| Managing your DNS server is performed in the DNS console by right-clicking your server and choosing an action from the shortcut menu. Actions not discussed previously include the following: -
Create Default Application Directory Partitions ” Partitioning in Active Directory is used to differentiate data for different replication purposes. -
Set Aging/Scavenging for All Zones ” Configure refresh intervals for resource records. -
Scavenge Stale Resource Records ” Use this option to manually remove old outdated resource records. -
Update Server Data Files ” Writes all zone file changes in AD. -
Clear Cache ” Flushes the name server's cache. -
Launch nslookup ” Runs the nslookup utility for troubleshooting DNS problems. Additional server options are available on the DNS Server Properties tab as shown in Figure 6.10. -
Interfaces ” Configure the Interfaces tab to listen for DNS server requests on all IP addresses or only the following IP address. -
Forwarders ” Configure forwarder DNS server IP addresses to resolve DNS queries not answered by this server. Commonly used to add ISP DNS primary and secondary DNS servers IP addresses, which improves DNS query response time and efficiency on the Internet. -
Advanced ” Advanced configuration options include Disable Recursion and Forwarding, BIND secondaries (enable if you have Unix DNS servers using BIND), Fail on Load If Bad Zone Data, Enable Round Robin (a feature used for load balancing of resource records), Enable Netmask Ordering, and Secure Cache Against Pollution. -
Root hints ” Root hints are used to learn and discover authoritative servers in the upper hierarchy of the DNS domain namespace. -
Debug Logging and Event Logging ” Use for diagnostic trouble shooting. -
Monitoring ” Verifies DNS configuration using manual or automatic testing. A simple query tests your internal zone or subnet. A recursive query tests DNS servers outside your zone, such as your ISP's DNS servers. -
Security ” Use to view, add, and remove user and groups and their associated permissions. Figure 6.10. DNS Server Properties dialog box showing the Interfaces tab.  Best DNS Practices The following are some guidelines for receiving the full benefit from utilizing DNS: -
Use preferred practices and standard guidelines for managing your DNS infrastructure. -
For AD domains, always use Active Directory “integrated zones for increased security and fault tolerance and easier management and deployment. -
If your DC is also a DNS server, make sure that your domain controller is pointing to itself for all DNS resolution. Otherwise, just make sure that it is pointing to an internal DNS server. Pointing to an ISP DNS server, for example, would result in inaccurate registered records in the Netlogon service. Your TCP/IP network properties dialog box, in other words, should list only your DNS server as the preferred DNS server. -
For each additional server running DNS added to your domain, the preferred DNS IP address is the parent DNS IP address. The IP address of the added server running DNS is placed in the Alternate IP Address text box. -
During AD installation and setup, if you created a domain name with a (domain name).local extension, delete the ".(zone)" listed under Forward Lookup Zones. Otherwise, clients might have external name resolution problems on the Internet. -
If your internal and registered external domain names are the same, make sure to add a Host (A) record and an Mail Exchange (MX) record to your DNS server forward lookup zone. Otherwise, users will not be able to browse your company's Internet Web site home page and related links. -
For each person in charge of managing a zone, add an email address (MX) record to your DNS server database, replacing the @ sign with a period. -
If your DNS server is behind a proxy server or firewall, make sure to open UDP and TCP port 53 on the proxy server or firewall. -
Add only necessary alias records to a zone. -
Consider using secondary zones for load balancing when DNS query traffic is heavy. -
If you need to add child domains, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone for the child server and specify the name server or parent DNS server for zone transfers. -
For large and complex DNS planning and designing, always review the DNS-related Request for Comments (RFC) documents from the RFC Editor Web site. |
|
