11

DESIGNING THE DNS STRUCTURE

Chapter 2

Chapter 2: DESIGNING THE DNS STRUCTURE 2

NAME RESOLUTION PROCESS

Chapter 2: DESIGNING THE DNS STRUCTURE 3

DNS FORWARDING

Chapter 2: DESIGNING THE DNS STRUCTURE 4

DNS DELEGATION AND NAME RESOLUTION

Chapter 2: DESIGNING THE DNS STRUCTURE 5

ANALYZING THE EXISTING DNS IMPLEMENTATION

Chapter 2: DESIGNING THE DNS STRUCTURE 6

COMPONENTS OF DNS

DNS zones

Zone transfers

Server roles

Chapter 2: DESIGNING THE DNS STRUCTURE 7

DNS ZONES

Chapter 2: DESIGNING THE DNS STRUCTURE 8

ZONE TRANSFERS

Full zone transfer (AXFR) All resource records for a zone are copied.

Incremental zone transfer (IXFR) Only the changes made to resource records

are copied.

Results in less network traffic.

Chapter 2: DESIGNING THE DNS STRUCTURE 9

SERVER ROLES

Primary DNS server Contains the local zone database file

Secondary DNS server Contains a copy of the zone database file

Caching-only DNS server Caches the answers to queries and returns

the results

Does not contain zone information

Chapter 2: DESIGNING THE DNS STRUCTURE 10

IDENTIFYING THE CURRENT NAMESPACE

Chapter 2: DESIGNING THE DNS STRUCTURE 11

DNS NAMESPACE DESIGN

The following business needs affect the DNS naming strategy: The intended scope of Active Directory

Internet presence

Whether DNS must support Active Directory

Chapter 2: DESIGNING THE DNS STRUCTURE 12

CHOOSING A DNS NAME

Choose and register a root domain name that is unique on the Internet.

The root domain name must conform to DNS naming standards.

Choose meaningful, stable, scalable names.

The root domain name can be an existing DNS domain name.

Chapter 2: DESIGNING THE DNS STRUCTURE 13

DNS INTEROPERABILITY WITH ACTIVE DIRECTORY

Active Directory–integrated zone transfers

Multi-master replication

Fault tolerance

Secure updates

Single replication topology

Chapter 2: DESIGNING THE DNS STRUCTURE 14

DNS INTEROPERABILITY WITH ACTIVE DIRECTORY

Chapter 2: DESIGNING THE DNS STRUCTURE 15

DNS INTEROPERABILITY WITH DHCP

Chapter 2: DESIGNING THE DNS STRUCTURE 16

DNS INTEROPERABILITY WITH WINS

Chapter 2: DESIGNING THE DNS STRUCTURE 17

ZONE REQUIREMENTS

Chapter 2: DESIGNING THE DNS STRUCTURE 18

SECURITY

Potential security threats

Securing the DNS infrastructure

Securing replication data

Chapter 2: DESIGNING THE DNS STRUCTURE 19

SECURING THE DNS INFRASTRUCTURE

Use a private namespace

UDP and TCP port 53

Disable recursion

Restrict zone transfers

NTFS

Secure updates

Chapter 2: DESIGNING THE DNS STRUCTURE 20

SECURING REPLICATION DATA

Chapter 2: DESIGNING THE DNS STRUCTURE 21

DNS INTEROPERABILITY WITH UNIX BERKELEY INTERNET NAME DOMAIN (BIND) Windows Server 2003 DNS offers maximum

compatibility with Active Directory. BIND DNS servers can be integrated with

Active Directory.

BIND 8.2.2 and later support dynamic updates.

Chapter 2: DESIGNING THE DNS STRUCTURE 22

WINDOWS SERVER 2003 DNS AND BIND COMPARED

Chapter 2: DESIGNING THE DNS STRUCTURE 23

DESIGNING DNS SERVER PLACEMENT

Chapter 2: DESIGNING THE DNS STRUCTURE 24

SERVER PLACEMENT

Fault tolerance

High availability

Chapter 2: DESIGNING THE DNS STRUCTURE 25

MONITORING DNS

Chapter 2: DESIGNING THE DNS STRUCTURE 26

CACHING-ONLY DNS SERVERS

Chapter 2: DESIGNING THE DNS STRUCTURE 27

LOAD BALANCING

Chapter 2: DESIGNING THE DNS STRUCTURE 28

SUMMARY

Before you design DNS, what information do you need about the existing DNS infrastructure?

What are some of the benefits of choosing Active Directory–integrated zones?

What factors influence the DNS namespace design?

How can zone replication data be secured?

What are some ways to improve DNS performance?