Overview
Introducing DNS
DNS (Domain Name System) is a hierarchical and decentralized naming system used to translate
human-readable domain names (such as www.example.com) into machine-readable IP addresses (such as 192.0.2.1).
Essentially, DNS allows users to access websites and other resources on the internet by typing in easy-to-remember
domain names instead of numeric IP addresses.
In other words, DNS acts like the "phonebook" of the internet, converting a domain name (like www.google.com)
into an IP address (like 172.217.11.46), enabling browsers and other internet services to locate and connect to
the relevant servers.
Design Decisions for a DNS Solution
Number of Locations?
Number of Hosts at Each Location?
Existing DNS Servers?
Active Directory Infrastructure?
Microsoft DNS Features
Resolving Domain Names
Integrating with Active Directory
Integrating into Existing Network Designs
Integrating DNS with Other Windows Server Services
Designing a Functional DNS Solution
Selecting the Appropriate Zone Types
Chosen When Integrating into Existing Active Directory
Single Point of Support for DNS and Active Directory
Chosen for Integration into Existing Infrastructure
Separate Support for DNS and Active Directory
Chosen When Root Server is Traditional DNS
Supports Active Directory Integrated Zones As a Delegated Domain
Server Placement by Zone Type
| Zone Type
|
Requirement |
Improvement Procedure
|
Recommendation |
| Active Directory integrated zone
|
Requires one Active Directory integrated zone
|
Add DNS servers for availability and performance
|
Recommend one DNS server at each remote location
|
Traditional DNS zone
|
Requires one primary zone
|
Add secondary or delegated zones for availability and performance
|
Recommend one DNS server at each remote �location
|
Reverse Lookup Zone Design
Reverse Lookup Zone Types
Dynamic Updates and Reverse Lookup Zones
Connecting DNS to the Internet
Forwarding DNS Queries to Internet-based DNS Servers
Responding to DNS Queries from the Internet
Integrating with BIND and DNS Servers in Windows Server
Dynamic DNS Zone Updates
Unicode Characters
Non-RFC Compliant Records
SRV Record Types
WINS and WINS-R Record Types
Integrating DNS and WINS
Designate a Subdomain for WINS Resolution
Delegate Unresolved DNS Queries to a Subdomain
Specify WINS Server in Zone Configuration
Strategies for Integrating into the Existing Namespace
Separate Public and Private Namespace
Single Subdomain Within Namespace
Multiple Subdomains Within Namespace
No Changes to Namespace
Securing DNS
Securing Dynamically Updated DNS Zones
Active Directory Integrated Zone Required
Permissions Assigned in the Active Directory
Dynamic DNS Updates from DHCP
Dynamic DNS Updates from Windows
Securing DNS Zone Replication
Encryption Using IPSec or VPN Tunnels
Encryption and Authentication Using Active Directory
Integrating DNS into Screened Subnets
Zones Contain Records for Public Resources
Configure Firewalls to Permit Appropriate DNS Traffic
Place Only Secondary Zones
Encrypt Replication Traffic with IPSec or VPN Tunnels
Enhancing a DNS Design for Availability
Enhancing DNS Availability with Replicated DNS Zones
| For this zone type
|
You can improve availability by
|
| Active Directory integrated zone
|
Performing incremental replication between DNS servers.
Adjusting the Active Directory replication schedule.
|
| Traditional DNS zone
|
Replicating between primary and secondary zones.
Performing an incremental zone transfer instead of a complete zone transfer.
|
Enhancing DNS Availability with Server Clusters
Store DNS Zone Files on Cluster Drive
Restore Failed Servers Faster
Do Not Provide Immediate Failover
Optimizing a DNS Design for Performance
Reducing Query Resolution Time
Caching-only Servers
Delegated Zones
Load Balancing Using Multiple DNS Servers
Reducing the Impact of Replication on Network Traffic
Use Fast Zone Transfers to Compress Replication Data
Modify the Replication Schedule
Perform Incremental Zone Updates