Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones...
-
Upload
david-casey -
Category
Documents
-
view
224 -
download
8
Transcript of Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones...
Module 5: Planning a DNS Strategy
Overview
Planning DNS Servers
Planning a Namespace
Planning Zones
Planning Zone Replication and Delegation
Integrating DNS and WINS
Lesson: Planning DNS Servers
Multimedia: How DNS Clients Resolve Names
Determining DNS Server Requirements
Determining DNS Server Placement
Multimedia: Resolving Names with a DNS Server
DNS Server Roles
Levels of Securing Microsoft DNS Servers
Guidelines for Planning a DNS Server
Multimedia: How DNS Clients Resolve Names
The objective of this presentation is to explain how DNS clients resolve HOST names to IP addresses
You will learn how to:
Explain the functionality of a DNS server in a routed network
Identify a fully qualified domain name
Explain the process for using a DNS server to resolve a HOST name to an IP address
Determining DNS Server Requirements
Planning server capacity
DNS server system requirements
Determining DNS Server Placement
DNS server placement
How many servers should you have?
Multimedia: Resolving Names with a DNS Server
The objective of this presentation is to explain the process for resolving names with a DNS server
You will learn how to:
Explain the functionality of a DNS server
Define the process for name resolution using a DNS server
Identify the query types
Explain DNS and WINS integration
DNS Server Roles
Role Situation
Caching-only servers
A remote office has a limited amount of available bandwidth
Non-recursive servers
You have Internet-facing DNS that are authoritative for one or more zones
Forward-only servers
You want to manage the DNS traffic between your network and the Internet
Conditional forwarders
You want DNS clients in separate networks to resolve each others’ names without having to query the DNS server on the Internet
Levels of Securing Microsoft DNS Servers
Security level Definition
Low-level security Does not have any security precautions configured
Medium-level security
Uses the DNS security features available without running DNS servers on domain controllers and storing DNS zones in Active Directory
High-level security
Uses the same configuration as medium-level security, and also uses the security features available when the DNS server service is running on a domain controller and DNS zones are stored in Active Directory
Guidelines for Planning a DNS Server
Determine server requirementsDetermine server requirements
Determine the level of security to implementDetermine the level of security to implement
Determine DNS server placementDetermine DNS server placement
Determine server functionalityDetermine server functionality
Practice: Planning DNS Server Security
In this practice, you will plan a DNS namespace based on a specific scenario and discuss the challenges presented by the plan
Lesson: Planning a Namespace
Multimedia: A Planning DNS Namespace Strategy
Choosing a Domain Name
DNS Namespace Options
Best Practices for Namespace Planning
Guidelines for Planning a Namespace
Multimedia: Planning a DNS Namespace Strategy
The objective of this presentation is to provide guidelines for planning a DNS namespace
You will learn:
How to separate internal and external namespaces
How to apply guidelines for integrating an Active Directory namespace and DNS namespace
How to identify a public namespace
Why the authoritative DNS server requires WINS records
The importance of planning a hierarchical namespace
Choosing a Domain Name
When choosing a domain name, consider:
ICANN maintains authority for top-level domains
Standard naming conventions
Individual namespace requirements
Uniqueness of domain names
DNS Namespace Options
Same Namespace
Same Namespace
Delegated NamespaceDelegated Namespace
Unique Namespace
Unique Namespace
Existing DNS Namespace
Existing DNS Namespace
Existing DNS Namespace
Existing DNS Namespace
Existing DNS Namespace
Existing DNS Namespace
nwtraders.com nwtraders.com nwtraders.com
nwtraders.localcorp.nwtraders.comnwtraders.com
InternalNamespace
InternalNamespace
InternalNamespace
InternalNamespace
InternalNamespace
InternalNamespace
Best Practices for Namespace Planning
Use distinguished namesUse distinguished names
Create an Active Directory-compatible namespaceCreate an Active Directory-compatible namespace
Separate internal and external namespacesSeparate internal and external namespaces
Guidelines for Planning a Namespace
Select a DNS namespace for your domainSelect a DNS namespace for your domain
Maintain namespace separation on internal and external serversMaintain namespace separation on internal and external servers
Use different namespaces for internal and external useUse different namespaces for internal and external use
Practice: Planning a DNS Namespace
In this practice, you will plan a DNS namespace based on a specific scenario, and discuss the challenges presented by the plan
Lesson: Planning Zones
Selecting Zone Types
Selecting Zone Data Location
Zone Security Considerations
Guidelines for Planning Zones
Selecting Zone Types
Zone type Available disk locations
Zone information Use this zone to:
Primary
Active DirectoryReplicated to other Active Directory-integrated zones
Act as the point of update for the zone Have a read/write copy of the zone information Administer zone information separately
File Transferred to secondary zone servers
SecondaryProvides limited fault tolerance
Provides limited fault tolerance
Have a read-only copy of the zone informationImprove availability of primary zonesImprove performance at local and remote locations
StubActive Directory Periodically queries the
target zone name servers for updates
Improve the efficiency of name resolutionSimplify DNS administrationFile
Selecting Zone Data Location
Chosen when integrating into existing Active Directory structure
Single point of support for DNS and Active Directory
Chosen when integrating into existing Active Directory structure
Single point of support for DNS and Active DirectoryActive Directory-
Integrated Zone
Chosen when root server is traditional DNS
Supports Active Directory–integrated zones as a delegated domain
Chosen when root server is traditional DNS
Supports Active Directory–integrated zones as a delegated domainCombination of Both
Zone Types
Chosen for integration into existing infrastructure
Separate support for DNS and Active Directory
Chosen for integration into existing infrastructure
Separate support for DNS and Active DirectoryTraditional DNS Zone
Zone Security Considerations
Secured dynamic updates in Active Directory
Dynamic DNS updates from DHCP
DNS client dynamic updates
Zone permissions
Guidelines for Planning Zones
Determine zone typeDetermine zone type
Determine zone integration requirementsDetermine zone integration requirements
Determine zone storage locationDetermine zone storage location
Determine zone security requirementsDetermine zone security requirements
Practice: Planning Zones
In this practice, you will plan a DNS zone based on a specific scenario and then discuss the challenges of the task
Lesson: Planning Zone Replication and Delegation
When to Create a Secondary Zone
Zone Transfers and Replication
Zone Transfer Security Measures
Zone Delegation
Guidelines for Planning Zone Replication and Delegation
When to Create a Secondary Zone
Create a secondary zone when you want to:
Provide zone redundancy
Reduce DNS network traffic
Reduce loads on a primary server for a zone
Zone Transfers and Replication
Zone type Replication options
Active Directory–integrated zone
Performing incremental replication between DNS serversAdjusting the Active Directory replication schedule
Traditional DNS zoneReplicating between primary and secondary zonesPerforming an incremental rather than a complete zone transfer
Active Directory–Integrated ZonesActive Directory–Integrated Zones Traditional DNS ZonesTraditional DNS Zones
Active Directory--Integrated Zone
Active Directory--Integrated Zone
Active Directory--Integrated Zone
Active Directory--Integrated Zone
Primary ZonePrimary Zone
Secondary ZoneSecondary Zone
ReplicationReplication Zone TransferZone Transfer
Zone Transfer Security Measures
Restricting zone transfers
Zone replication security
Encryption using IPSec and VPN tunnels
Encryption and authentication using Active Directory
Reducing the impact of replication
Zone Delegation
Provides the option of dividing the namespace into one or more zones
Use additional zones when you have:
A need to delegate management of part of your DNS namespace
A need to divide one large zone into smaller zones
Guidelines for Planning Zone Replication and Delegation
Identify when to create additional zonesIdentify when to create additional zones
Determine replication methodology Determine replication methodology
Determine replication security requirementsDetermine replication security requirements
Determine the need for delegating a zoneDetermine the need for delegating a zone
Practice: Planning Zone Replication and Delegation
In this practice, you will:
Plan zone replication and delegation
Discuss the challenges of planning zone replication and delegation
Lesson: Integrating DNS and WINS
Multimedia: Integrating DNS and WINS
WINS Integration
Modifying Cache Timeout Settings
WINS Integration Best Practices
Multimedia: Integrating DNS and WINS
The objective of this presentation is to explain the name resolution process when a DNS zone is configured for WINS forward lookup
You will learn:
How a DNS server can use WINS to resolve host names
Why the authoritative DNS server requires WINS records
WINS Integration
WINS resource records
WINS-R resource records
WINS reverse lookup
Modifying Cache Timeout Settings
Modify Cache Timeout Value if WINS information rarely changes
Lengthen Cache Timeout Value to reduce the number of queries between DNS and WINS servers
WINS Integration Best Practices
Designate a subdomain for WINS resolution
Delegate unresolved DNS queries to a subdomain
Specify WINS server in zone configuration
Designate a subdomain for WINS resolution
Delegate unresolved DNS queries to a subdomain
Specify WINS server in zone configuration
Lab A: Planning a DNS Strategy
Exercise 1: Planning DNS Configuration for Internal and External Namespaces