Академический Документы
Профессиональный Документы
Культура Документы
(DNS)
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
Microsoft® Windows® Server 2003 Domain Name System (DNS) provides efficient
name resolution and interoperability with standards-based technologies. Deploying DNS
in your client/server infrastructure enables resources on a TCP/IP network to locate other
resources on the network by using host name-to-IP address resolution and IP address-to-
host name resolution. The Active Directory® directory service requires DNS for locating
network resources.
In This Chapter
Overview of DNS Deployment
Related Information
• For more information about DNS, the Windows Server 2003 DNS Server service,
and Windows Server 2003 DNS Client service, see the Networking Collection of
the Windows Server 2003 Technical Reference (or see the Networking Collection
on the Web at http://www.microsoft.com/reskit).
Overview of DNS Deployment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
DNS is the primary method for name resolution in the Microsoft® Windows®
Server 2003, Standard Edition; Windows® Server 2003, Enterprise Edition; and
Windows® Server 2003, Datacenter Edition operating systems (collectively referred to as
"Windows Server 2003" in this chapter). DNS is also a requirement for deploying Active
Directory, but Active Directory is not a requirement for deploying DNS. However,
integrating DNS with Active Directory enables DNS servers to take advantage of the
security, performance, and fault tolerance capabilities of Active Directory.
If you are planning to deploy DNS to support Active Directory, plan your DNS
namespace in conjunction with planning your Active Directory logical structure. For
more information about designing the Active Directory logical structure, see "Designing
the Active Directory Logical Structure" in Designing and Deploying Directory and
Security Services of this kit.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
Before you deploy Windows Server 2003 DNS, you must assess your current
environment to determine the DNS needs and constraints of your organization. After that,
create a Windows Server 2003 DNS deployment plan to match those needs and
constraints. Figure 3.2 shows the process for examining your current environment.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
Before you deploy a DNS infrastructure, the DNS designer in your organization must
design a DNS namespace. You can design an external namespace that is visible to
Internet users and computers, or you can design an internal namespace that is accessible
only to users and computers that are within the internal network. After your DNS
namespace has been deployed, DNS administrators are responsible for managing and
maintaining the DNS namespace. Figure 3.3 shows the process for designing a DNS
namespace.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
DNS servers store information about the DNS namespace and use the information to
answer queries from DNS clients. The size of the DNS zone data, how many DNS clients
you have, and where these clients are physically located all impact your DNS server
topology.
The DNS designer in your organization designs DNS servers that enable you to create an
effective DNS data distribution and update topology while minimizing query and zone
transfer network traffic. The DNS administrators in your organization manage and
maintain your DNS servers. Figure 3.6 shows the process for designing DNS servers.
Figure 3.6 Designing a DNS Server Infrastructure
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
Each zone type that is available in Windows Server 2003 DNS has a specific purpose.
The DNS designer in your organization selects the type of zones to deploy based on the
practical purpose of each zone. The DNS administrators in your organization manage and
maintain your DNS zones. Figure 3.8 shows the process for designing DNS zones.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
When you configure DNS clients, you must specify a list of DNS servers for clients to
use when resolving DNS names. You can also specify a DNS suffix search list to be used
by the clients when performing DNS query searches for short, unqualified domain names.
Figure 3.9 shows the process for configuring and managing DNS clients.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
Because DNS was designed to be an open protocol, DNS data can be vulnerable to
security attacks. Windows Server 2003 DNS provides improved security features to
decrease this security issue. The DNS designer in your organization is responsible for
creating a secure DNS infrastructure. The DNS administrators in your organization are
responsible for maintaining network security by anticipating and mitigating new security
threats.
Figure 3.10 shows the process for securing your DNS infrastructure.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
When you deploy Windows Server 2003 DNS, it is important to integrate the DNS
service with other Windows Server 2003 services, such as DHCP and WINS. DNS
administrators are responsible for integrating DNS with WINS and DHCP. Figure 3.11
shows the process for integrating Windows Server 2003 DNS with other Windows
Server 2003 services.
Figure 3.11 Integrating DNS with Other Windows Server 2003 Services
mplementing Windows Server 2003 DNS
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
After you have tested your configuration in a pilot lab, you can implement your changes
in your production environment. Figure 3.12 shows the process for implementing
Windows Server 2003 DNS.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003
with SP1, Windows Server 2003 with SP2
These resources contain additional information and tools related to this chapter.
Related Information
• "Designing a Resource Authorization Strategy" in Designing and Deploying
Directory and Security Services of this kit for information about establishing
security policies.
• "Deploying ISA Server" in this book for more information about perimeter
networks.
• The Networking Collection of the Windows Server 2003 Technical Reference (or
see the Networking Collection on the Web at http://www.microsoft.com/reskit)
for more information about the DNS Server service and DNS troubleshooting.
• DNS and BIND, 4th ed., by Paul Albitz and Cricket Liu, 2001, Sebastopol, CA:
O’Reilly & Associates for more information about DNS.
• Windows 2000 TCP/IP Protocols and Services, by Thomas Lee and Joseph
Davies, 2000, Redmond, Washington: Microsoft Press for more information about
the DNS wire protocol.
• The Internet Engineering Task Force (IETF) link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources for more information
about Request for Comments (RFC) documents and IETF Internet-Drafts.
Related Tools
For information about installing and using the Windows Server 2003 Support Tools and
Support Tools Help, see the file Sreadme.doc in the \Support\Tools folder of the
Windows Server 2003 operating system CD.
• Dnscmd.exe
You can use the Dnscmd.exe command-line tool to perform most of the tasks that
you can perform from the DNS MMC snap-in.
• DNSLint
DNSLint is a command-line tool that you can use to address some common DNS
name resolution issues, such as lame delegation, DNS record verification, and
verifying DNS records that are used for Active Directory replication.
• Netdiag.exe
• Nslookup.exe
You can use the Nslookup.exe command-line tool to submit DNS queries and
display the results of the queries.
• "Migrating servers" in Help and Support Center for Windows Server 2003 for
information about upgrading your existing DNS servers or migrating third-party
DNS servers.
• "Monitor Servers" in Help and Support Center for Windows Server 2003 for more
information about testing DNS server performance.
• "Initiate a zone transfer at a secondary server" in Help and Support Center for
Windows Server 2003 for more information about using zone transfer.
• "Dynamic update" in Help and Support Center for Windows Server 2003 for
information about how to configure dynamic updates.
• "Allow only secure dynamic updates" in Help and Support Center for Windows
Server 2003 for information about how to allow only secure dynamic updates.
• "Configuring DNS client settings" in Help and Support Center for Windows
Server 2003 for more information about how to install and configure DNS clients.