Implementing Windows Server 2003 DNS

Previous page
Table of content
Next page

After you have tested your configuration in a pilot lab, you can implement your changes in your production environment. Figure 3.12 shows the process for implementing Windows Server 2003 DNS.

click to expand
Figure 3.12: Implementing Windows Server 2003 DNS

Preparing to Deploy Windows Server 2003 DNS

Prepare your environment for Windows Server 2003 DNS deployment by ensuring that you have reliable backups of anything that you plan to change, including servers and zones. Test your backups before you proceed with your deployment. In addition, create a recovery plan for contingencies such as data loss, server failure, and failure of network connections.

Before implementing your DNS deployment, ensure that routing links between the servers that you plan to deploy are in place and are working correctly. Depending on how your DNS infrastructure is configured, your DNS servers might need to query the following:

  • Root servers.

  • Forwarders.

  • Servers hosting parent zones.

  • Servers hosting child zones.

  • Servers on an external network or the Internet.

If you expect clients to query for names on the Internet and you plan to use a proxy server, ensure that the proxy server is in place and that a proxy-client/firewall-client is installed on the client. In addition, ensure that the Web client configuration is set in a Conseil Europ en pour la Recherche Nucl aire (CERN)-compliant Internet browser. Microsoft Internet Explorer is an example of a CERN-compliant Internet browser.

Setting up the DNS Server

Before you install DNS, ensure that your computer is named correctly and that you can ping other computers in the network that your DNS servers might need to query. Because clients locate DNS servers by IP address, assign a static IP address to each DNS server.

You can set up your DNS server in one of four ways:

  • Install DNS on a server by using the Active Directory Installation Wizard to install Active Directory.

    The Active Directory Installation Wizard automatically creates an Active Directory-integrated copy of the forward lookup zone that corresponds to the name of the Active Directory domain, and configures the zone for secure dynamic update. In addition, the wizard creates the standard reverse lookup zones recommended by the DNS RFCs.

    You can start the Active Directory Installation Wizard by running dcpromo.exe at a command prompt. For more information about Active Directory installation and removal, see the Directory Services Guide of the Windows Server 2003 Resource Kit (or see the Directory Services Guideon the Web at http://www.microsoft.com/reskit).

  • Before or after you install Active Directory on the server, you can use the Add or Remove Programs tool to install the DNS Server service and then run the Configure DNS Server Wizard to configure your zones. As with the Active Directory Installation Wizard, the Configure DNS Server Wizard creates the standard reverse lookup zones recommended by the DNS RFCs, and either configures the server as a root server or initializes the root hints.

  • You can use the command-line tool Dnscmd.exe to configure the DNS server.

  • You can use Microsoft Visual Basic Scripting Edition (VBScript) or other scripting languages through the Windows Management Instrumentation (WMI) provider packaged with Windows Server 2003.

For more information about these setup options and for information about Windows Server 2003 DNS, including how the Active Directory Installation Wizard and the Configure DNS Server Wizard determine whether or not to initialize the root hints, see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at www.microsoft.com/reskit).

Setting up Zones

If you install DNS by using the Active Directory Installation Wizard, the wizard creates DNS zones that correspond to the Active Directory domains that you specify. If the zones that you specified during the zone planning phase of your deployment do not already exist, create them now. Note that the default DNS installation by the Active Directory Installation Wizard includes secure dynamic update and an Active Directory-integrated zone. If this is not the configuration you want to deploy, change the default settings.

If the zone that the wizard creates is not the type of zone that you want, change it now.

Note

Converting any zone to an Active Directory-integrated zone can increase the use of DNS server resources and network resources. This is because converting a zone can trigger Active Directory replication.

If you want to push updates to secondary DNS servers for a zone, configure DNS notify at the primary DNS server.

For more information about how to add and remove zones, see Help and Support Center for Windows Server 2003.

Configuring Forwarding

If any of your servers need to forward queries to any other server, configure forwarding on the servers that must forward queries. If you want your server to forward queries to different servers depending on the DNS suffix specified in the query, configure conditional forwarding appropriately.

For more information about conditional forwarding, see "Using Forwarding" earlier in this chapter, and see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).

Configuring the DNS Server for Dynamic Update

Depending on how you deploy your server and zones, your zones might already be configured for dynamic update or secure dynamic update. If the zones are not configured as you intend, make any necessary changes. You can configure your zones to perform dynamic updates, secure dynamic updates, or no updates. However, configuring your zones to perform unsecured dynamic updates is a security risk and is not recommended.

For information about how to configure dynamic updates, see "Dynamic update" in Help and Support Center for Windows Server 2003. For information about how to allow only secure dynamic updates, see "Allow only secure dynamic updates" in Help and Support Center for Windows Server 2003.

Configuring Aging and Scavenging

With dynamic update, whenever a computer joins the network and registers with DHCP, the DNS server automatically adds resource records to the zone. However, in some cases, the DNS server does not automatically delete them, and they can become outdated. Outdated resource records use disk space on the server, and a server might use an outdated resource record to answer a query. As a result, DNS server performance suffers. To solve these problems, the Windows Server 2003 DNS Server service can scavenge outdated records by searching the database for records that are obsolete and deleting them.

You can configure aging and scavenging from DNS Manager or by using Dnscmd.exe.

For more information about configuring aging and scavenging in Windows Server 2003 DNS, see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).

Configuring Zone Transfer and Replication Scope

If you use file-based primary or secondary zones, configure each primary server for a zone to allow zone transfers to each secondary server for a zone. Next, configure each secondary server for a zone with a list of primary servers for that zone.

If you use Active Directory replication in a Windows Server 2003 domain, configure the zone replication scope as described in Table 3.8.

If the DNS server is a domain controller, you can change the zone type to Active Directory-integrated. However, if the DNS server is not a domain controller, this option is not available. Active Directory-integrated zone data is stored and replicated as part of the Active Directory database.

For more information about DNS zone storage and replication in Active Directory, enlisting a DNS server in a DNS application directory partition, removing a DNS server from a DNS application directory partition, or changing zone replication scope, click the Index button in Help and Support for Windows Server 2003, and then in the keyword box, type DNS zones.

Verifying that the DNS Server is Operating Correctly

After you install and configure the DNS server, verify that it is operating correctly. Use the monitoring features of the DNS MMC snap-in, such as simple or recursive query testing. You can also examine the event log or use the DNSLint Windows Server 2003 command-line support tool to test DNS servers for problems with delegations and missing Active Directory replication records. In addition, you can use the Nslookup.exe command-line tool to attempt queries. To access the monitoring features of the DNS MMC snap-in, click Properties on the Action menu, and then click the Monitoring tab.

For more information about DNS troubleshooting and verifying DNS server operation, see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).

Setting Up DNS Clients

Set up each DNS client with the following:

  • Host name and DNS suffix.

  • Preferred and alternate DNS servers.

  • Optionally, Proxy Auto-Configuration file or name exclusion list (if a proxy client).

You can use any of the following methods to set up your DNS clients:

  • Use the TCP/IP settings of the client.

  • Use Group Policy to configure groups of clients.

  • Use the DHCP Server service to configure some client settings automatically.

For more information about how to install and configure DNS clients, see "Configuring DNS client settings" in Help and Support Center for Windows Server 2003.

Using Command-Line Tools to Deploy DNS

You can use the command-line tool Dnscmd.exe to perform most of the tasks that you can perform from the DNS MMC snap-in. By using Dnscmd.exe, you can create, delete, and view zones and records and reset server and zone properties. You can also perform routine administration operations, such as creating or updating a zone, reloading the zone, refreshing the zone, writing the zone back to a file or Active Directory, pausing and resuming the zone, clearing the cache, adding records to root hints, stopping and starting the DNS service, and viewing statistics.

You can also use Dnscmd.exe to write batch file scripts and for remote administration. For more information about Dnscmd.exe, in Help and Support Center for Windows Server 2003, click Tools, and then click Windows Support Tools. For information about installing and using the Windows Server 2003 Support Tools and Support Tools Help, see the Sreadme.doc file in the \Support\Tools folder on the Windows Server 2003 operating system CD.

You can use the Nslookup.exe command-line tool to perform query testing of the DNS domain namespace and to display configuration information.



Previous page
Table of content
Next page
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 146
BUY ON AMAZON
FileMaker Pro 8: The Missing Manual
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Java How to Program (6th Edition) (How to Program (Deitel))
Sap Bw: a Step By Step Guide for Bw 2.0
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy