Dns On Windows Server 1002003 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Dns On Windows Server 1002003 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Main Page

Table of content

Copyright

Preface

Versions

What''s New in This Edition

Organization

Audience

Obtaining the Example Programs

Viewing Microsoft Knowledge Base Articles

Conventions Used in This Book

Using Code Examples

How to Contact Us

Quotations

Acknowledgments

Chapter 1. Background

1.1 A (Very) Brief History of the Internet

1.2 On the Internet and Internets

1.3 The Domain Name System in a Nutshell

1.4 The History of the Microsoft DNS Server

1.5 Must I Use DNS?

Chapter 2. How Does DNS Work?

2.1 The Domain Namespace

2.2 The Internet Domain Namespace

2.3 Delegation

2.4 Name Servers and Zones

2.5 Resolvers

2.6 Resolution

2.7 Caching

Chapter 3. Where Do I Start?

3.1 Which Name Server?

3.2 Choosing a Domain Name

Chapter 4. Setting Up the Microsoft DNS Server

4.1 Our Zone

4.2 Installing the Microsoft DNS Server

4.3 The DNS Console

4.4 Setting Up DNS Data

4.5 Running a Primary Master Name Server

4.6 Running a Secondary Name Server

4.7 Adding More Zones

4.8 DNS Properties

4.9 What Next?

Chapter 5. DNS and Electronic Mail

5.1 MX Records

5.2 Adding MX Records with the DNS Console

5.3 What''s a Mail Exchanger, Again?

5.4 The MX Algorithm

5.5 DNS and Exchange

Chapter 6. Configuring Hosts

6.1 The Resolver

6.2 Resolver Configuration

6.3 Advanced Resolver Features

6.4 Other Windows Resolvers

6.5 Sample Resolver Configurations

Chapter 7. Maintaining the Microsoft DNS Server

7.1 What About Signals?

7.2 Logging

7.3 Updating Zone Data

7.4 Zone Datafile Controls

7.5 Aging and Scavenging

Chapter 8. Integrating with Active Directory

8.1 Active Directory Domains

8.2 Storing Zones in Active Directory

8.3 DNS as a Service Location Broker

Chapter 9. Growing Your Domain

9.1 How Many Name Servers?

9.2 Adding More Name Servers

9.3 Registering Name Servers

9.4 Changing TTLs

9.5 Planning for Disasters

9.6 Coping with Disaster

Chapter 10. Parenting

10.1 When to Become a Parent

10.2 How Many Children?

10.3 What to Name Your Children

10.4 How to Become a Parent: Creating Subdomains

10.5 Subdomains of in-addr.arpa Domains

10.6 Good Parenting

10.7 Managing the Transition to Subdomains

10.8 The Life of a Parent

Chapter 11. Advanced Features and Security

11.1 New Ways to Make Changes

11.2 WINS Linkage

11.3 Building Up a Large, Sitewide Cache with Forwarders

11.4 Load Sharing Between Mirrored Servers

11.5 The ABCs of IPv6 Addressing

11.6 Securing Your Name Server

Chapter 12. nslookup and dig

12.1 Is nslookup a Good Tool?

12.2 Interactive Versus Noninteractive

12.3 Option Settings

12.4 Avoiding the Search List

12.5 Common Tasks

12.6 Less Common Tasks

12.7 Troubleshooting nslookup Problems

12.8 Best of the Net

12.9 Using dig

Chapter 13. Managing DNS from the Command Line

13.1 Installing the DNS Server

13.2 Stopping and Starting the DNS Server Service

13.3 Managing the DNS Server Configuration

13.4 An Installation and Configuration Batch Script

13.5 Other Command-Line Utilities

Chapter 14. Managing DNS Programmatically

14.1 WMI and the DNS Provider

14.2 WMI Scripting with VBScript and Perl

14.3 Server Classes

14.4 Zone Classes

14.5 Resource Record Classes

Chapter 15. Troubleshooting DNS

15.1 Is DNS Really Your Problem?

15.2 Checking the Cache

15.3 Using DNSLint

15.4 Potential Problem List

15.5 Interoperability Problems

15.6 Problem Symptoms

Chapter 16. Miscellaneous

16.1 Using CNAME Records

16.2 Wildcards

16.3 A Limitation of MX Records

16.4 DNS and Internet Firewalls

16.5 Dial-up Connections

Appendix A. DNS Message Format and Resource Records

A.1 Master File Format

A.2 DNS Messages

A.3 Resource Record Data

Appendix B. Converting from BIND to the Microsoft DNS Server

B.1 Step 1: Change the DNS Server Startup Method to File

B.2 Step 2: Stop the Microsoft DNS Server

B.3 Step 3: Change the Zone Datafile Naming Convention

B.4 Step 4: Copy the Files

B.5 Step 5: Get a New Root Name Server Cache File

B.6 Step 6: Restart the DNS Server

B.7 Step 7: Change the DNS Server Startup Method to Registry

Appendix C. Top-Level Domains

Colophon

Index

Index SYMBOL

Index A

Index B

Index C

Index D

Index E

Index F

Index G

Index H

Index I

Index J

Index K

Index L

Index M

Index N

Index O

Index P

Index Q

Index R

Index S

Index T

Index U

Index V

Index W

Index Z
توضیحات
افزودن یادداشت جدید












8.2 Storing Zones in Active Directory




One of Microsoft''s innovative
uses of Active Directory is for storing
(and replicating) DNS zone data. A traditional name server stores
copies of the zones it supports in files on a local disk. In this
model, you have a primary master name server that replicates the zone
data to secondary name servers. A secondary can process updates to a
zone from its master name server in two different ways. The original
method supported by DNS is zone transfer, which allows secondary name
servers to request a full copy of a zone. A newer method, which is an
improvement on the zone transfer process, is incremental zone
transfer. With incremental zone transfer, a secondary name server can
request just the updates to the zone that occurred since its last
transfer.


Active Directory provides another method for replicating zone
content, albeit only for name servers running on domain controllers.
You can make a zone AD-integrated, which means
that instead of storing zone content in text files, it is stored in
the Active Directory database. This makes a lot of sense because you
take advantage of Active Directory''s multimaster
replication scheme, which means that any domain controller that is
also a primary name server for the AD-integrated zone can update it
directly, like a primary name server. With AD-integrated zones,
replication is handled automatically, so you don''t
need to develop your own zone transfer replication topology.


One other note about Active Directory-integrated zones: strictly
speaking, you don''t have to make every domain
controller into a name server for a zone that''s
AD-integrated within that domain. Since all authoritative servers can
be configured to allow zone transfers, a server that loads a zone
from Active Directory happily responds to allowed zone transfer
requests. So you could conceivably make only a
zone''s primary master name server AD-integrated and
have the secondaries continue to load from the primary, provided
those secondaries are not domain controllers of the domain. However,
this defeats one of the purposes of Active Directory
integrationletting Active Directory handle zone replication.
The other huge advantage of Active Directory integration is secure
dynamic updates, which we''ll cover in detail
shortly.



8.2.1 The Impact on Replication




While AD-integrated zones
have many advantages, the one potential
drawback is how zone data gets replicated in Active Directory. Under
Windows 2000, AD-integrated zones are stored in the System container
in a domain. That means that every domain controller in that domain
replicates that zone data regardless of whether the domain controller
is a name server or not. For domain controllers that are not name
servers, there is no benefit to replicating the data, which results
in needless replication traffic. This can be a serious issue for
those that have large zones with many domain controllers that are not
name servers. Fortunately, a new feature in Windows Server 2003
called application partitions provides a better alternative.


Another issue with Windows 2000 AD-integrated zones is that domain
controllers in subdomains could not replicate the forest root zone
resource records through AD replication. You would have to configure
the subdomain domain controller as a secondary and enable zone
transfer. The requirement to replicate forest root records is common
in branch office deployments where a certain amount of autonomy is
needed due to potential network outages. Application partitions also
help with this requirement.



8.2.2 Using Application Partitions




Active Directory
segregates
data


into
one of three partitions: schema,
configuration, or domain. Partitions are used to organize and
replicate data with a similar scope (i.e., forestwide or domainwide)
among domain controllers. Conceptually, partitions are similar to
zones. Zones are also used to segregate and replicate data (using
zone transfer) among name servers.


In Windows Server 2003, Microsoft added a new type of partition
called an application partition. Whereas the
default partitions have a predefined replication scope, application
partitions can be configured to replicate with any domain controller
in a forest. Domain controllers that are configured to contain
replicas of an application partition become the only servers that
replicate the data contained within the partition. Application
partitions are not limited by domain boundaries. You can configure
domain controllers in completely different domains to replicate an
application partition. For these reasons, application partitions make
a lot of sense for storing AD-integrated zones. You no longer have to
store zone data within the domain partition and replicate it to every
domain controller in the domain, even if only a few are name servers.
With application partitions, you can configure Active Directory to
replicate DNS data only between the domain controllers running the
DNS server in any domain of the forest. To help facilitate the
transition from domain-based storage of zones to application
partitions, Microsoft provides a couple of default DNS application
partitions: one default DNS application partition for each domain in
a forest and one for the forest itself. During the installation of a
new Windows Server 2003 Active Directory forest, these partitions are
created automatically and AD-integrated zones are stored there. If
you upgrade from Windows 2000, the default DNS application partitions
are still created automatically, but existing AD-integrated zones are
not moved into them. You have to do that manually.


You are not required to use the default DNS application partitions.
You can create your own or continue to use the System container in
the domain partition, which is the only option under Windows 2000.
The storage options are summarized in Table 8-1.



Table 8-1. Storage options for AD-integrated zones


Location




Replication scope




cn=System,DomainDN


Example:cn=System,dc=movie,dc=edu




All domain controllers in the domain, regardless of whether they are
a name server. This is the only storage method available under
Windows 2000.




dc=DomainDnsZones,DomainDN


Example:dc=DomainDnsZones,dc=fx, dc=movie,dc=edu




Domain controllers in the domain that are name servers.




dc=ForestDnsZones,ForestDN


Example:dc=ForestDnsZones,dc=movie,dc=edu




Domain controllers in the forest that are name servers.




AppPartitionDN


Example:dc=DnsData,dc=movie,dc=edu




Domain controllers that have been configured to replicate the custom
application partition.



Application partitions are treated just like Active Directory domains
by DNS. Each application partition has a corresponding DNS domain,
which contains records that are used to locate domain controllers
that replicate the partition. For the movie.edu
forest root domain, the
ForestDnsZones and
DomainDnsZones default DNS application
partitions would translate into
domaindnszones.movie.edu and
forestdnszones.movie.edu DNS domains. For the
fx.movie.edu domain, there would be a
domaindnszones.fx.movie.edu DNS domain.



8.2.3 Securing Dynamic Updates




Another huge advantage

of storing zones in Active Directory
is that you can enable secure dynamic updates. For zones that are not
AD-integrated, you have two options for dynamic updates: allow anyone
to make dynamic updates or don''t allow dynamic
updates at all. Allowing anyone has obvious drawbacks. A malicious
client can easily hijack resource records in this mode.


However, when a zone is AD-integrated, you have the option to select
Secure only for the Dynamic Updates configuration, found on the
General tab for the zone properties
in the DNS console. Figure 8-2 shows this window
and the three dynamic update options.



Figure 8-2. Dynamic update
options



Microsoft uses access control lists (ACLs) on objects in Active
Directory to secure zone data and provide secure dynamic update
capability. A Security tab is
available in the DNS console for AD-integrated zones, which allows
you to configure whether a user, group, or computer can create and
delete objects (i.e., resource records). By default, authenticated
computers in a forest can create new records in a zone, and only the
client that created a record is allowed to modify it.



/ 163