Microsoft windows 2000 DNS manual Choosing Names, Internet Access Considerations

Page 52

namespace and DNS architecture to support it, and then revising the ADS and DNS design if unforeseen, or undesirable consequences are uncovered.

The Windows 2000 Active Directory Namespace Design white paper describes the ADS namespace, including the forest and tree domain structure, organizational units, the global catalog, trust relationships, and replication. It then provides examples of namespace implementations and describes the architectural criteria that network architects and administrators should consider when designing an Active Directory namespace for the Enterprise. By following the recommendations in that paper, the Enterprise network architect should be able to design a namespace that is capable of withstanding company reorganizations without expensive restructuring.

Some of the fundamental DNS design questions that need to be answered are:

How many Active Directory domains will you have?

What will their names be?

Will your DNS namespace have a private root?

What will your computer names be?

Choosing Names

In Windows 2000, Active Directory domains are named with DNS names. When choosing DNS names to use for your Active Directory domains, identify the registered DNS domain name suffix that your company has reserved for use on the Internet, such as ‘company.com.’. It is recommended that you use different internal and external namespaces to simplify name resolution process. So, you could use internally (and as a forest root) a registered DNS suffix different from the external one, like “comp.com.”, or subdomain of the external domain, like “corp.company.com.”. You can then combine this name with a location or organizational name used within your company to form full names for your Active Directory domains, for example “hr.corp.company.com.”. This method of naming ensures that each Active Directory domain name is globally unique.

Once you have decided on DNS names for each of your Active Directory domains, you can use these names as parents for creating additional child domains to further manage other divisions within your company. Child domains must have DNS names that are immediately subordinate to their parent’s DNS name. For example, if a child domain were to be added in the ”us.corp.company.com.” tree for the human resources department in the American branch of the company, an appropriate name for that domain might be “hr.us.corp.company.com.”

Internet Access Considerations

Typically, a company namespace consists of two portions: private and public. The private one is a portion invisible from the outside world, while the public one is exposed to the Internet. Here the names that form the private and public namespaces are referred to as internal and external, respectively. Even though the private names are not exposed to the Internet, repetition of any external names (not only from the company, but from the Internet in general) in the private namespace is

Windows 2000 White Paper

46

Page 51 Page 53
Image 52
Page 51 Page 53
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Name Services in Windows Standards and Additional ReadingHistory of DNS Draft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIGStructure of DNS Hierarchy of DNS Domain NamesInt/net/org Com Edu Gov Mil Army MicrosoftMit Mydomain DNS and InternetTTL Distributing the Database Zone Files and DelegationReplicating the DNS database Microsoft My domain ftp NtserverNEW Features of the Windows 2000 DNS Querying the DatabaseName Server Resolver Root-server Gov Whitehouse.gov Updating the DNS Database Time to Live for Resource RecordsActive Directory Service Storage Model Active Directory Storage and Replication IntegrationWindows 2000 White Paper Replication Model Controlling Access to ZonesZone Type Conversions Incremental Zone Transfer Protocol DescriptionDynamic Update Zone Log FileMaster DNS Server Slave DNS Server Ixfr and DS IntegrationUpdate Algorithm Dynamic Update of DNS RecordsMixed Environment Dhcp ClientStatically Configured Client Secure Dynamic UpdateRAS Client Client ReregistrationEstablishing a security context by passing security tokens Secure Dynamic Update Policy DnsUpdateProxy Group Controlling Update Access to Zones and NamesDNS Admins Group Aging and ScavengingAging and Scavenging Parameters DefaultEnableScavenging Description Scavenging PeriodRecord Life Span Configuring Scavenging Parameters Scavenging AlgorithmUnicode Character Support Interoperability ConsiderationsDomain Locator Finish DNS Record Registration and Resolver Requirements IP/DNS Compatible LocatorLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Discovering Site specific DCs FinishCaching Resolver Name Resolution Fully-Qualified QueryUsing Global Suffix Search Order Unqualified Single-Label QueryUsing Primary and Per-adapter Domain Names Unqualified Multi-Label QueryName Resolution Scenarios Unqualified Single-Label Query ScenariosFully-Qualified Query Scenarios Microsoft Implementation of Negative CachingDNS Server List Management Negative CachingWMI Support for DNS Server Administration Administrative ToolsDNS Manager Using Wins and Winsr Records Interoperability IssuesUsing UTF-8 Characters Format Receiving Non-RFC Compliant Data DNS Server PerformanceUtilization Server Capacity Planning Hardware components SizingInternet Access Considerations Choosing NamesWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Characters in Names Computer NamesFull computer name Per-Adapter NamingIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name Migration to Windows 2000 DNS DNSDeploying DNS to Support Active Directory Partitioning, and Replication Choosing your ZonesUsing Automatic Configuration Wins ReferralIxfr For More Information IxfrWindows 2000 White Paper
Top Page Image Contents