Analyzing DNS for Active Directory Service Implementation

Because Active Directory relies on DNS, DNS is an important consideration when planning an Active Directory implementation. Most organizations already have a DNS structure in place. When analyzing DNS for Active Directory, you need to determine how DNS is currently implemented within the environment as well as the current namespace. Both of these will have a major effect on the Active Directory design.

Analyzing the Current DNS Implementation

A successful DNS infrastructure design must meet both business and technical requirements. The business needs must be addressed first so that existing applications and systems are not affected by the addition of Windows Server 2003, Active Directory, and a new DNS.

When assessing the current DNS implementation, one of the things you must consider is whether there are existing DNS servers in place and how they will integrate with Windows Server 2003 DNS.

Windows Server 2003 DNS and BIND

BIND (Berkeley Internet Name Domain) is a Unix-based DNS service. It's not uncommon for many organizations to have BIND DNS servers on a Windows-based network. Because DNS plays such an important role, many organizations won't be willing to do away with their existing BIND servers for Windows Server 2003 DNS servers. In such cases, you need to be aware of how the two will interoperate.

graphics/tip_icon.gif

If you're upgrading from Windows 2000 to Windows Server 2003, there's a good chance that the existing implementation of DNS won't have to be modified.


Windows Server 2003 DNS is capable of interoperating with various versions of BIND. As you will see, the later versions of BIND support many of the features not found in earlier versions. So you must consider the BIND version to determine how it will integrate with Windows Server 2003 DNS.

In Windows Server 2003, as well as Windows 2000, the DNS service locator records (SRV records) are used to locate domain controllers that run specific services. SRV records must be supported by a BIND DNS to integrate with Windows Server 2003 domain controllers. BIND version 4.9.7 and above supports SRV records.

graphics/note_icon.gif

Although not required, it is recommended that any DNS you use support dynamic updates. Dynamic updates allow a DNS client to update its own host records with a DNS server. This is particularly useful when adding new domain controllers because several SRV records must be created. Dynamic updates eliminate the need to manually add these records to a DNS zone file. BIND version 8.2.2 and above supports dynamic updates.


Other DNS Servers

Microsoft Windows NT 4.0 DNS supports SRV records if Service Pack 4 has been applied. Windows NT 4.0 DNS does not support dynamic updates, so the Active Directory SRV records must be manually updated every time a domain controller, global catalog server, or site is added or deleted. Windows 2000 DNS servers support both SRV records and dynamic updates, and are therefore capable of functioning within a Windows Server 2003 environment. So, when analyzing the current DNS implementation, keep the following points in mind:

  • Windows Server 2003 domain controllers must use a DNS server with SRV record support.

  • Dynamic updates are strongly recommended because changes in the domain controllers or Active Directory might require updates to SRV record information.

graphics/note_icon.gif

Note that only a standard primary DNS server needs to support dynamic update. Secondary DNS servers pull updates from the primary server and therefore do not need dynamic update capability.


Analyzing the Current Namespace

During your analysis of the current DNS implementation, you must also consider the current namespace. If you're upgrading from Windows 2000, the existing namespace might be sufficient. In any case, you still must determine how the current namespace has been implemented. Use the following questions as a guideline when analyzing the current namespace:

  • Does the organization have an Internet presence? Does the organization have multiple names registered on the Internet? If the company uses multiple Internet names, does it plan to continue to do so?

  • Does the external DNS namespace need to be separate from the internal namespace? In many cases, security considerations might require an internal name that is different from the external Internet name recognized by the public.

  • If an organization currently uses Windows 2000 Active Directory, how is DNS currently implemented? Will the new design affect the existing DNS structure?

Evaluation of the answers to these questions helps you develop a sound naming strategy. That naming strategy must then be translated into an approach for implementing a new DNS infrastructure, enhancing existing DNS services, or interoperating with non-Microsoft DNS servers.



MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2
MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2 (Exam Cram 70-297)
ISBN: 0789730154
EAN: 2147483647
Year: 2003
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net