Microsoft windows 2000 DNS manual Integrating ADS with Existing DNS Structure

Page 63

 

 

 

 

 

 

 

Active Directory Domain: MyCompany.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Internal Backup Network

 

 

Public Network

 

 

 

 

Host name: MyComputer

 

 

 

 

 

 

 

 

 

100BaseT

 

 

10BaseT

 

 

 

 

Primary DNS suffix –MyCompany.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Full computer name : MyComputer.MyCompany.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Adapter-specific DNS suffix: example1.com

DNS Names:

MyComputer.MyCompany.com

MyComputer.example1.com

Adapter-specific DNS suffix: example2.com

DNS Names: MyComputer.MyCompany.com MyComputer.example2.com

In the picture above, a machine with the MyComputer Host name is joined to the MyCompany.com. AD domain. Its primary DNS suffix is also set by default to MyCompany.com.

The first adapter, which is being used for public access, is configured with the example1.com. DNS suffix. The second adapter, which is used exclusively for backups, has the example2.com. DNS suffix. The machine, therefore, can be accessed publicly through the first adapter using the MyComputer.example1.com. DNS name. For backup purposes the same machine can be accessed through the second adapter using the MyComputer.example2.com. DNS name.

Integrating ADS with Existing DNS Structure

In order for a DNS server to be able to support the Active Directory it is required to support the SRV records and it is recommended to support the dynamic updates, as described in the RFC 2136.

When integrating ADS into an existing DNS infrastructure, the decision needs to be made whether the Active Directory namespace will join, or overlap the existing DNS namespace.

If there is no overlap, you can delegate a new Windows 2000 DNS namespace from the existing DNS structure. When a DNS namespace is delegated off an existing DNS tree, the DNS server that owns the zone file for the newly delegated namespace, and becomes the primary master for that namespace. The DNS zone name, that has been delegated, should correspond to the ADS root domain. This approach is not required, but recommended if you want to use the benefits of the Windows 2000 DNS server. You may continue using the existing DNS server without delegating the Active Directory namespace as long as current DNS servers support the SRV records and the dynamic updates.

If the overlap is inevitable, then the approach you should take depends on whether the existing DNS tree is implemented using Windows NT 4.0 DNS, or a non- Microsoft product.

Windows 2000 White Paper

57

Page 62 Page 64
Image 63
Page 62 Page 64
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Standards and Additional Reading Name Services in WindowsDraft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIG History of DNSHierarchy of DNS Domain Names Structure of DNSDNS and Internet Int/net/orgCom Edu Gov Mil Army Microsoft Mit MydomainDistributing the Database Zone Files and Delegation TTLMicrosoft My domain ftp Ntserver Replicating the DNS databaseQuerying the Database NEW Features of the Windows 2000 DNSName Server Resolver Root-server Gov Whitehouse.gov Time to Live for Resource Records Updating the DNS DatabaseActive Directory Storage and Replication Integration Active Directory Service Storage ModelWindows 2000 White Paper Controlling Access to Zones Replication ModelZone Type Conversions Protocol Description Incremental Zone TransferSlave DNS Server Ixfr and DS Integration Dynamic UpdateZone Log File Master DNS ServerDynamic Update of DNS Records Update AlgorithmDhcp Client Mixed EnvironmentClient Reregistration Statically Configured ClientSecure Dynamic Update RAS ClientEstablishing a security context by passing security tokens Secure Dynamic Update Policy Controlling Update Access to Zones and Names DnsUpdateProxy GroupAging and Scavenging DNS Admins GroupAging and Scavenging Parameters DefaultEnableScavenging Scavenging Period DescriptionRecord Life Span Scavenging Algorithm Configuring Scavenging ParametersInteroperability Considerations Unicode Character SupportDomain Locator Finish IP/DNS Compatible Locator DNS Record Registration and Resolver RequirementsLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Finish Discovering Site specific DCsCaching Resolver Fully-Qualified Query Name ResolutionUnqualified Single-Label Query Using Global Suffix Search OrderUnqualified Multi-Label Query Using Primary and Per-adapter Domain NamesUnqualified Single-Label Query Scenarios Name Resolution ScenariosNegative Caching Fully-Qualified Query ScenariosMicrosoft Implementation of Negative Caching DNS Server List ManagementAdministrative Tools WMI Support for DNS Server AdministrationDNS Manager Interoperability Issues Using Wins and Winsr RecordsUsing UTF-8 Characters Format DNS Server Performance Receiving Non-RFC Compliant DataUtilization Hardware components Sizing Server Capacity PlanningChoosing Names Internet Access ConsiderationsWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Computer Names Characters in NamesPer-Adapter Naming Full computer nameIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name DNS Migration to Windows 2000 DNSPartitioning, and Replication Choosing your Zones Deploying DNS to Support Active DirectoryWins Referral Using Automatic ConfigurationIxfr Ixfr For More InformationWindows 2000 White Paper
Top Page Image Contents