Professional Documents
Culture Documents
Designing Name Resolution
Designing Name Resolution
Module Overview
Collecting Information for a Name Resolution Design Designing a DNS Server Strategy
Design
Host Requirements for a Name Resolution Design NetBIOS Resources Discussion: Gathering Data for a Name Resolution Design
Consider whether: A DNS infrastructure exists The Active Directory namespace is the same as the public DNS namespace The Active Directory namespace does not overlap with the public DNS namespace
NetBIOS name resolution services, such as WINS, are used on the network
Number of locations
servers
Active Directory
Client computers
NetBIOS Resources
Identify systems and applications that rely on NetBIOS for name resolution, including:
Windows 98, Windows NT Windows workgroups that do not implement Active
Directory
Server requirements:
Approximately 4 MB of RAM for the service Approximately 100 bytes for each resource record
that are authoritative for one or more zones traffic between your network and the Internet separate networks to resolve each others names without having to query the DNS server on the Internet
Same Namespace
Public DNS Namespace
Subdomain
Unique Namespace
Public DNS Namespace
nwtraders.com
nwtraders.com
nwtraders.com
Subdomain:
Record synchronization is not required Contiguous namespace is easy to understand
Unique namespace:
Record synchronization is not required Existing DNS infrastructure is unaffected Clearly delineates between internal and external DNS
Description
All internal and external on a single server Simple deployment External and internal DNS are hosted on separate
servers
Split DNS
requests
Increased security over complete DNS External and internal DNS are hosted on separate
servers only
Split-Split DNS
One external server host resolves local records One external server resolves non-local records only
Carefully select your internal namespace before installing Active Directory Use an internal domain that is a sub-domain of the external domain, for simplicity Use unrelated namespaces if you cannot create your internal domain as a subdomain on the external domain
Avoid using the same internal and external namespace
Zone information
Replicated to other Active Directoryintegrated zones Transferred to secondary zone servers
Primary
File
Secondary
File
Active Directory
Stub
File
Secured dynamic updates in Active Directory Dynamic DNS updates from DHCP
DNS client dynamic updates
Zone permissions
Zone Transfers
Zone Delegation
Zone Replication
Active DirectoryIntegrated Zones Traditional DNS Zones
Replication
Zone Transfer
Primary Zone
Secondary Zone
Zone type
Active Directory integrated zone Traditional DNS zone
Replication options
Performing incremental replication between DNS servers Adjusting the Active Directory replication schedule Replicating between primary and secondary zones Performing an incremental rather than a complete zone transfer
Zone Transfers
Security options for zone transfers are:
Restricting zone transfers Securing zone transfers with VPN or IPSec Using Active Directory-integrated zones to
Zone Delegation
namespace
Strategy
Exercise 4: Discuss the Design of Name Resolution Exercise 5: Implement a DNS and Zone Replication
Strategy
Logon information
Administrator Pa$$w0rd