Windows Server 2003 DNS Integration with Active Directory
Download
Report
Transcript Windows Server 2003 DNS Integration with Active Directory
[TNT1-114]
DNS and Active Directory
NYeWin 6/2/2005
Michael J. Murphy
TechNet Presenter
[email protected]
http://blogs.technet.net.com/mjmurphy
Prerequisite Knowledge
Windows Server 2003
Active Directory Structure
DNS Concepts
Level 200
Agenda
DNS Features &Configuration
Active Directory Integration
Installing and Managing DNS
DNS Features &Configuration
DNS Basics
Domain Naming System
Name Resolution Protocol for TCP/IP
Networks
Hierarchical, Distributed Database
Forward Lookup Zone
Who is NY-CERT-01?
NY-CERT-01 =
192.168.80.6
Reverse Lookup Zone
Who is 192.168.80.9?
192.168.80.9 =
NY-WXP-01
DNS Features &Configuration
Namespace Structure
Internet Root
.
Top-level
Domains
com
org
Second Level
Domains
gov
Contoso.com
WideWorldImporters.com
IRS.gov
us.Contoso.com
research.Contoso.com
Sub-domains
DNS Features &Configuration
Namespace Structure
Contoso.local
us.Contoso.local
research.Contoso.local
DNS Features & Configuration
Name Resolution by Root Hints
Query: www.contoso.com
DNS Server
Requesting Client
DNS Features & Configuration
Name Resolution by Root Hints
DNS Server
Requesting Client
DNS Features & Configuration
Name Resolution by Root Hints
DNS Server
Query: www.contoso.com
Reply: com is delegated to com Server
“.” Zone
Delegation
com Zone
Requesting Client
DNS Features & Configuration
Name Resolution by Root Hints
DNS Server
Query: www.contoso.com
Reply: com is delegated to com Server
Reply: 192.168.80.5
Query: www.contoso.com
“.” Zone
Delegation
com Zone
Delegation
contoso.com Zone
Requesting Client
DNS Features & Configuration
Name Resolution by Root Hints
DNS Server
Query: www.contoso.com
Reply: com is delegated to com Server
“.” Zone
Delegation
com Zone
Delegation
contoso.com Zone
Requesting Client
DNS Features & Configuration
Name Resolution by Root Hints
DNS Server
Query: www.contoso.com
Reply: com is delegated to com Server
Reply: 192.168.80.5
“.” Zone
Delegation
com Zone
Delegation
contoso.com Zone
Requesting Client
DNS Features & Configuration
Name Resolution by Forwarding
Query: www.contoso.com
Internal
DNS Server
Requesting Client
DNS Features & Configuration
Name Resolution by Forwarding
DMZ
DNS Server
Query: www.contoso.com
Internal
DNS Server
Requesting Client
DNS Features & Configuration
Name Resolution by Forwarding
Internal
DNS Server
DMZ
DNS Server
Query: www.contoso.com
“.” Zone
com Zone
contoso.com Zone
Requesting Client
DNS Features & Configuration
Name Resolution by Forwarding
DMZ
DNS Server
Query: www.contoso.com
Internal
DNS Server
Requesting Client
DNS Features & Configuration
Name Resolution by Forwarding
DMZ
DNS Server
Query: www.contoso.com
Internal
DNS Server
contoso.com Zone
Requesting Client
Agenda
DNS Features & Configuration
Active Directory Integration
Installing and Managing DNS
Active Directory Integration
Primary and Secondary Zones
London Site
Primary DNS Server
Secondary DNS Servers
Tilbury Site
Seattle Site
Secondary DNS Servers
Secondary DNS Servers
New York Site
Active Directory Integration
Primary and Secondary Zones
London Site
Primary DNS Server
Secondary DNS Servers
Tilbury Site
Seattle Site
Secondary DNS Servers
Secondary DNS Servers
New York Site
Active Directory Integration
Primary and Secondary Zones
London Site
Primary DNS Server
Secondary DNS Servers
Tilbury Site
Seattle Site
Secondary DNS Servers
Secondary DNS Servers
New York Site
Active Directory Integration
Primary and Secondary Zones
London Site
Primary DNS Server
Secondary DNS Servers
Tilbury Site
Seattle Site
Secondary DNS Servers
Secondary DNS Servers
New York Site
Active Directory Integration
Primary and Secondary Zones
London Site
Primary DNS Server
Secondary DNS Servers
Tilbury Site
Seattle Site
Secondary DNS Servers
Secondary DNS Servers
New York Site
Active Directory Integration
Active Directory Integrated Zones
London Site
Primary DNS Server
Primary DNS Servers
Tilbury Site
Seattle Site
Primary DNS Servers
Primary DNS Servers
New York Site
Active Directory Integration
Active Directory Integrated Zones
London Site
Primary DNS Server
Primary DNS Servers
Tilbury Site
Seattle Site
Primary DNS Servers
Primary DNS Servers
New York Site
Active Directory Integration
Active Directory Integrated Zones
London Site
Primary DNS Server
Primary DNS Servers
Tilbury Site
Seattle Site
Primary DNS Servers
Primary DNS Servers
New York Site
Active Directory Integration
AD Integrated Zone Structure
NY-DNS-01
Forward Lookup Zones
Contoso.com
_msdcs
_sites
Contoso.com
_tcp
_udp
DomainDnsZones
ForestDnsZones
Reverse Lookup Zones
Active Directory Integration
Directory Partitions
DC=WideWorldImporters,DC=com
CN=Configuration,DC=WideWorldImporters,DC=com
CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com
Active Directory Integration
Directory Partitions
DC=WideWorldImporters,DC=com
CN=Configuration,DC=WideWorldImporters,DC=com
CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com
DC=DomainDnsZones,DC=WideWorldImporters,DC=com
DC=ForestDnsZones,DC=WideWorldImporters,DC=com
Active Directory Integration
Directory Partitions
DC=WideWorldImporters,DC=com
CN=Configuration,DC=WideWorldImporters,DC=com
CN=Schema,CD=ConfigurationDC=WideWorldImporters,DC=com
DC=DomainDnsZones,DC=WideWorldImporters,DC=com
DC=ForestDnsZones,DC=WideWorldImporters,DC=com
DC=Intranet,DC=WideWorldImporters,DC=com
Active Directory Integration
Forward Lookup Zones
Stores all Resource Records for Zone
Translates FQDN into IP Addresses
Required by AD to locate Services
Active Directory Integration
Reverse Lookup Zones
Stores all PTR records for Zone
Resolves IP Addresses to FQDN
Application Security
Active Directory Integration
Stub Zones
Stub Zone: research.contoso.com
Parent Zone:
contoso.com
SOA:
NS:
A:
NS:
A:
DNS01.contoso.com
research.contoso.com
DNS01.research.contoso.com
192.168.80.25
DNS02.research.contoso.com
192.168.80.25
Zone
Transfer
Child Zone: research.contoso.com
SOA:
NS:
A:
MX:
SRV:
SRV:
NS:
A:
research.contoso.com
DNS01.research.contoso.com
192.168.80.25
mail.research.contoso.com
_ldap._tcp.research.contoso.com
_kerberos._tcp.research.contoso.com
DNS02.research.contoso.com
192.168.80.25
DNS01.research.contoso.com
Active Directory Integration
Delegation of Authority
Divide Namespace into Additional Zones
Delegate DNS Management
Divide DNS Zones to Distribute Traffic
Extend the Namespace
Active Directory Integration
Delegation of Authority
Divide Namespace into Additional Zones
Delegate DNS Management
Divide DNS Zones to Distribute Traffic
Extend the Namespace
contoso.com
research
eur
asia
us
Active Directory Integration
Delegation of Authority
Divide Namespace into Additional Zones
Delegate DNS Management
Divide DNS Zones to Distribute Traffic
Extend the Namespace
contoso.com
research
eur
Delegation & Glue Records Added
research.contoso.com
NS
dns1.research.contoso.com
A
dns1.research.contso.com
registers SOA for the
delegated zone.
asia
us
dns1.research.contoso.com
NS 192.168.32.1
Agenda
DNS Features & Configuration
Active Directory Integration
Installing and Managing DNS
Installing and Managing DNS
Configure Your Server Wizard
Single Management Interface
Manage Server Roles
Integrated with Microsoft Help
Installing and Managing DNS
DNS Installation Wizard
Simplifies Configuration of Server Roles
Installs Only Required Components
Ensures Secure Configuration
Installing and Managing DNS
DNS Management Console
Microsoft Management Console Snap-in
Organizes DNS Hierarchy
Manage Multiple DNS Servers
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Alias (CNAME)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Alias (CNAME)
Mail Exchanger (MX)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Alias (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Alias (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Service Location (SRV)
Installing and Managing DNS
Other Resource Records Types
Mailbox Information (MINFO)
Next Domain (NXT)
Public Key (KEY)
Host Information (HINFO)
Well Known Services (WKS)
Integrated Services Digital Network (ISDN)
AFS Database (AFSDB)
Responsible Person (RP)
Signature (SIG)
Renamed Mailbox (MR)
Mailbox (MB)
ATM Address (ATMA)
Route Through (RT)
Mail Group (MG)
IPv6 Host (AAAA)
X.25 (X25)
Text (TXT)
Option (OPT)
Installing and Managing DNS
Registering Service Locator Records
NETLOGON.dns lists SRV records
Installing and Managing DNS
Registering Service Locator Records
NETLOGON.dns lists SRV records
SRV Records registered at Startup
LDAP
Kerberos
Kerberos Password
Global Catalog
LON-DC-01.WideWorldImporters.com
LON-DNS-01.WideWorldImporters.com
Installing and Managing DNS
Locating Active Directory Resources
Where is the
closest
network
printer?
NY-DC-01 &
LON-DC-01
are Global
Catalogs
Query: Global Catalog
Response: Both GCs
TIL-DNS-01
Tilbury Site
Site Link
Cost 50
Site Link
Cost 25
Search GC
for Printer
NY-DC-01
New York Site
LON-DC-01
London Site
Site Link
Cost 25
Installing and Managing DNS
Dynamic Updates
Dynamically Update Resource Records
Defined by RFC 2136
Client01.contoso.com = 192.168.80.22
Pre-Windows 2000
DNS Server
Installing and Managing DNS
Dynamic Updates
Dynamically Update Resource Records
Defined by RFC 2136
IP Lease Request
DHCP Server
IP Lease Reply
Pre-Windows 2000
DNS Server
Installing and Managing DNS
Dynamic Updates
Dynamically Update Resource Records
Defined by RFC 2136
DHCP Server
Pre-Windows 2000
DNS Dynamic update of
Host (A) name and Pointer
(PTR) name.
DNS Server
Installing and Managing DNS
Dynamic Updates
Dynamically Update Resource Records
Defined by RFC 2136
IP Lease Request
DHCP Server
IP Lease Reply
Window 2000, XP, 2003
DNS Server
Installing and Managing DNS
Dynamic Updates
Dynamically Update Resource Records
Defined by RFC 2136
IP Lease Request
DHCP Server
DNS Dynamic update of
Pointer (PTR) name.
IP Lease Reply
DNS Dynamic update of
Host (A) name.
Window 2000, XP, 2003
DNS Server
Installing and Managing DNS
Aging and Scavenging
Removes Stale Resource Records
Dynamic Updates Not Always Removed
Issues Caused by Stale Records
Increased Zone Size
Inaccurate DNS Responses
Degraded Performance
Naming Conflicts
Installing and Managing DNS
Debug Logging
Advanced Logging – Beyond Event Log
Direction of Packets
Contents of Packets
Transport Protocol
Type of Packet
Filtering based on IP Address
Extremely Resource Intensive
Installing and Managing DNS
DNS Tools
DNS Management Console
Command-line Utilities
Nslookup
DNScmd
Ipconfig
Event Monitoring Utilities
Performance Monitoring Utilities
Windows Management Instrumentation
Platform Software Developer Kit