Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Zones. DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone.

Published byAndrew Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "DNS Zones. DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone."— Presentation transcript:

1 DNS Zones

2 DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone as long as they are contiguous – Example: west.Company.com can be kept in the same zone as Company.com.

3 DNS Zones Continued Zones are either “Forward Lookup” or “Reverse Lookup” – “Forward Lookup” zones resolve FQDNs to IP addresses – “Reverse Lookup” zones resolve IP addresses to FQDNs

4 FQDNs vs IP Addresses Client1.company.com 192.168.1.10/24

5 Tips “Reverse Lookup” zones are written backwards. This zone would provide IP to FQDN name resolution for the 192.168.1.0 network.

6 Tips Continued The DNS server in an nslookup command is listed as “UnKnown” unless you create a reverse lookup zone.

7 DNS Zones Continued There are two main types of zones that can be created: – Standard zones – Active Directory Integrated zones

8 Recap DNS Records kept in zones “Forward lookup:” Name to IP “Reverse lookup:” IP to name – Written backwards Each can have either Standard or Active Directory Integrated (ADI) zones

9 Standard Zones

10 Standard zones kept in text files in %systemroot%\system32\dns named domain name.dns.

11 Standard Zones Continued Two types of Standard zones: – Standard Primary: only read/write copy of the zone – Standard Secondary: read-only, used for fault tolerance and load balancing.

12 Standard Zones Continued Modifications to Standard zones must be made on the Primary Clients can only update records by contacting the Primary Updates to the Primary are sent to the Secondary using zone transfers

13 Zone Transfers Two triggers for zone transfers: – Refresh Interval – DNS Notify Zone transfers: – Require permission – Always initiated by the Secondary zone

14 Zone Transfers Continued

15

16

17 Best security: “Allow zone transfers:” “Only to the following servers” Second choice: “Allow zone transfers:” “Only to servers listed on the Name Servers tab” Avoid “Allow zone transfers:” “To any server”

18 Zone Transfers Continued The “Name Servers” tab lists authoritative DNS servers

19 Zone Transfers Continued 1.Secondary requests a copy of Primary’s “Start of Authority” (SOA) record – “Serial number:” starts at 1 and increments to infinity 2.If “Serial number:” on Primary is higher than Secondary’s, Secondary initiates zone transfer

20 Zone Transfers Continued

21 Zone transfers are in clear text. The only way to secure them would be a “Connection Security Rule” (IPSec)

22 Recap Standard Primary – only read/write Standard Secondary – read only Primary transfers changes to Secondary using zone transfers: – Need permission for copy of zone – Initiated by Secondary server – Not secure

23 Active Directory Integrated Zones ADI

24 Active Directory Integrated Zones (ADI) ADI zones store DNS in Active Directory – Only created on Domain Controllers – Changes exchanged through AD replication – No permission needed Three main benefits: – Multi-master – Secure “zone transfers” – Secure dynamic updates

25 ADI Continued

26

27 Tips Active Directory is a multi-master database: all copies of zone accept updates Any time clients must update records at more than one location requires ADI

28 ADI Continued DNS info transferred using replication, which is encrypted. “Zone transfers” automatically secure

29 ADI Continued Dynamic updates allow clients to update DNS records Secure Dynamic Updates record the SID of the client on the DNS record – Only that client can update record Secure Dynamic Updates can only be enforced on ADI zones To limit Dynamic Updates to domain members, allow only Secure Dynamic Updates

30 ADI Continued

31 Four replication scopes: – “To all DNS servers running on domain controllers in this forest.” – “To all DNS servers running on domain controllers in this domain.” – “To all domain controllers in this domain.” – “To all domain controllers in the scope of this directory partition.”

32 Tips DNS info must be stored on less than all of DCs in domain, create a directory partition – Can also be created using ntdsutil

33 ADI Continued

34 Replication scope of “To all domain controllers in the scope of this directory partition,” must create new partition in AD Then, select which Domain Controllers receive a copy

35 ADI Continued Create partition: dnscmd /createdirectorypartition Specify which DCS have a copy: dnscmd /enlistdirectorypartition

36 ADI Continued

37 Recap ADI zones store DNS in Active Directory – Only created on Domain Controllers – Changes exchanged through AD replication – No permission needed Three main benefits: – Multi-master – Secure “zone transfers” – Secure dynamic updates

38 Recap Continued Four replication scopes: – “To all DNS servers running on domain controllers in this forest.” – “To all DNS servers running on domain controllers in this domain.” – “To all domain controllers in this domain.” – “To all domain controllers in the scope of this directory partition.” Less than all DCs in Domain

Download ppt "DNS Zones. DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone."

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Web Server Administration

Web Server Administration
Objectives Install, configure, and troubleshoot DNS

Objectives Install, configure, and troubleshoot DNS
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System

Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.
Chapter 9: Configuring DNS for Active Directory

Chapter 9: Configuring DNS for Active Directory
4.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Chapter 10 Configuring DNS

Chapter 10 Configuring DNS
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Understanding Active Directory

Understanding Active Directory
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update

Similar presentations

Ads by Google