Module 5: Planning a DNS Strategy

Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating DNS and WINS

Lesson: Planning DNS Servers Multimedia: How DNS Clients Resolve Names Determining DNS Server Requirements Determining DNS Server Placement Multimedia: Resolving Names with a DNS Server DNS Server Roles Levels of Securing Microsoft DNS Servers Guidelines for Planning a DNS Server

Multimedia: How DNS Clients Resolve Names The objective of this presentation is to explain how DNS clients resolve HOST names to IP addresses You will learn how to:  Explain the functionality of a DNS server in a routed network  Identify a fully qualified domain name  Explain the process for using a DNS server to resolve a HOST name to an IP address

Determining DNS Server Requirements Planning server capacity DNS server system requirements

Determining DNS Server Placement DNS server placement How many servers should you have?

Multimedia: Resolving Names with a DNS Server The objective of this presentation is to explain the process for resolving names with a DNS server You will learn how to:  Explain the functionality of a DNS server  Define the process for name resolution using a DNS server  Identify the query types  Explain DNS and WINS integration

DNS Server Roles RoleSituation Caching-only servers A remote office has a limited amount of available bandwidth Non-recursive servers You have Internet-facing DNS that are authoritative for one or more zones Forward-only servers You want to manage the DNS traffic between your network and the Internet Conditional forwarders You want DNS clients in separate networks to resolve each others’ names without having to query the DNS server on the Internet

Levels of Securing Microsoft DNS Servers Security levelDefinition Low-level security Does not have any security precautions configured Medium-level security Uses the DNS security features available without running DNS servers on domain controllers and storing DNS zones in Active Directory High-level security Uses the same configuration as medium-level security, and also uses the security features available when the DNS server service is running on a domain controller and DNS zones are stored in Active Directory

Guidelines for Planning a DNS Server Determine server requirements Determine the level of security to implement Determine DNS server placement Determine server functionality

Practice: Planning DNS Server Security In this practice, you will plan a DNS namespace based on a specific scenario and discuss the challenges presented by the plan

Lesson: Planning a Namespace Multimedia: A Planning DNS Namespace Strategy Choosing a Domain Name DNS Namespace Options Best Practices for Namespace Planning Guidelines for Planning a Namespace

Multimedia: Planning a DNS Namespace Strategy The objective of this presentation is to provide guidelines for planning a DNS namespace You will learn:  How to separate internal and external namespaces  How to apply guidelines for integrating an Active Directory namespace and DNS namespace  How to identify a public namespace  Why the authoritative DNS server requires WINS records  The importance of planning a hierarchical namespace

Choosing a Domain Name When choosing a domain name, consider:  ICANN maintains authority for top-level domains  Standard naming conventions  Individual namespace requirements  Uniqueness of domain names

DNS Namespace Options Same Namespace Same Namespace Delegated Namespace Delegated Namespace Unique Namespace Unique Namespace Existing DNS Namespace nwtraders.com nwtraders.local corp.nwtraders.comnwtraders.com Internal Namespace Internal Namespace Internal Namespace Internal Namespace Internal Namespace Internal Namespace

Best Practices for Namespace Planning Use distinguished names Create an Active Directory-compatible namespace Separate internal and external namespaces

Guidelines for Planning a Namespace Select a DNS namespace for your domain Maintain namespace separation on internal and external servers Use different namespaces for internal and external use

Practice: Planning a DNS Namespace In this practice, you will plan a DNS namespace based on a specific scenario, and discuss the challenges presented by the plan

Lesson: Planning Zones Selecting Zone Types Selecting Zone Data Location Zone Security Considerations Guidelines for Planning Zones

Selecting Zone Types Zone type Available disk locations Zone informationUse this zone to: Primary Active Directory Replicated to other Active Directory- integrated zones Act as the point of update for the zone Have a read/write copy of the zone information Administer zone information separately File Transferred to secondary zone servers Secondary Provides limited fault tolerance Have a read-only copy of the zone information Improve availability of primary zones Improve performance at local and remote locations Stub Active Directory Periodically queries the target zone name servers for updates Improve the efficiency of name resolution Simplify DNS administration File

Selecting Zone Data Location Chosen when integrating into existing Active Directory structure Single point of support for DNS and Active Directory Chosen when integrating into existing Active Directory structure Single point of support for DNS and Active Directory Active Directory- Integrated Zone Chosen when root server is traditional DNS Supports Active Directory–integrated zones as a delegated domain Chosen when root server is traditional DNS Supports Active Directory–integrated zones as a delegated domain Combination of Both Zone Types Chosen for integration into existing infrastructure Separate support for DNS and Active Directory Chosen for integration into existing infrastructure Separate support for DNS and Active Directory Traditional DNS Zone

Zone Security Considerations Secured dynamic updates in Active Directory Dynamic DNS updates from DHCP DNS client dynamic updates Zone permissions

Guidelines for Planning Zones Determine zone type Determine zone integration requirements Determine zone storage location Determine zone security requirements

Practice: Planning Zones In this practice, you will plan a DNS zone based on a specific scenario and then discuss the challenges of the task

Lesson: Planning Zone Replication and Delegation When to Create a Secondary Zone Zone Transfers and Replication Zone Transfer Security Measures Zone Delegation Guidelines for Planning Zone Replication and Delegation

When to Create a Secondary Zone Create a secondary zone when you want to:  Provide zone redundancy  Reduce DNS network traffic  Reduce loads on a primary server for a zone

Zone Transfers and Replication Zone typeReplication options Active Directory– integrated zone Performing incremental replication between DNS servers Adjusting the Active Directory replication schedule Traditional DNS zone Replicating between primary and secondary zones Performing an incremental rather than a complete zone transfer Active Directory–Integrated Zones Traditional DNS Zones Active Directory-- Integrated Zone Primary Zone Secondary Zone Replication Zone Transfer

Zone Transfer Security Measures Restricting zone transfers Zone replication security Encryption using IPSec and VPN tunnels Encryption and authentication using Active Directory Reducing the impact of replication

Zone Delegation Provides the option of dividing the namespace into one or more zones Use additional zones when you have:  A need to delegate management of part of your DNS namespace  A need to divide one large zone into smaller zones

Guidelines for Planning Zone Replication and Delegation Identify when to create additional zones Determine replication methodology Determine replication security requirements Determine the need for delegating a zone

Practice: Planning Zone Replication and Delegation In this practice, you will:  Plan zone replication and delegation  Discuss the challenges of planning zone replication and delegation

Lesson: Integrating DNS and WINS Multimedia: Integrating DNS and WINS WINS Integration Modifying Cache Timeout Settings WINS Integration Best Practices

Multimedia: Integrating DNS and WINS The objective of this presentation is to explain the name resolution process when a DNS zone is configured for WINS forward lookup You will learn:  How a DNS server can use WINS to resolve host names  Why the authoritative DNS server requires WINS records

WINS Integration WINS resource records WINS-R resource records WINS reverse lookup

Modifying Cache Timeout Settings Modify Cache Timeout Value if WINS information rarely changes Lengthen Cache Timeout Value to reduce the number of queries between DNS and WINS servers

WINS Integration Best Practices Designate a subdomain for WINS resolution Delegate unresolved DNS queries to a subdomain Specify WINS server in zone configuration Designate a subdomain for WINS resolution Delegate unresolved DNS queries to a subdomain Specify WINS server in zone configuration

Lab A: Planning a DNS Strategy Exercise 1: Planning DNS Configuration for Internal and External Namespaces