pmw2 k3ni 1-2b

Lesson 2B / Slide 1 of 29©NIIT

Planning DNS Servers, Namespace, and Zones

Planning TCP/IP Network Services

ObjectivesIn this lesson, you will learn to:

• Create a DNS server plan

• Create a DNS namespace plan

• Create a DNS zone plan

• Create a zone replication and a delegation plan




Pre-assessment Questions1. In which of the following DHCP infrastructures, the location of DHCP servers

is based on the number of subnets, number of hosts per subnet, and location of the branch offices? a. Centralized b. Distributed c. Mixed d. Independent

2. In which of the following option classes, the DHCP hosts are categorized according to the characteristics of the DHCP hosts? a. Vendor-defined b. User-defined c. Server-defined d. Client-defined




Pre-assessment Questions (Contd.)3. Which of the following tools will enable you to view the details of DHCP

events, such as starting and stopping of the DHCP server service or any other critical event? a. DHCP audit log b. IPConfig c. Network Monitor d. DNS audit log

4. Which of the following services reduces the wastage of IP addresses by assigning IP addresses to mobile users for a short time period? a. DNS b. WINS c. NetBIOS d. DHCP




Pre-assessment Questions (Contd.)5. Consider the following statements:

Statement A: Minimizing the available IP addresses ensures that the IP address is directly mapped to the MAC address of the DHCP client in the subnet.Statement B: Reserving IP addresses in the scope ensures that only those IP addresses are available, which are required for the screened subnet. Which of the following is correct about the above statements?

a. Statement A is False and Statement B is True. b. Statement A is True and Statement B is False. c. Both, Statement A and Statement B are True. d. Both, Statement A and Statement B are False.




Solutions to Pre-assessmentQuestions

1. c. Mixed 2. b. User-defined 3. a. A DHCP audit log 4. d. DHCP 5. d. Both, Statement A and Statement B are False




Planning DNS Servers• You need to plan for DNS servers so that host names are automatically

converted into IP addresses.

• You need to plan for a single or multiple DNS servers for a network after considering the following:

• DNS server capacity

• Location of DNS servers

• DNS server roles

• Security requirements




Planning DNS Server Capacity• To determine the load that a DNS server is expected to handle, you need to

consider:

• The number of client queries a DNS server is expected to handle per second.

• The number of zones a DNS server is expected to host.

• The size of each zone in the network.




Placing DNS Servers • You need to decide the number of DNS servers required in a network and their

placement in the network.

• You can determine the number of DNS servers required in a network after considering the following factors:

• WAN traffic

• Fault tolerance

• Traffic load balancing

• Delegation of authority




Planning DNS Server Roles• You need to identify the roles that each DNS server will perform in a network.

• You can assign the following roles to the DNS servers:

• Caching-only servers

• Non-recursive servers

• Forward-only servers

• Conditional forwarders




Planning DNS Server Security• DNS servers interact with the Internet, and therefore you need to secure them

from unauthorized users.

• You can assign any one of the following security levels to DNS servers on a network:

• Low-level security

• Medium-level security

• High-level security




Practice-Creating a DNS Server Plan • Problem Statement

• As part of implementing the network for the three new branches of BlueMoon Computers, Inc. at Paris, Virginia, and Geneva, you need to set up the DNS server infrastructure. You plan to implement the Windows Server 2003 DNS servers because it supports both Internet and intranet names. For implementing the DNS server infrastructure, you need to create a DNS server plan.




Practice-Creating a DNS Server Plan (Contd.)

• Solution

1. Plan the number and placement of DNS servers on the network2. Select an appropriate DNS server role for the network3. Select an appropriate level of DNS server security




Planning DNS Namespaces• You need to plan a DNS namespace to access the network resources in Active

Directory.

• To plan a DNS namespace, you need to:

• Establish whether the namespace will be used for internal purposes or the Internet.

• Determine if the organization will implement Active Directory.

• Select an appropriate domain name according to the requirements of your organization.




Selecting Internal DNS Namespaces• You need to select an appropriate internal DNS namespace depending on the

needs of an organization.

• You can select any one of the following internal DNS namespaces:

• Existing namespace

• Delegated namespace

• Unique namespace




Practice-Creating a DNS Namespace Plan

• Problem Statement

• You need to plan the internal DNS namespace for the branch offices of BlueMoon Computers, Inc. The organization has a Web site, http://www.bluemoon.com, which is hosted by its ISP. As the cost of hosting the Web site by the ISP is very high, the company now plans to use a different DNS namespace for its branch offices. The company also wants that the namespace of the branch offices should not be exposed to the Internet. The head office at Atlanta already has a primary DNS server and a secondary DNS server, which provide name resolution services to the users of the head office.




Practice-Creating a DNS Namespace Plan (Contd.)

• Solution

1. Identify an internal DNS namespace for all branch offices




Planning DNS Zones• Plan the creation of DNS zones when the main DNS server is overloaded and

query response time increases.

• Install additional DNS servers to distribute the load of the main DNS server.

• Planning for DNS zones involves the following:

• Identifying zone requirements

• Identifying zone types

• Identifying security requirements

• Planning for DNS zones depends on the availability of Active Directory in the organizational network.




Selecting Zone Types• You can store the zone data in standard zone files, Active Directory-integrated

zone files, or a combination of these files.

• Standard zone files are stored in the .txt format on the hard disk of a primary zone server that performs tasks such as addition and deletion of resource records.

• Active Directory-integrated zones create read/write copies of the zone information in Active Directory.




Planning Security Requirements• You can use any of the following methods to secure zone data:

• Secure dynamic updates in Active Directory

• DNS client dynamic updates

• Dynamic DNS updates from DHCP




Practice-Creating a DNS Zone Plan• Problem Statement

• You need to create a plan for implementing DNS zones for the new branches of BlueMoon Computers, Inc. at Paris, Virginia, and Geneva. As per your DNS infrastructure plan, the network of BlueMoon Computers, Inc. will consist of two Active Directory domain controllers. The new branches will have a local Active Directory domain controller. The branch offices will be connected to the head office using a 1.544 mbps link.




Practice-Creating a DNS Zone Plan (Contd.)

• Solution

1. Create a DNS zone plan




Planning Zone Replication and Delegation

• Zone replication ensures that most of the DNS queries are answered even if the primary DNS server fails or is unavailable.

• In addition, zone replication enables you to reduce the network traffic and the load on the primary DNS server.




Selecting a Replication Methodology• The DNS replication method depends on the types of DNS zones implemented.

• A standard DNS zone provides zone transfers whereas an Active Directory integrated zone provides zone replication.




Planning for Zone Replication Security• You can use the following methods to secure DNS zone transfers and

replications:

• Restrict zone transfers

• Apply zone replication security

• Encrypt data using Active Directory




Planning Zone Delegation• DNS zone delegation is the process of distributing the responsibilities for a part

of the DNS namespace to separate zones in an organization.

• DNS zones can be delegated to other organization, department, or workgroup.

• You can plan for zone delegation if you want to distribute the load of one large DNS server among multiple name servers to improve the performance, reliability, and redundancy of the DNS server.

• You can also plan for zone delegation to address the future needs of an organization.




Practice-Creating a Zone Replication and Delegation Plan

• Problem Statement

• You need to plan the management of network traffic among the new branch offices of BlueMoon Computers, Inc. In addition, you need to plan the management of network traffic among the new branches and existing branches and the head office. For this, you need to plan for zone replication so that unnecessary network traffic is reduced and DNS servers are not overloaded. In addition, to reduce the load on the main DNS server at the head office, you need to plan for zone delegation for the DNS server.




Practice-Creating a Zone Replication and Delegation Plan (Contd.)

• Solution

1. Plan zone replication2. Plan for securing zone replication data3. Plan for zone delegation




SummaryIn this lesson, you learned that:

• You need to plan for DNS servers after considering the capacity of the DNS servers, their location and role in the network, and their security requirements.

• You need to plan a DNS namespace so that the network resources in Active Directory can be accessed.

• You need to select an appropriate internal DNS namespace depending on the needs of an organization.

• You need to plan the creation of DNS zones when the main DNS server is overloaded and the query response time increases.

• You need to plan the security of a DNS zone after identifying the types of zones and their storage location.

• Zone replication ensures that most of the DNS queries are answered even if the primary DNS server fails or is unavailable.

• The DNS replication method depends on the types of DNS zones implemented.




Summary (Contd.)• A standard DNS zone provides zone transfers whereas an Active Directory

integrated zone provides zone replication.

• You can use the following methods to secure DNS zone transfers and replications:

• Restrict zone transfers

• Apply zone replication security

• Encrypt data using Active Directory

• You can plan for zone delegation if you want to distribute the load of one large DNS server among multiple name servers to improve the performance, reliability, and redundancy of the DNS server.

pmw2 k3ni 1-2b

Technology

dns server infrastructure

number of dns servers

primary dns server

secondary dns server

planning dns servers

placement of dns servers

dns zone plan

multiple dns servers