Designing a DNS Server Infrastructure

Previous page
Table of content
Next page

DNS servers store information about the DNS namespace and use the information to answer queries from DNS clients. The size of the DNS zone data, how many DNS clients you have, and where these clients are physically located all impact your DNS server topology.

The DNS designer in your organization designs DNS servers that enable you to create an effective DNS data distribution and update topology while minimizing query and zone transfer network traffic. The DNS administrators in your organization manage and maintain your DNS servers. Figure 3.6 shows the process for designing DNS servers.

click to expand
Figure 3.6: Designing a DNS Server Infrastructure

Allocating Hardware Resources

A typical recommendation for DNS server hardware includes the following:

  • Single-processor computers with 400 megahertz (MHz) Pentium II CPUs.

  • 256 megabytes (MB) of RAM for each processor.

  • At least 4 gigabytes (GB) of available hard disk space.

  • A network adapter.

Using faster CPUs, more RAM, and larger hard drives improves the scalability and performance of your DNS servers. DNS servers use approximately 100 bytes of RAM for each resource record. Using this figure, you can calculate how much memory you need.

Determining the Number of Required DNS Servers

To reduce administrative overhead, use the minimum number of DNS servers required. Be sure to make at least two DNS servers authoritative for each zone to enable fault tolerance and load sharing.

Add additional DNS servers in order to:

  • Provide redundancy when your namespace design requires greater DNS availability.

  • Improve query response time when better DNS performance is required.

  • Reduce WAN traffic for remote locations.

Use the following guidelines to determine the number of DNS servers that you need to deploy:

  • If the ratio of DNS servers to clients is very low and you are experiencing significant name resolution delays, add additional DNS servers to host secondary or Active Directory-integrated zones. Use your anticipated number of queries and dynamic updates per second to determine the number of DNS servers that you need. The Windows Server 2003 DNS Server service is capable of responding to more than 10,000 queries per second on a Pentium III microprocessor running at 700 MHz.

    For information about capacity planning, see "Allocating Hardware Resources" earlier in this chapter.

  • If you delegate zones, add additional DNS servers to handle the delegated zones. Note that you do not need to delegate zones when you have multiple zones. You can host all zones on the same server or servers. One DNS server running Windows Server 2003 can host 20,000 small zones.

  • If you plan to host Active Directory-integrated zones, you must place these zones on Windows 2000-based or Windows Server 2003-based domain controller.

  • If high-volume traffic is a consideration in your environment, add additional DNS servers to balance the workload. Although DNS helps reduce broadcast traffic between local subnets, it does create some traffic between servers and clients, particularly in complex routed environments. In addition, although the DNS service supports incremental zone transfers (IXFRs) and clients and servers can cache recently used names, traffic considerations can still remain an issue, depending on available bandwidth. This is especially true when using short Dynamic Host Configuration Protocol (DHCP) leases, which require more frequent dynamic updates.

  • If you have a high number of client nodes on a single subnet, placing more than one DNS server on the subnet allows for backup and failover in the event that the primary DNS server stops responding.

If your DNS design includes primary and secondary zones and you run a large number of secondary servers for a zone, the primary DNS server can become overloaded when the secondary servers poll to ensure that their zone data is current. You can solve this problem in one of three ways:

  • Use some of the secondary DNS servers as primary servers for the zone. Other secondary servers can poll and request zone updates from these primary servers.

  • Increase the refresh interval so that the secondary servers poll less frequently. Note, however, that a longer refresh interval might cause your secondary zones to be outdated more often.

Determining DNS Server Placement

The placement of your DNS servers and the number of DNS servers that you deploy affects the availability of DNS. It is important to ensure that you plan the placement of your DNS servers to allow for DNS availability and Active Directory availability.

Placing DNS Servers for Availability

To ensure that DNS is always available, make sure that your DNS infrastructure does not include any single points of failure. To improve fault tolerance and load sharing have clients point to a primary and alternate DNS server. In a LAN configuration, place the pair of authoritative DNS servers on separate subnets. In a WAN configuration, place the pair of authoritative DNS servers on different networks, and then ensure that at least one DNS server is available for each network. This configuration removes routers as potential points of failure. Whenever possible, distribute your DNS servers across different geographic locations to enable communications to continue in the event of a natural disaster.

If you identify single points of failure in your network, determine whether they affect only DNS or all network services. If a router goes down and your clients cannot access any network services, then DNS failure is not an issue. If a router goes down and local DNS servers are unavailable but other network services are available, then your clients cannot access required network resources because they cannot look up DNS names.

If you have an Internet presence, DNS must be working properly for Internet clients to access your Web servers, send mail, and locate other services; therefore, it is recommended that you run a secondary DNS server offsite. If you have a business relationship with an organization on the Internet, either business partners or ISPs, they might agree to run a secondary server for you; however, ensure that the data on the organization's server is secured against Internet attackers.

To ensure that DNS is available if your offsite primary DNS servers are down, consider deploying a secondary DNS server offsite.

For more information about how to place DNS servers to maximize Active Directory availability, see "Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services of this kit.

Using Forwarding

If a DNS server does not have the data to resolve a query in its cache or in its zone data, it forwards the query to another DNS server, known as a forwarder. Forwarders are ordinary DNS servers and require no special configuration; a DNS server is called a forwarder because it is the recipient of a query forwarded by another DNS server.

Use forwarding for off-site or Internet traffic. For example, a branch office DNS server can forward all off-site traffic to a forwarder at the company headquarters, and an internal DNS server can forward all Internet traffic to a forwarder on the external network. To ensure fault tolerance, forward queries to more than one forwarder.

Forwarders can increase network security by minimizing the list of DNS servers that communicate across a firewall.

You can use conditional forwarding to more precisely control the name resolution process. Conditional forwarding enables you to designate specific forwarders for specific DNS names. You can use conditional forwarding to resolve the following:

  • Queries for names in off-site internal domains

  • Queries for names in other namespaces

Using Conditional Forwarding to Query for Names in Off-Site Internal Domains

In Windows Server 2003 DNS, non-root servers resolve names for which they are not authoritative, do not have a delegation, and do not have in their cache by doing one of the following:

  • Querying a root server.

  • Forwarding queries to a forwarder.

Both of these methods generate additional network traffic. For example, a non-root server in Site A is configured to forward queries to a forwarder in Site B, and it must resolve a name in a zone hosted by a server in Site C. Because the non-root server can forward queries only to Site B, it cannot directly query the server in Site C. Instead, it forwards the query to the forwarder in Site B, and the forwarder queries the server in Site C.

When you use conditional forwarding, you can configure your DNS servers to forward queries to different servers based on the domain name specified in the query. This eliminates steps in the forwarding chain and reduces network traffic. When conditional forwarding is applied, the server in Site A can forward queries to forwarders in Site B or Site C, as appropriate.

For example, the computers in the Seville site need to query computers in the Hong Kong site. Both sites use a common DNS root server, DNS3.corp.fabrikam.com, located in Seville.

Before the Contoso Corporation upgraded to Windows Server 2003, the server in Seville forwarded all queries that it could not resolve to its parent server, DNS1.corp.contoso.com, in Seattle. When the server in Seville queried for names in the Hong Kong site, the server in Seville first forwarded those queries to Seattle.

After upgrading to Windows Server 2003, administrators configured the DNS server in Seville to forward queries destined for the Hong Kong site directly to a server in that site, instead of first detouring to Seattle, as shown in Figure 3.7.

click to expand
Figure 3.7: Conditional Forwarding to an Off-Site Server

Administrators configured DNS3.corp.fabrikam.com to forward any queries for corp.treyresearch.com to DNS5.corp.treyresearch.com or DNS6.corp.treyresearch.com. DNS3.corp.fabrikam.com forwards all other queries to DNS1.corp.contoso.com or DNS2.corp.contoso.com.

For more information about conditional forwarding in Windows Server 2003 DNS, see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).

Using Conditional Forwarding to Query for Names in Other Namespaces

If your internal network does not have a private root and your users need access to other namespaces, such as a network belonging to a partner company, use conditional forwarding to enable servers to query for names in other namespaces. Conditional forwarding in Windows Server 2003 DNS eliminates the need for secondary zones by configuring DNS servers to forward queries to different servers based on the domain name.

For example, the Contoso Corporation includes two namespaces: Contoso and Trey Research. Computers in each division need access to the other namespace. In addition, computers in both divisions need access to computers in the Supplier private namespace.

Before upgrading to Windows Server 2003, the Trey Research division created secondary zones to ensure that computers in both the Contoso and Trey Research namespace can resolve names in the Contoso, Trey Research, and Supplier namespaces. After upgrading to Windows Server 2003, the Trey Research division deleted its secondary zones and configured conditional forwarding instead.

Upgrading DNS Servers to Windows Server 2003 DNS

The procedure you need to follow to upgrade DNS servers to Windows Server 2003 depends on whether you want to support Active Directory or not. If you are upgrading to Windows Server 2003 DNS and might not support Active Directory, for information about upgrading your existing DNS servers or migrating third-party DNS servers, see "Migrating servers" in Help and Support Center for Windows Server 2003. Migration involves the following:

  • Plan your migration schedule to ensure that your DNS clients have access to a DNS server at all times.

  • Back up your existing configuration.

  • Migrate data from existing DNS servers to Windows Server 2003 DNS.

If you are upgrading your DNS servers to support Active Directory, see "Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services of this kit.

After you have upgraded or migrated your servers, test them to ensure that they are resolving correctly. For more information about DNS troubleshooting and testing DNS server performance, see "Monitor servers" in Help and Support Center for Windows Server 2003, and the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).



Previous page
Table of content
Next page
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 146
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
VBScript Programmers Reference
Introduction to 80x86 Assembly Language and Computer Architecture
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Microsoft WSH and VBScript Programming for the Absolute Beginner
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy