Professional Documents
Culture Documents
Skills Matrix
Technology Skill
Objective Domain
Objective #
Configure zones
1.1
1.2
1.3
Configuring Additional
Services
3.2
Configuring Additional
Services
3.4
Name Resolution
Name resolution is an essential function
on all Transmission Control
Protocol/Internet Protocol (TCP/IP)
networks, regardless of the operating
system that an individual computer is
running.
DNS Namespace
In a specification for a tree-structured
namespace, each branch of the tree
identifies a domain.
Each domain contains an information set
that consists of host names, IP addresses,
and comments.
Query operations are attempts to retrieve
specific information from a particular
information set.
DNS Namespace
Name Servers
Applications running on server computers
maintain information about the domain
tree structure and contain authoritative
information about specific areas of that
structure.
The application is capable of responding
to queries for information about the areas
for which it is the authority, and it has
pointers to other name servers that enable
it to access information about any other
area of the tree.
Resolvers
Client programs generate requests for
DNS information and send them to name
servers for fulfillment. A resolver has direct
access to at least one name server.
Resource Records
The resource record is the fundamental data
storage unit in all DNS servers.
Resource Records
The Start of Authority (SOA) resource
record identifies which name server is the
authoritative source of information for data
within this domain.
The first record in the zone database file
must be an SOA record. In the Windows
Server 2008 DNS server, SOA records are
created automatically with default values
when you create a new zone.
Resource Records
Resource Records
Name Server (NS) resource record
identifies the name server that is the
authority for the particular zone or domain;
that is, the server that can provide an
authoritative name-to-IP address mapping
for a zone or domain.
Resource Records
The A resource record is the fundamental
data unit of the DNS that is used to
translate the host name to the IPv4
address.
The AAAA resource record is used to
translate the host name to the IPv6
address.
The Pointer (PTR) resource record is the
functional opposite of the A record,
providing an IP address-to-name mapping,
Resource Record
The Canonical Name (CNAME) resource
record, sometimes called an Alias record,
is used to specify an alternative name, for
the system specified in the Name field.
Resource Records
Mail Exchanger (MX) resource record
identifies the email servers for a domain.
Service Record (SRV) resource record
enables clients to locate servers that are
providing a particular service.
Windows Server 2008 Active Directory
clients rely on the SRV record to locate the
domain controllers they need to validate
logon requests.
Recursive Query
The DNS server receiving the name
resolution request takes full responsibility
for resolving the name.
If the server possesses information about
the requested name, it replies immediately
to the requester.
If the server has no information about the
name, it sends referrals to other DNS
servers until it obtains the information it
needs.
TCP/IP client resolvers always send
recursive queries to their designated DNS
Iterative Query
The server that receives the name resolution
request immediately responds to the requester
with the best information it possesses.
This information can be cached or authoritative,
and it can be a resource record containing a fully
resolved name or a reference to another DNS
server.
DNS servers use iterative queries when
communicating with each other.
It would be improper to configure one DNS server
to send a recursive query to another DNS server.
Conditional Forwarder.
Will forward queries selectively based on
the domain specified in the name
resolution request.
DNS Zones
A zone is an administrative entity on a
DNS server that represents a discrete
portion of the DNS namespace.
Administrators typically divide the DNS
namespace into zones to store them on
different servers and to delegate their
administration to different people.
Zones always consist of entire domains or
subdomains.
DNS Zones
Every zone consists of a zone database
that contains the resource records for the
domains in that zone.
The DNS server in Windows Server 2003
supports three zone types that specify
where the server stores the zone database
and the kind of information it contains:
Primary zone.
Secondary zone.
Stub zone.
Primary Zone
A primary zone contains the master copy of the
zone database, in which administrators make all
changes to the zones resource records.
If the Store The Zone In Active Directory
(Available Only If DNS Server Is A Domain
Controller) checkbox is not selected, the server
creates a primary master zone database file on
the local drive, also called a standard zone
(simple text file).
If the checkbox is selected, it is an AD
integrated zone, which the DNS data is stored
within the Active Directory database itself.
Secondary Zone
A secondary zone is a read-only copy of the data that is
stored within a primary zone on another server.
The secondary zone contains a backup copy of the
primary master zone database file, stored as an identical
text file on the servers local drive.
Because the secondary zone is read-only, you cannot
modify the resource records in a secondary zone
manually. You can only update them by replicating the
primary master zone database file using the zone
transfer process.
You should always create at least one secondary zone
for each standard primary zone in your namespace to
provide fault tolerance and to balance the DNS traffic
load.
Stub Zone
A stub zone is a copy of a primary zone that contains
SOA and NS resource records, plus the Host (A)
resource records that identify the authoritative servers
for the zone.
The stub zone forwards or refers requests to the
appropriate server that hosts a primary zone for the
selected query.
When you create a stub zone, you configure it with the
IP address of the server that hosts the primary zone from
which the stub zone was created.
When the server hosting the stub zone receives a query
for a name in that zone, it either forwards the request to
the host of the zone or replies with a referral to that host,
depending on whether the query is recursive or iterative.
Additional Services
Active Directory Rights Management
Service (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network.
The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Webbased applications across multiple
organizations.
Summary
The Domain Name System (DNS)
provides the default name resolution
mechanism for Active Directory, the
Internet, and the majority of modern
TCP/IP networks.
Windows operating systems prior to
Windows 2000 used NetBIOS names to
identify the computers on the network.
The resource record is the fundamental
data storage unit in all DNS servers.
Summary
The DNS Server service in Windows
Server 2008 supports both standard and
Active Directoryintegrated DNS zones.
DNS root name servers are the highestlevel DNS servers in the entire
namespace.
You can divide a DNS namespace into
zones to store them on different servers
and to delegate their administration to
different people.
Summary
Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory.
You can use DHCP to streamline the
process of assigning DNS servers to your
clients to use for name resolution.
Summary
Active Directory Rights Management
Service (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network.
The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Webbased applications across multiple
organizations.