Hello Friends,
Here are very useful information DNS and Active Directory integration
Integration of DNS and Active Directory
The integration of DNS and Active Directory is essential because a client computer in a Windows 2000 network must be able to locate a domain controller so that users can log on to a domain or use the services that Active Directory provides. Clients locate domain controllers and services by using A resource records and SRV records. The A resource record contains the FQDN and IP address for the domain controller. The SRV record contains the FQDN of the domain controller and the name of the service that the domain controller provides.
What Are Active Directory Integrated Zones?
One benefit of integrating DNS and Active Directory is the ability to integrate DNS zones into an Active Directory database. A zone is a portion of the domain namespace that has a logical grouping of resource records, which allows zone transfers of these records to operate as one unit.
Active Directory Integrated Zones
Microsoft DNS servers store information that is used to resolve host names to IP addresses and IP addresses to host names in a database file that has the extension .dns for each zone.
Active Directory integrated zones are primary zones that are stored as objects in the Active Directory database. If zone objects are stored in an Active Directory domain partition, they are replicated to all domain controllers in the domain.
What Are DNS Zones?
A zone starts as a storage database for a single DNS domain name. If other domains are added below the domain used to create the zone, these domains can either be part of the same zone or belong to another zone. Once a subdomain is added, it can then either be:
● Managed and included as part of the original zone records, or
● Delegated away to another zone created to support the subdomain
Types of Zones
There are two types of zones, forward lookup and reverse lookup. Forward lookup zones contain information needed to resolve names within the DNS domain. They must include SOA and NS records and can include any type of resource record except the PTR resource record. Reverse lookup zones contain information needed to perform reverse lookups. They usually include SOA, NS, PTR, and CNAME records.
With most queries, the client supplies a name and requests the IP address that corresponds to that name. This type of query is typically described as a forward lookup. Active Directory requires forward lookup zones.
However, what if a client already has a computer's IP address and wants to determine the DNS name for the computer? This is important for programs that implement security based on the connecting FQDN, and is used for TCP/IP network troubleshooting. The DNS standard provides for this possibility through reverse lookups.
Once you have installed Active Directory, you have two options for storing your zones when operating the DNS server at the new domain controller:
Standard Zone
Zones stored this way are located in .dns text files that are stored in the %SystemRoot%\System32\Dns folder on each computer operating a DNS server. Zone file names correspond to the name you choose for the zone when creating it, such as Example.microsoft.com.dns if the zone name was example.microsoft.com.
This type offers the choice of using either a Standard Primary zone or a Standard Secondary zone.
Standard Primary Zone
For standard primary-type zones, only a single DNS server can host and load the master copy of the zone. If you create a zone and keep it as a standard primary zone, no additional primary servers for the zone are permitted. Only one server is allowed to accept dynamic updates, also known as DDNS, and process zone changes. The standard primary model implies a single point of failure.
Standard Secondary Zone
A secondary name server gets the data for its zones from another name server (either a primary name server or another secondary name server) for that zone across the network. The data in a Secondary zone is Read only, and updated information must come from additional zone transfers. The process of obtaining this zone information (i.e., the database file) across the network is referred to as a zone transfer. Zone transfers occur over TCP port 53.
Secondary servers can provide a means to offload DNS query traffic in areas of the network where a zone is heavily queried and used. Additionally, if a primary server is down, a secondary server can provide some name resolution in the zone until the primary server is available.
Note A Standard Primary zone will not replicate its information to any other DNS servers, but may allow zone transfers to Secondary zones. Win2003 also supports stub zones. A secondary or stub zone cannot be hosted on a DNS server that hosts a primary zone for the same domain name.
Directory-integrated Zone
Zones stored this way are located in the Active Directory tree under the domain object container. Each directory-integrated zone is stored in a dnsZone container object identified by the name you choose for the zone when creating it. Active Directory integrated zones will replicate this information to other domain controllers in that domain.
Note If DNS is running on a Windows 2000 server that is not a domain controller, it will not be able to use an Active Directory integrated zones, or replicate with other domain controllers since it does not have Active Directory installed.
DNS Records
After you create a zone, additional resource records need to be added to it. The most common resource records (RRs) to be added are:
Table 1. Record Types
| Name | Description |
| Host (A) | For mapping a DNS domain name to an IP address used by a computer. |
| Alias (CNAME) | For mapping an alias DNS domain name to another primary or canonical name. |
| Mail Exchanger (MX) | For mapping a DNS domain, name to the name of a computer that exchanges or forwards mail. |
| Pointer (PTR) | For mapping a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer. |
| Service location (SRV) | For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers. |
| Other resource records as needed. Thank you! | |
No comments:
Post a Comment