Lesson 3: Assessing DNS

Previous page
Table of content
Next page

The Domain Name System (DNS) resolves the host names of network computers and services to their respective IP addresses. DNS is one of the core services used by Windows 2000 Active Directory directory services. In this lesson, you'll analyze the existing Windows NT DNS services and use those as a basis for planning your migration to Windows 2000.

After this lesson, you will be able to

  • Assess the DNS requirements for the Windows 2000 migration.

Estimated lesson time: 35 minutes

DNS Basics

The Domain Name System (DNS) allows a DNS namespace to be divided into zones which store information about one or more DNS domains. For each DNS domain name included in a zone, the zone becomes the authoritative source for information about that domain. DNS is one of the core components of Windows 2000. If a DNS server is unable to resolve an address (in other words, find an IP address that matches a supplied domain name), it will forward the request to the DNS server of the parent zone for that address. On the Internet, the ultimate parent zone is the "." zone that sits above the familiar zone which includes secondary names such as .com, .org, and .uk. Naming requests are passed down the hierarchy to the DNS server that's responsible for that zone; that DNS server can then return the IP address to enable network communications.

Your organization will probably already have a naming regime in force, and this might involve systems such as UNIX servers that aren't running Windows NT. To support Active Directory in a heterogeneous environment, any 3rd party DNS system must support the following:

  • Service location resource record. DNS servers that are authoritative for the locator records need to support the service location resource record (SRV RR) record type. For further information, consult Chapter 5, "Introduction to DNS," in the Microsoft Windows 2000 Server TCP/IP Core Networking Guide volume of the Microsoft Windows 2000 Server Resource Kit.
  • Dynamic update protocol. Primary DNS master servers must support the DNS dynamic update protocol as defined in RFC 2136.

NOTE

An RFC (Request for Comments) is an official document of the Internet Engineering Task Force (IETF) that specifies the details of new Internet specifications or protocols. To read more about an RFC, open your Web browser and use an Internet search engine to search for the RFC number; in this case, you would search for "RFC 2136."

The Windows 2000 Server DNS service meets these standards and has the additional benefit that it integrates the DNS zone storage into Active Directory. This means that it can perform zone replication without needing a DNS replication topology. It has the further advantage that it implements security on the DNS data.

When setting policy for the upgrade of this aspect of the network, consider the issues described in the following sections.

Preserving the Quality of the DNS Service

If the DNS servers become unavailable or there is contention over parts of the namespace, all TCP/IP users will be seriously affected. You must set a migration goal that DNS service be maintained at all times. You can configure multiple DNS servers for clients (so that a client will automatically connect to another server if the primary one isn't found). You can also have primary and secondary DNS servers in a given domain, which provides redundancy. Windows 2000 can function as a primary or a secondary DNS server.

Migrating DNS Servers to Windows 2000

Maintaining the DNS service and migrating it to Windows 2000 is potentially the most difficult political task in the migration project. Windows 2000 Active Directory depends on DNS to provide clients with information about the location of the various network resources such as servers that use the Kerberos authentication protocol. Kerberos authentication protocol was originally developed at MIT as a method of authenticating the identity of users attempting to log on to the network, and the Kerberos v5 authentication protocol is the default authentication service for Windows 2000. If your company has a UNIX team that provides your DNS service, they need to be involved in the migration project from the beginning. The Windows 2000 DNS service is substantially different from many other DNS services in the following ways:

  • It supports SRV resource records.
  • It can be integrated into Active Directory.
  • It supports dynamic DHCP updates.

To realize the maximum benefits of Active Directory, you should migrate the DNS servers to Windows 2000. If they run on a different operating system such as UNIX, you should carefully design the migration process with a period of parallel running and planned rollback options.

IMPORTANT

Although Windows 2000 will work with other DNS systems that conform to the guidelines already mentioned, in practice you'll be better off migrating completely to Windows 2000 DNS.

Another option is to run the Windows 2000 systems as secondary DNS servers and phase the migration of records to them. This will allow you to ensure that service can be maintained under the given network load.

TIP

You should split the servers performing Kerberos protocol authentication from those running DNS services. Under heavy loading conditions, for example, at the start of the work day when machines are switched on and users are logging on, large numbers of authentication and lookup requests will be generated.

Assuming your current DNS services are hosted on Windows NT, the information required to help plan the migration to Windows 2000 includes the following:

  • Which is the primary DNS server? You'll need to migrate it first.
  • Is the primary DNS server hosted on a domain controller or a member server? Because Active Directory–Integrated zones can be supported only on domain controllers, you might be forced to upgrade a member server to a Windows 2000 domain controller if dynamic updates and integrated SRV resource records are to be supported.
  • Which servers are secondary DNS servers?

Bear in mind the following when planning the DNS migration:

  • You can manually add SRV resource records to any Windows NT 4.0 DNS servers that won't be upgraded.
  • If an overlap period will exist between Windows NT and Windows 2000 DNS servers, you should plan to migrate the primary DNS server to Windows 2000 first.

NOTE

Windows 2000 DNS can't be managed by the Windows NT DNS Manager and vice versa—the Windows NT DNS can't be managed by the Windows 2000 DNS manager.

Practice: Installing and Configuring DNS

Your Windows NT primary domain controller will also be your DNS server in this practice. When you upgrade this domain to Windows 2000, you'll be able to see the effect of upgrading a Windows NT server that also supports DNS. Therefore, you must install Windows NT DNS on this server.

To install DNS on the primary domain controller, MIGKIT1

  1. Logon to MIGKIT1 as Administrator with the password secret.
  2. Right-click Network Neighborhood and select Properties from the shortcut menu.
  3. Click the Services tab and then click the Add button.

    The Select Network Service dialog box appears.

  4. In the Network Service list box, select Microsoft DNS Server, and then click OK.
  5. Confirm the source directory for the Windows NT files. If the source is the original installation CD, insert it in the CD-ROM drive. Then click the Continue button.

    The necessary files will be copied from the CD-ROM, and then Microsoft DNS Server will appear in the Services list.

  6. Close the Network dialog box.
  7. Do not restart the machine when prompted. Instead, click No, and then run the service pack again. This will update the DNS files to the later version.
  8. After running the service pack, restart the system.

    Now you must configure DNS on MIGKIT1. This machine will be configured with one zone containing only this machine.

To configure the DNS server

  1. Log on to MIGKIT1 again as Administrator.
  2. From the Start menu, select Programs, Administrative Tools, and then DNS Manager.
  3. When DNS Manager appears, open the DNS menu and choose New Server.
  4. In the Add DNS Server dialog box, enter the IP address of this machine, 192.168.0.100, and then click OK.

    The IP address will appear in the server list, with a page of statistics in the right pane.

  5. Right-click the IP address and select New Zone from the shortcut menu.

    The Creating New Zone dialog box will appear.

  6. Select Primary for the zone type and click Next.
  7. Enter migkit.microsoft.com in the Zone Name field and then click in the Zone File field. The Zone File box will be filled in automatically. Your screen should resemble the one shown in Figure 4.9.

    click to view at full size.

    Figure 4.9 Creating New Zone dialog box with zone information filled in

  8. Click Next and then click Finish in the next dialog box.

    The zone should be created and appear underneath 192.168.0.100 in the left pane of DNS Manager, as shown in Figure 4.10.

    click to view at full size.

    Figure 4.10 Zone as it appears in DNS Manager

Before you add any further records, you'll create a reverse lookup zone. The reverse lookup zone enables the DNS server to supply the fully qualified domain name (FQDN) from the IP address; in other words, the reverse of the DNS server's typical function.

To create a reverse lookup zone

  1. Under the Server List node, right click the server (192.168.0.100) node and select New Zone from the shortcut menu.
  2. Click Primary, and then click Next.

    The Create New Zone dialog box appears.

  3. In the Zone Name box, type 0.168.192.In-addr.arpa and then click in the Zone File box.

    The Zone File box will be filled in automatically.

  4. Click Next, and then click the Finish button.

    The Reverse Lookup zone will be created and will appear in the left pane's server list.

    Finally, you need to add an entry for the DNS host, your primary domain controller.

To add a domain host

  1. Right click the migkit.microsoft.com zone in the left pane and select New Host from the shortcut menu.
  2. Fill in the New Host dialog box as shown in Figure 4.11. Don't forget to set the check mark:

    Figure 4.11 New Host dialog box

  3. Click Add Host, and then click Done.

    The host name is added to DNS Manager, as shown in Figure 4.12.

  4. Close DNS Manager.

    Now you'll enter the IP address of the DNS host computer in the TCP/IP Properties dialog box.

    click to view at full size.

    Figure 4.12 DNS Manager with new host added

To enter the DNS host server information

  1. Right-click Network Neighborhood and select Properties from the shortcut menu.
  2. Click the Protocols tab, select TCP/IP Protocol from the Network Protocols list, and then click the Properties button.
  3. When the Microsoft TCP/IP Properties dialog box appears, click the DNS tab.
  4. In the Host Name field type migkit1 and then in the Domain field type migkit.microsoft.com.
  5. Click the Add button, enter 192.168.0.100 as the DNS address of the host computer, and then click Add.
  6. Click OK to close the TCP/IP Properties dialog box and then click OK again to close the Network dialog box.
  7. Open a command prompt and type ping migkit1.migkit.microsoft.com.

    If everything is set up correctly, the name should resolve to 192.168.0.100 and return a successful response (four lines of replies).

  8. Now change to the DNS folder by typing cd %systemroot%\system32\dns. (%SystemRoot% is an environmental variable that returns the folder of your Windows NT installation, in this case c:\winnt.)
  9. Use Notepad to open the following two files in the DNS folder: 

    notepad migkit.microsoft.com.dns notepad 0.168.192.in-addr.arpa.dns

    You'll see the host name-to-IP address configurations and the reverse lookup information. These files are known as BIND files and are useful in assessing the clients registered by Windows NT DNS.

  10. Close the command prompt.

    You will now remove the DNS service to see what happens when DNS is not available when upgrading to Windows 2000. You will perform this upgrade in Chapter 6, "Performing an Upgrade."

  11. Right-click on Network Neighborhood and select Properties.
  12. Click on the services tab and select DNS.
  13. Click the Remove button, close the Network dialog box, and follow the instructions to restart the system.

When assessing your DNS servers, make copies of all the DNS files on each server. These files will help with the migration and serve as documentation of your system.

Lesson Summary

In this lesson, you learned how DNS is central to creating Windows 2000 Active Directory directory services. You learned how to install and configure DNS on Windows NT Server, and you also learned how to assess your DNS servers by looking at their BIND files. You learned that these files can be useful backups for a DNS rollback and for use in migrating to a new Windows 2000 DNS service.


Previous page
Table of content
Next page
MCSE Training Kit (Exam 70-222. Migrating from Microsoft Windows NT 4. 0 to Microsoft Windows 2000)
MCSE Training Kit (Exam 70-222): Migrating from Microsoft Windows NT 4.0 to Microsoft Windows 2000 (MCSE Training Kits)
ISBN: 0735612390
EAN: 2147483647
Year: 2001
Pages: 126
Authors: Microsoft Corporation
BUY ON AMAZON
Software Configuration Management
WebLogic: The Definitive Guide
Snort Cookbook
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Sap Bw: a Step By Step Guide for Bw 2.0
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy