Case Study

Previous page
Table of content
Next page

SCENARIO

ESSENCE OF THE CASE

Following are the essential elements in this case:

  • You will need to plan a new DNS namespace that meets the requirements outlined by the CEO and CIO.

  • You will need to use a delegated namespace to provide the required results.

  • Secure dynamic updates in an Active Directory “integrated zone will be required to provide the DNS data protection required while still allowing clients to update their IP address information in DNS.

  • Conditional forwarding will be configured to forward all name resolution requests for the ricksrockets.com domain to the external DNS servers provided by the ISP.


Rick's Rockets is a leading manufacturer of toy rocket kits. Rick's currently owns the ricksrockets.com domain name and uses its ISP to host its Web, FTP, and email services through that domain name. Rick's current internal network is extremely decentralized and disorganized and is actually still functioning as a Windows 2000 workgroup. All workstations are Windows 2000 Professional, and all servers are Windows 2000 Advanced Server.

You have been hired by Rick, the CEO of Rick's Rockets, to plan and implement a completely new network infrastructure to include an internal DNS namespace to support the rollout of Windows Server 2003 and Active Directory. Rick's Rockets will not be purchasing any additional publicly accessible domain names . Rick's will be upgrading its Windows 2000 Advanced Server licenses to Windows Server 2003 Enterprise Edition licenses to support the new network plan.

Roger, the CIO of Rick's Rockets, has informed you that he wants the new internal DNS namespace to be easy for users to remember but to provide complete isolation from the external DNS namespace. Internal clients should be allowed to resolve IP addresses for external resources, but external clients should not be able to resolve IP addresses for internal resources. All clients should automatically update their IP addresses in DNS, and DNS should accept updates only from authorized clients to increase security of the internal DNS servers. The internal DNS servers should not be able to resolve external IP addresses directly but should provide forwarding to the external DNS servers maintained by Rick's ISP.

ANALYSIS

You propose to create a delegated namespace, such as corp.ricksrockets.com for the internal network. It will provide an easy-to-remember namespace for users while still isolating the internal network from the external network.

If you create Active Directory “integrated zones using secure dynamic updates, all Windows 2000 workstation clients will be able to automatically update their DNS information after receiving a DHCP lease. Secure dynamic updates also prevent unauthorized clients from polluting the DNS data with bad information.

By configuring conditional forwarding for the ricksrockets.com zone, you can ensure that all name resolution requests are performed as quickly as possible for your clients without having to host the zone on your internal DNS servers.


Previous page
Table of content
Next page
MCSE Windows Server 2003 Network Infrastructure (Exam 70-293)
MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736500
EAN: 2147483647
Year: 2003
Pages: 151
Authors: Will Schmied
BUY ON AMAZON
Project Management JumpStart
C++ GUI Programming with Qt 3
Cisco Voice Gateways and Gatekeepers
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Microsoft WSH and VBScript Programming for the Absolute Beginner
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy