c-a55c-cad9e092da15http://technet.microsoft.com/en-us/library/5fe46cef-db12-4b78-94d2-2a0b62a28271