Module 5: Planning a DNS Strategy

Overview

Planning DNS Servers

Planning a Namespace

Planning Zones

Planning Zone Replication and Delegation

Integrating DNS and WINS

Lesson: Planning DNS Servers

Multimedia: How DNS Clients Resolve Names

Determining DNS Server Requirements

Determining DNS Server Placement

Multimedia: Resolving Names with a DNS Server

DNS Server Roles

Levels of Securing Microsoft DNS Servers

Guidelines for Planning a DNS Server

Multimedia: How DNS Clients Resolve Names

The objective of this presentation is to explain how DNS clients resolve HOST names to IP addresses

You will learn how to:

Explain the functionality of a DNS server in a routed network

Identify a fully qualified domain name

Explain the process for using a DNS server to resolve a HOST name to an IP address

Determining DNS Server Requirements

Planning server capacity

DNS server system requirements

Determining DNS Server Placement

DNS server placement

How many servers should you have?

Multimedia: Resolving Names with a DNS Server

The objective of this presentation is to explain the process for resolving names with a DNS server

You will learn how to:

Explain the functionality of a DNS server

Define the process for name resolution using a DNS server

Identify the query types

Explain DNS and WINS integration

DNS Server Roles

Role Situation

Caching-only servers

A remote office has a limited amount of available bandwidth

Non-recursive servers

You have Internet-facing DNS that are authoritative for one or more zones

Forward-only servers

You want to manage the DNS traffic between your network and the Internet

Conditional forwarders

You want DNS clients in separate networks to resolve each others’ names without having to query the DNS server on the Internet

Levels of Securing Microsoft DNS Servers

Security level Definition

Low-level security Does not have any security precautions configured

Medium-level security

Uses the DNS security features available without running DNS servers on domain controllers and storing DNS zones in Active Directory

High-level security

Uses the same configuration as medium-level security, and also uses the security features available when the DNS server service is running on a domain controller and DNS zones are stored in Active Directory

Guidelines for Planning a DNS Server

Determine server requirementsDetermine server requirements

Determine the level of security to implementDetermine the level of security to implement

Determine DNS server placementDetermine DNS server placement

Determine server functionalityDetermine server functionality

Practice: Planning DNS Server Security

In this practice, you will plan a DNS namespace based on a specific scenario and discuss the challenges presented by the plan

Lesson: Planning a Namespace

Multimedia: A Planning DNS Namespace Strategy

Choosing a Domain Name

DNS Namespace Options

Best Practices for Namespace Planning

Guidelines for Planning a Namespace

Multimedia: Planning a DNS Namespace Strategy

The objective of this presentation is to provide guidelines for planning a DNS namespace

You will learn:

How to separate internal and external namespaces

How to apply guidelines for integrating an Active Directory namespace and DNS namespace

How to identify a public namespace

Why the authoritative DNS server requires WINS records

The importance of planning a hierarchical namespace

Choosing a Domain Name

When choosing a domain name, consider:

ICANN maintains authority for top-level domains

Standard naming conventions

Individual namespace requirements

Uniqueness of domain names

DNS Namespace Options

Same Namespace

Same Namespace

Delegated NamespaceDelegated Namespace

Unique Namespace

Unique Namespace

Existing DNS Namespace

Existing DNS Namespace

Existing DNS Namespace

Existing DNS Namespace

Existing DNS Namespace

Existing DNS Namespace

nwtraders.com nwtraders.com nwtraders.com

nwtraders.localcorp.nwtraders.comnwtraders.com

InternalNamespace

InternalNamespace

InternalNamespace

InternalNamespace

InternalNamespace

InternalNamespace

Best Practices for Namespace Planning

Use distinguished namesUse distinguished names

Create an Active Directory-compatible namespaceCreate an Active Directory-compatible namespace

Separate internal and external namespacesSeparate internal and external namespaces

Guidelines for Planning a Namespace

Select a DNS namespace for your domainSelect a DNS namespace for your domain

Maintain namespace separation on internal and external serversMaintain namespace separation on internal and external servers

Use different namespaces for internal and external useUse different namespaces for internal and external use

Practice: Planning a DNS Namespace

In this practice, you will plan a DNS namespace based on a specific scenario, and discuss the challenges presented by the plan

Lesson: Planning Zones

Selecting Zone Types

Selecting Zone Data Location

Zone Security Considerations

Guidelines for Planning Zones

Selecting Zone Types

Zone type Available disk locations

Zone information Use this zone to:

Primary

Active DirectoryReplicated to other Active Directory-integrated zones

Act as the point of update for the zone Have a read/write copy of the zone information Administer zone information separately

File Transferred to secondary zone servers

SecondaryProvides limited fault tolerance

Provides limited fault tolerance

Have a read-only copy of the zone informationImprove availability of primary zonesImprove performance at local and remote locations

StubActive Directory Periodically queries the

target zone name servers for updates

Improve the efficiency of name resolutionSimplify DNS administrationFile

Selecting Zone Data Location

Chosen when integrating into existing Active Directory structure

Single point of support for DNS and Active Directory

Chosen when integrating into existing Active Directory structure

Single point of support for DNS and Active DirectoryActive Directory-

Integrated Zone

Chosen when root server is traditional DNS

Supports Active Directory–integrated zones as a delegated domain

Chosen when root server is traditional DNS

Supports Active Directory–integrated zones as a delegated domainCombination of Both

Zone Types

Chosen for integration into existing infrastructure

Separate support for DNS and Active Directory

Chosen for integration into existing infrastructure

Separate support for DNS and Active DirectoryTraditional DNS Zone

Zone Security Considerations

Secured dynamic updates in Active Directory

Dynamic DNS updates from DHCP

DNS client dynamic updates

Zone permissions

Guidelines for Planning Zones

Determine zone typeDetermine zone type

Determine zone integration requirementsDetermine zone integration requirements

Determine zone storage locationDetermine zone storage location

Determine zone security requirementsDetermine zone security requirements

Practice: Planning Zones

In this practice, you will plan a DNS zone based on a specific scenario and then discuss the challenges of the task

Lesson: Planning Zone Replication and Delegation

When to Create a Secondary Zone

Zone Transfers and Replication

Zone Transfer Security Measures

Zone Delegation

Guidelines for Planning Zone Replication and Delegation

When to Create a Secondary Zone

Create a secondary zone when you want to:

Provide zone redundancy

Reduce DNS network traffic

Reduce loads on a primary server for a zone

Zone Transfers and Replication

Zone type Replication options

Active Directory–integrated zone

Performing incremental replication between DNS serversAdjusting the Active Directory replication schedule

Traditional DNS zoneReplicating between primary and secondary zonesPerforming an incremental rather than a complete zone transfer

Active Directory–Integrated ZonesActive Directory–Integrated Zones Traditional DNS ZonesTraditional DNS Zones

Active Directory--Integrated Zone

Active Directory--Integrated Zone

Active Directory--Integrated Zone

Active Directory--Integrated Zone

Primary ZonePrimary Zone

Secondary ZoneSecondary Zone

ReplicationReplication Zone TransferZone Transfer

Zone Transfer Security Measures

Restricting zone transfers

Zone replication security

Encryption using IPSec and VPN tunnels

Encryption and authentication using Active Directory

Reducing the impact of replication

Zone Delegation

Provides the option of dividing the namespace into one or more zones

Use additional zones when you have:

A need to delegate management of part of your DNS namespace

A need to divide one large zone into smaller zones

Guidelines for Planning Zone Replication and Delegation

Identify when to create additional zonesIdentify when to create additional zones

Determine replication methodology Determine replication methodology

Determine replication security requirementsDetermine replication security requirements

Determine the need for delegating a zoneDetermine the need for delegating a zone

Practice: Planning Zone Replication and Delegation

In this practice, you will:

Plan zone replication and delegation

Discuss the challenges of planning zone replication and delegation

Lesson: Integrating DNS and WINS

Multimedia: Integrating DNS and WINS

WINS Integration

Modifying Cache Timeout Settings

WINS Integration Best Practices

Multimedia: Integrating DNS and WINS

The objective of this presentation is to explain the name resolution process when a DNS zone is configured for WINS forward lookup

You will learn:

How a DNS server can use WINS to resolve host names

Why the authoritative DNS server requires WINS records

WINS Integration

WINS resource records

WINS-R resource records

WINS reverse lookup

Modifying Cache Timeout Settings

Modify Cache Timeout Value if WINS information rarely changes

Lengthen Cache Timeout Value to reduce the number of queries between DNS and WINS servers

WINS Integration Best Practices

Designate a subdomain for WINS resolution

Delegate unresolved DNS queries to a subdomain

Specify WINS server in zone configuration

Designate a subdomain for WINS resolution

Delegate unresolved DNS queries to a subdomain

Specify WINS server in zone configuration

Lab A: Planning a DNS Strategy

Exercise 1: Planning DNS Configuration for Internal and External Namespaces