Microsoft windows 2000 DNS manual Deploying DNS to Support Active Directory

Page 66

SUMMARY

secondary zones can be upgraded to DS integrated zones. At this point non-

 

Microsoft DNS servers can be safely retired and removed from the network.

 

Deploying DNS to Support Active Directory

 

If you are designing a brand new network environment, the process of deploying

 

Active Directory service/Windows 2000 DNS is relatively straightforward. Chances

 

are, however, that the Active Directory service you are designing will need to be

 

integrated into existing DNS infrastructure.

 

Partitioning, and Replication (Choosing your Zones)

 

When designing a DNS namespace for an Active Directory, the emphasis should be

 

placed on creating an effective partition and replication topology while keeping

 

replication and update traffic at bay.

 

The following domain/zone configuration is recommended:

 

Each Active Directory domain should have a DNS zone corresponding to the

 

name of the domain. This zone should be configured on a DNS server running

 

on the Domain Controllers in that Active Directory domain. The zone should be

 

Active Directory-integrated.

 

DNS servers should running on at least two domain controllers in each Active

 

Directory domain and at least one Domain Controller in each site.

 

Since most of the records ending with “_msdcs.<DnsForestName>” suffix should

 

be accessible through entire forest it could be useful to delegate a zone

 

“_msdcs.<DnsForestName>” from the zone “<DnsForestName>”. All DNS servers

 

in the enterprise that are connected to the primary for

 

“_msdcs.<DnsForestName>” zone servers, over slow or not-permanent links,

 

should be configured as secondary servers for the “_msdcs.<DnsForestName>”

 

zone. One DNS server from each site should be configured to poll

 

“_msdcs.<DnsForestName>” zone transfer from a primary server. All other DNS

 

server in a site poll the zone transfer from the chosen DNS server in that site.

 

The primaries should not notify secondaries of any changes in the zone. The

 

secondaries will pool updates from the primaries at zone refresh intervals. The

 

DNS server that polls the zone transfer directly from the primary server should

 

be configured to notify all other DNS servers in the same site. This

 

configuration doesn’t flood the network with the zone replication traffic while

 

enabling clients in the child domains to resolve DNS queries addressed to the

 

“_msdcs.<DnsForestName>” zone when the link is down.

 

The configuration of the reverse lookup zones is not based on the Windows 2000

 

Domain structure. Instead it is based on the range of IP addresses assigned to a

 

company. If a company is assigned B class IP addresses such as 172.56.X.Y. then

 

a reverse lookup zone of 56.172.in-addr.arpa. will be created. It may contain

 

delegations to other domains, such as, 1.56.172.in-addr.arpa., 2.56.172.in-

 

addr.arpa. and so on. It is also possible to configure classless reverse lookup zones

 

that as described in the Internet Draft “Classless IN_ADDR.ARPA delegation”.

Windows 2000 White Paper

60

Page 65 Page 67
Image 66
Page 65 Page 67
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Name Services in Windows Standards and Additional ReadingHistory of DNS Draft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIGStructure of DNS Hierarchy of DNS Domain NamesMit Mydomain Int/net/orgCom Edu Gov Mil Army Microsoft DNS and InternetTTL Distributing the Database Zone Files and DelegationReplicating the DNS database Microsoft My domain ftp NtserverNEW Features of the Windows 2000 DNS Querying the DatabaseName Server Resolver Root-server Gov Whitehouse.gov Updating the DNS Database Time to Live for Resource RecordsActive Directory Service Storage Model Active Directory Storage and Replication IntegrationWindows 2000 White Paper Controlling Access to Zones Replication ModelZone Type Conversions Incremental Zone Transfer Protocol DescriptionMaster DNS Server Dynamic UpdateZone Log File Slave DNS Server Ixfr and DS IntegrationUpdate Algorithm Dynamic Update of DNS RecordsMixed Environment Dhcp ClientRAS Client Statically Configured ClientSecure Dynamic Update Client ReregistrationEstablishing a security context by passing security tokens Secure Dynamic Update Policy DnsUpdateProxy Group Controlling Update Access to Zones and NamesDNS Admins Group Aging and ScavengingAging and Scavenging Parameters DefaultEnableScavenging Description Scavenging PeriodRecord Life Span Configuring Scavenging Parameters Scavenging AlgorithmUnicode Character Support Interoperability ConsiderationsDomain Locator Finish DNS Record Registration and Resolver Requirements IP/DNS Compatible LocatorLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Discovering Site specific DCs FinishCaching Resolver Name Resolution Fully-Qualified QueryUsing Global Suffix Search Order Unqualified Single-Label QueryUsing Primary and Per-adapter Domain Names Unqualified Multi-Label QueryName Resolution Scenarios Unqualified Single-Label Query ScenariosDNS Server List Management Fully-Qualified Query ScenariosMicrosoft Implementation of Negative Caching Negative CachingAdministrative Tools WMI Support for DNS Server AdministrationDNS Manager Interoperability Issues Using Wins and Winsr RecordsUsing UTF-8 Characters Format DNS Server Performance Receiving Non-RFC Compliant DataUtilization Server Capacity Planning Hardware components SizingInternet Access Considerations Choosing NamesWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Characters in Names Computer NamesFull computer name Per-Adapter NamingIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name Migration to Windows 2000 DNS DNSDeploying DNS to Support Active Directory Partitioning, and Replication Choosing your ZonesUsing Automatic Configuration Wins ReferralIxfr For More Information IxfrWindows 2000 White Paper
Top Page Image Contents