Inside Windows Server 1002003 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Inside Windows Server 1002003 [Electronic resources] - نسخه متنی

Addison Wesley

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Table of Contents
Index
Inside Windows® Server 2003
By William Boswell
></a></td> </tr> <tr align=left> <td width=Publisher : Addison Wesley
Date Published : April 11, 2003
ISBN : 0-7357-1158-5
Pages : 1376

Inside Windows .NET Server contains comprehensive information on deploying, managing, and troubleshooting systems using both Windows .NET and its predecessor. Readers get the in-depth, practical knowledge they need to master the hundreds of complex and often frustrating features found in Windows .NET Server. Inside Windows .NET Server is structured around a production deployment of Windows .NET in a global enterprise. Each chapter contains a lively feature description followed by extensively illustrated procedures for setting up and managing each service. All along the way, Boswell includes proven advice for improving stability, performance, and security. Readers of Boswell''s

Inside Windows 2000 Server declared it to be the best resource on the market.

Inside Windows .NET Server improves coverage of existing features while expanding the scope to include the new features and improvements that make Windows .NET a must-have upgrade.

توضیحات
افزودن یادداشت جدید









Installing and Configuring DNS Servers


If you have existing NT4 or Windows 2000 DNS servers, you can upgrade them to Windows Server 2003 and preserve your existing server configuration and zone files. If you decide to upgrade, start with the primary DNS server, then upgrade the secondary servers.

Here's a quick checklist to use as a roadmap for your DNS deployment:


  • Lay out your DNS domain namespace so you know which zones you need. DNS names affect nearly every aspect of your system, so spend sufficient time with this step so that everyone agrees on the naming conventions.


  • Decide how you will integrate Windows DNS into your existing DNS infrastructure. If you use WINS, you also need to decide if you will use WINS forwarding.


  • Decide how you will resolve Internet addresses. This can be with root hints by using a forwarder, or a combination of both.


  • Decide how you will provide name services for public zones. You can get DNS services from your ISP, place a DNS server in your DMZ, or open a conduit in your firewall for DNS query traffic.


  • Decide if you need to support name resolution behind the firewall for outside DNS domains. This includes extranets and network connections from subsidiaries, affiliates, or other trusted organizations. You can use conditional forwarding or stub zones to resolve addresses for these connections.


  • Define the locations where you will need DNS servers. Remember that you want to maximize availability and minimize WAN traffic.


  • Decide whether you will use standard DNS primary and secondary servers or Active Directory Integrated zones. If you use Active Directory Integrated zones, you must place domain controllers in strategic locations to support name resolution as well as LDAP and Kerberos lookups.


  • Decide if you will support dynamic resource record updates. If so, consider integrating your zones into Active Directory so you can take advantage of secure updates.


  • Decide how you will configure your DNS servers for special features such as round-robin, netmask prioritization, and name checking.



After you've made your design assessments, use the step-by-step instructions in this section for configuring your servers.

Installing the DNS Service


When you're ready to install the DNS service on Windows Server 2003, follow Procedure 5.7. You'll need the Windows Server 2003 CD-ROM.

Procedure 5.7 Installing DNS Drivers


  1. From Control Panel, open the Add/Remove Programs applet.

  2. Click Add/Remove Windows Components. The Windows Components Wizard starts with the focus set to the Windows Components window.

  3. Highlight Networking Services and click Details. The Networking Services window opens.

  4. Select Domain Name System (DNS) and click OK to save the change and return to the Windows Components window.

  5. Click Next. The Configuring Components window opens and the drivers begin loading. When the drivers have loaded and the configuration is complete, the wizard displays a successful completion window.

  6. Click Finish to close the window and return to the Add/Remove Programs window.

  7. Close the Add/Remove Programs window.


At this point, you can begin configuring your zones. There is no need to restart.

Creating a Forward Lookup Zone


The first forward lookup zone you create should be for the root of your DNS namespace. In the Company public namespace used in these examples, the first zone would be for the company.com DNS domain. Follow the steps in Procedure 5.8.


DNS Boot Information


The DNS service starts automatically at boot time. You can start and stop the service using the DNS console or from the command line using net stop dns and net start dns.

If the DNS service is configured as a standard primary or secondary, it initializes the zone based on Registry entries located at HKLM | Software| Microsoft| Windows NT | CurrentVersion | DNS Server | Zones. This is a change from Windows 2000, where the zone information was stored as part of the DNS service key.

Each zone has a separate key with values that define the name of the database file, whether it allows dynamic updates, and whether updates must be from secure clients.

Procedure 5.8 Creating a Forward Lookup Zone


  1. From the S

    TART menu, select S

    TART | P

    ROGRAMS | A

    DMINISTRATIVE T

    OOLS | DNS. The DNS console opens. The DNS tree shows the local server and two empty branches for forward and reverse lookup zones.

  2. Right-click the Forward Lookup Zone icon and select N

    EW Z

    ONE from the flyout menu. This starts the New Zone Wizard.

  3. Click Next. The Zone Type window opens (see Figure 5.11). Leave the default selection at Primary Zone. If you want to create a standard primary zone, uncheck the Store The Zone In Active Directory option.

    Figure 5.11. New Zone WizardZone Type window showing default selection of Primary Zone.

  4. Click Next. The Zone Name window opens. Enter the name of the zone.

  5. Click Next. The Zone File window opens. The zone filename should match the zone name with a .DNS extension. If you have an existing zone file, you can import it at this point with the Use This Existing File option.

  6. Click Next. The Dynamic Update window opens. Select your update option. The Allow Only Secure Dynamic Updates option will only be available for Active Directory Integrated zones.

  7. Click Next. The wizard displays a completion window.

  8. Click Finish to complete the configuration and close the window. The new zone appears as a folder under the Forward Lookup Zones icon in the left pane of the window. When that zone icon is highlighted, the associated resource records are displayed in the right pane (see Figure 5.12).

    Figure 5.12. DNS console showing new forward lookup zone.


Creating a Reverse Lookup Zone


The forward lookup zone handles standard queries such as A record and SRV record requests. The reverse lookup zone will handle those few queries where the client knows the IP address and wants a host name. You can get by without creating reverse lookup zones, but they come in very handy for troubleshooting (and I highly recommend installing them). To create a reverse lookup zone, follow Procedure 5.9.

Procedure 5.9 Creating a Reverse Lookup Zone


  1. Right-click the Reverse Lookup Zone icon and select N

    EW Z

    ONE from the flyout menu. This starts the New Zone Wizard.

  2. Click Next. The Zone Type window opens. Leave the default selection at Primary Zone. If you want to create a standard primary zone, uncheck the Store The Zone In Active Directory option.

  3. Click Next. The Reverse Lookup Zone window opens (see Figure 5.13). Under Network ID, enter the network portion of the subnet the zone will service. The examples in this book use the 10.x networks with a 16-bit subnet mask, so the entry shows 10.1 with the last two octets empty. Each unique number in the second octet requires a separate reverse lookup zone.

    Figure 5.13. New Zone WizardReverse Lookup Zone window.

  4. Click Next. The Zone File window opens. Leave the default setting. The zone filename should match the zone name with a .DNS extension. If you have an existing zone file, you can import it at this point with the Use This Existing File option.

  5. Click Next. The Dynamic Update window opens. Select your update option. The Allow Only Secure Dynamic Updates option will only be available for Active Directory Integrated zones.

  6. Click Next. The wizard displays a completion window.

  7. Click Finish to close the window and return to the DNS console.


After the reverse lookup zones are in place, create a few test host records to make sure the associated PTR records are created successfully. Then, test the zone from a client by pinging the test records and the DNS server.

Configuring Hierarchical Zones


After you have installed your first DNS server and created the first zone, you can configure additional zones to build a hierarchical DNS namespace. For example, you could start with a company.com zone and then configure separate zones for each continent, such as na.company.com and eu.company.com and so forth.

If you use separate zones, you need to configure the name servers to resolve queries between the zones. Plan your configuration around these two situations:


  • Queries from DNS clients in a child zone for records in its parent zone. This requires configuring the root hints file.


  • Queries from DNS clients in a parent zone for records in a child zone. This requires configuring delegation.



Configuring Root Hints

Queries from DNS clients in a child zone for records in its parent zone are resolved by configuring root hints on the DNS server in the child zone to include an authoritative server or servers in the parent zone.

Start by installing DNS on two servers and creating the zones. The objective of the following steps is to make it possible for a user in the child domain to resolve an address in the parent domain by querying only the DNS server in the child domain. Follow Procedure 5.10.

Procedure 5.10 Configuring Root Hints


  1. Open the DNS console.

  2. Right-click the DNS server icon and select P

    ROPERTIES from the flyout menu. The Properties window opens.

  3. Select the Root Hints tab.

  4. Click Add. The Create New Record window opens.

  5. Enter the fully qualified DNS name of the root server, with or without the trailing dot, under Server Name.

  6. Enter the IP address of the server under Server IP Addresses and then click Add to put it on the list. If the server has multiple IP addresses, you can add each of them to the list. If you prefer that the queries use one of the addresses preferentially, use the Up and Down buttons to adjust the search list.

  7. Click OK to retain the changes and return to the Properties window. Make sure that the root server is at the top of the list.

  8. Click OK to save the changes and close the window.

  9. Test the configuration by pinging a host in the parent domain from a client in the child domain. The ping may take a while, but eventually it will succeed.


Configuring Delegation

The preceding section showed how to get a successful query for a host in a domain higher in the DNS namespace. Getting a successful query for a host lower in the namespace takes a bit more work. Assume, for example, that you are in the company.com DNS domain and you want to ping a server called srv1 in the branch1.company.com DNS domain.

For ping to succeed, the DNS server in the company.com domain must find an A record for the server. But the company.com DNS server only has a copy of the company.com zone file. It must obtain the resource record from a name server in the branch1.company.com domain. This is called

delegation .


Updating Root Hints


TheStub Zones," earlier in this chapter, the simplest way to delegate with a Windows Server 2003 running DNS is to configure a stub zone on the DNS server in the parent zone to point at one or more name servers in the child zone. The stub zone replicates the SOA, NS, and glue records from the child zone automatically. This requires zone transfer authorization in the child zone, and if you lack this authorization, you must use standard delegation as described in this section.

DNS servers, like military brass, always delegate down, not up. Therefore, when configuring delegation in your DNS namespace, start at the root and work your way down as shown in Procedure 5.11.

Procedure 5.11 Configuring Delegations


  1. Open the DNS console.

  2. Right-click the zone name and select N

    EW D

    ELEGATION from the flyout menu. This starts the New Delegation Wizard.

  3. Click Next. The Delegated Domain Name window opens.

  4. Enter the flat name of the child domain under Delegated Domain. The fully qualified name is built automatically.

  5. Click Next. The Name Servers window opens.

  6. Click Add. The New Resource Record window opens.

  7. Under Server Name, enter the fully qualified name of an authoritative server for the child zone. See the sidebar, "Lame Delegations," for the reason it is so important to select an authoritative server.

  8. Under IP Address, enter the IP address of the name server in the child domain, and then click Add to put it on the list.

  9. Click OK to retain the changes and return to the Name Servers window. The server appears on the Server Name list.

  10. Click Next. The wizard displays a completion window.

  11. Click Finish to save the changes and close the wizard.



Lame Delegations


A

/ 245