DNS Zones. DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone.

Slides:



Advertisements
Similar presentations
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Advertisements

Web Server Administration
Objectives Install, configure, and troubleshoot DNS
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.
Chapter 9: Configuring DNS for Active Directory
4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Chapter 10 Configuring DNS
Domain Name Services Oakton Community College CIS 238.
Understanding Active Directory
Windows Server 2008 Chapter 8 Last Update
Copyright line. Configuring DNS EXAM OBJECTIVES  An Introduction to Domain Name System (DNS)  Configuring a DNS Server  Creating DNS Zones  Configuring.
Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 2 Methods Configuring Name Resolution Methods.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Configuring and Managing the DNS Server Role Lesson 4.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
DNS and Active Directory Integration
Chapter Overview Understanding DNS Creating Zones
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Name Resolution Domain Name System.
(ITI310) By Eng. BASSEM ALSAID SESSIONS
Implementing DNS Module D 7: Implementing DNS
1 Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Windows Server 2008 R2 Domain Name System Chapter 5.
Module 2: Implementing DNS to Support Active Directory
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.
Zone Properties. Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
CITA 310 Section 1 Name Resolution (Textbook Chapter 4)
Fully Qualified Domain Names FQDNs. DNS Database A distributed, hierarchical database Resolves Fully Qualified Domain Names (FQDNs) to IP addresses –
1 Week 7 – DNS and ADDS Integration Review of DNS Concepts, Components, and Processes Install and Configure DNS in an AD DS Domain AD DS, DNS, and Windows.
Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008 Create.
Module 6: Managing and Monitoring Domain Name System (DNS)
Configuring Name Resolution and Additional Services Lesson 12.
Windows Server 2003 DNS 安裝設定與管理維護 林寶森
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Web Server Administration Chapter 4 Name Resolution.
NT1330 Client Server Networking 2
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
Configuring and Managing the DNS Server Role Lesson 4.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
IMPLEMENTING NAME RESOLUTION USING DNS
Configuring and Troubleshooting DNS
Benefits of Using Domain Name System (DNS)
Configuring and Managing the DNS Server Role
Working at a Small-to-Medium Business or ISP – Chapter 7
Managing Name Resolution
Windows Name Resolution
Presentation transcript:

DNS Zones

DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone as long as they are contiguous – Example: west.Company.com can be kept in the same zone as Company.com.

DNS Zones Continued Zones are either “Forward Lookup” or “Reverse Lookup” – “Forward Lookup” zones resolve FQDNs to IP addresses – “Reverse Lookup” zones resolve IP addresses to FQDNs

FQDNs vs IP Addresses Client1.company.com /24

Tips “Reverse Lookup” zones are written backwards. This zone would provide IP to FQDN name resolution for the network.

Tips Continued The DNS server in an nslookup command is listed as “UnKnown” unless you create a reverse lookup zone.

DNS Zones Continued There are two main types of zones that can be created: – Standard zones – Active Directory Integrated zones

Recap DNS Records kept in zones “Forward lookup:” Name to IP “Reverse lookup:” IP to name – Written backwards Each can have either Standard or Active Directory Integrated (ADI) zones

Standard Zones

Standard zones kept in text files in %systemroot%\system32\dns named domain name.dns.

Standard Zones Continued Two types of Standard zones: – Standard Primary: only read/write copy of the zone – Standard Secondary: read-only, used for fault tolerance and load balancing.

Standard Zones Continued Modifications to Standard zones must be made on the Primary Clients can only update records by contacting the Primary Updates to the Primary are sent to the Secondary using zone transfers

Zone Transfers Two triggers for zone transfers: – Refresh Interval – DNS Notify Zone transfers: – Require permission – Always initiated by the Secondary zone

Zone Transfers Continued

Best security: “Allow zone transfers:” “Only to the following servers” Second choice: “Allow zone transfers:” “Only to servers listed on the Name Servers tab” Avoid “Allow zone transfers:” “To any server”

Zone Transfers Continued The “Name Servers” tab lists authoritative DNS servers

Zone Transfers Continued 1.Secondary requests a copy of Primary’s “Start of Authority” (SOA) record – “Serial number:” starts at 1 and increments to infinity 2.If “Serial number:” on Primary is higher than Secondary’s, Secondary initiates zone transfer

Zone Transfers Continued

Zone transfers are in clear text. The only way to secure them would be a “Connection Security Rule” (IPSec)

Recap Standard Primary – only read/write Standard Secondary – read only Primary transfers changes to Secondary using zone transfers: – Need permission for copy of zone – Initiated by Secondary server – Not secure

Active Directory Integrated Zones ADI

Active Directory Integrated Zones (ADI) ADI zones store DNS in Active Directory – Only created on Domain Controllers – Changes exchanged through AD replication – No permission needed Three main benefits: – Multi-master – Secure “zone transfers” – Secure dynamic updates

ADI Continued

Tips Active Directory is a multi-master database: all copies of zone accept updates Any time clients must update records at more than one location requires ADI

ADI Continued DNS info transferred using replication, which is encrypted. “Zone transfers” automatically secure

ADI Continued Dynamic updates allow clients to update DNS records Secure Dynamic Updates record the SID of the client on the DNS record – Only that client can update record Secure Dynamic Updates can only be enforced on ADI zones To limit Dynamic Updates to domain members, allow only Secure Dynamic Updates

ADI Continued

Four replication scopes: – “To all DNS servers running on domain controllers in this forest.” – “To all DNS servers running on domain controllers in this domain.” – “To all domain controllers in this domain.” – “To all domain controllers in the scope of this directory partition.”

Tips DNS info must be stored on less than all of DCs in domain, create a directory partition – Can also be created using ntdsutil

ADI Continued

Replication scope of “To all domain controllers in the scope of this directory partition,” must create new partition in AD Then, select which Domain Controllers receive a copy

ADI Continued Create partition: dnscmd /createdirectorypartition Specify which DCS have a copy: dnscmd /enlistdirectorypartition

ADI Continued

Recap ADI zones store DNS in Active Directory – Only created on Domain Controllers – Changes exchanged through AD replication – No permission needed Three main benefits: – Multi-master – Secure “zone transfers” – Secure dynamic updates

Recap Continued Four replication scopes: – “To all DNS servers running on domain controllers in this forest.” – “To all DNS servers running on domain controllers in this domain.” – “To all domain controllers in this domain.” – “To all domain controllers in the scope of this directory partition.” Less than all DCs in Domain

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.