designing the dns structure
DESCRIPTION
Chapter 2. DESIGNING THE DNS STRUCTURE. NAME RESOLUTION PROCESS. DNS FORWARDING. DNS DELEGATION AND NAME RESOLUTION. ANALYZING THE EXISTING DNS IMPLEMENTATION. COMPONENTS OF DNS. DNS zones Zone transfers Server roles. DNS ZONES. ZONE TRANSFERS. Full zone transfer (AXFR) - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/1.jpg)
11
DESIGNING THE DNS STRUCTURE
Chapter 2
![Page 2: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/2.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 2
NAME RESOLUTION PROCESS
![Page 3: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/3.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 3
DNS FORWARDING
![Page 4: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/4.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 4
DNS DELEGATION AND NAME RESOLUTION
![Page 5: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/5.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 5
ANALYZING THE EXISTING DNS IMPLEMENTATION
![Page 6: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/6.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 6
COMPONENTS OF DNS
DNS zones
Zone transfers
Server roles
![Page 7: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/7.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 7
DNS ZONES
![Page 8: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/8.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 8
ZONE TRANSFERS
Full zone transfer (AXFR) All resource records for a zone are copied.
Incremental zone transfer (IXFR) Only the changes made to resource records
are copied.
Results in less network traffic.
![Page 9: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/9.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 9
SERVER ROLES
Primary DNS server Contains the local zone database file
Secondary DNS server Contains a copy of the zone database file
Caching-only DNS server Caches the answers to queries and returns
the results
Does not contain zone information
![Page 10: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/10.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 10
IDENTIFYING THE CURRENT NAMESPACE
![Page 11: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/11.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 11
DNS NAMESPACE DESIGN
The following business needs affect the DNS naming strategy: The intended scope of Active Directory
Internet presence
Whether DNS must support Active Directory
![Page 12: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/12.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 12
CHOOSING A DNS NAME
Choose and register a root domain name that is unique on the Internet.
The root domain name must conform to DNS naming standards.
Choose meaningful, stable, scalable names.
The root domain name can be an existing DNS domain name.
![Page 13: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/13.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 13
DNS INTEROPERABILITY WITH ACTIVE DIRECTORY
Active Directory–integrated zone transfers
Multi-master replication
Fault tolerance
Secure updates
Single replication topology
![Page 14: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/14.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 14
DNS INTEROPERABILITY WITH ACTIVE DIRECTORY
![Page 15: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/15.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 15
DNS INTEROPERABILITY WITH DHCP
![Page 16: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/16.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 16
DNS INTEROPERABILITY WITH WINS
![Page 17: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/17.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 17
ZONE REQUIREMENTS
![Page 18: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/18.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 18
SECURITY
Potential security threats
Securing the DNS infrastructure
Securing replication data
![Page 19: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/19.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 19
SECURING THE DNS INFRASTRUCTURE
Use a private namespace
UDP and TCP port 53
Disable recursion
Restrict zone transfers
NTFS
Secure updates
![Page 20: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/20.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 20
SECURING REPLICATION DATA
![Page 21: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/21.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 21
DNS INTEROPERABILITY WITH UNIX BERKELEY INTERNET NAME DOMAIN (BIND) Windows Server 2003 DNS offers maximum
compatibility with Active Directory. BIND DNS servers can be integrated with
Active Directory.
BIND 8.2.2 and later support dynamic updates.
![Page 22: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/22.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 22
WINDOWS SERVER 2003 DNS AND BIND COMPARED
![Page 23: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/23.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 23
DESIGNING DNS SERVER PLACEMENT
![Page 24: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/24.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 24
SERVER PLACEMENT
Fault tolerance
High availability
![Page 25: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/25.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 25
MONITORING DNS
![Page 26: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/26.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 26
CACHING-ONLY DNS SERVERS
![Page 27: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/27.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 27
LOAD BALANCING
![Page 28: DESIGNING THE DNS STRUCTURE](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813cd8550346895da67b85/html5/thumbnails/28.jpg)
Chapter 2: DESIGNING THE DNS STRUCTURE 28
SUMMARY
Before you design DNS, what information do you need about the existing DNS infrastructure?
What are some of the benefits of choosing Active Directory–integrated zones?
What factors influence the DNS namespace design?
How can zone replication data be secured?
What are some ways to improve DNS performance?