Tải bản đầy đủ - 0 (trang)
Chapter 9. The Domain Name System

Chapter 9. The Domain Name System

Tải bản đầy đủ - 0trang

InsidetheDomainNameSystem

Nameresolutionisakeycomponentinanynetworkoperating

system(NOS)implementation.Thecapabilityofanyone

resourcetolocateotherresourcesisthecenterpieceofa

functionalnetwork.Consequently,thename-resolutionstrategy

chosenforaparticularNOSmustberobustandreliable,andit

ideallywillconformtoindustrystandards.

WindowsServer2003utilizestheDomainNameSystem(DNS)

asitsprimarymethodofnameresolution,andDNSisavital

componentofanyActiveDirectoryimplementation.Windows

Server2003'sDNSimplementationwasdesignedtobe

compliantwiththekeyRequestforComments(RFCs)that

definethenatureofhowDNSshouldfunction.Thismakesit

particularlybeneficialforexistingnetworkimplementations,as

itallowsWindowsServer2003tointeroperatewithothertypes

ofRFC-compliantDNSimplementations.

ThischapterdetailsthekeycomponentsofDNSingeneraland

providesanoverviewofWindowsServer2003'sspecific

implementationofDNS.Aparticularemphasisisplacedonthe

roleofDNSinActiveDirectoryandthewayitfitsinstandard

andnonstandardconfigurations.Step-by-stepinstructions

outlinehowtoinstallandconfigurespecificDNScomponentson

WindowsServer2003.Inaddition,troubleshootingDNSissues

andspecificActiveDirectorydesignscenarioshelptogivea

hands-onapproachtoyourunderstandingofDNS.



TheNeedforDNS

Computersandhumansconceptualizeindrasticallydifferent

ways.Intermsofunderstandinglocations,humansaremuch

betteratgraspingtheconceptofnamesratherthannumbers.



Forexample,mostpeoplethinkofcitiesbytheirnames,notby

theirZIPCodes.Computers,however,workinbinary,and

subsequentlyprefertoworkwithnumbers.Forexample,

computersatthepostofficetranslatethecityandaddress

namesintospecificZIPCodesforthatregion,helpingeach

letterreachitsdestination.

Nameresolutionforcomputersystemsworksinasimilarway.A

user-friendlynameistranslatedintoacomputer-identifiable

number.TCP/IPusesanumberschemethatuniquelyidentifies

eachcomputerinterfaceonanetworkbyaseriesofnumbers,

suchas10.1.2.145,knownasanIPaddress.Becausemost

humansarenotinterestedinmemorizingseveralofthesetypes

ofnumbers,theymustbeeasilyresolvableintouser-friendly

namessuchaswww.microsoft.com.

DNS,initssimplestform,providesfornameresolutionina

distributedfashion,witheachserverorsetofservers

controllingaspecifiedzoneandwithentriesforeachresource

calledresourcerecords(RRs)thatindicatethelocationofa

particularobject.

AgoodanalogyforDNScanbefoundintelephonebooks.Each

cityormetropolitanarea(namespace)publishesaseparate

phonebook(zone)thatcontainsmanylistings(resource

records)thatmappeople'snamestotheirphonenumbers(IP

addresses).Thissimpleexampleillustratesthebasicprinciple

behindDNS.Whenyouunderstandthesebasics,furtherdrilling

downintothespecifics,especiallywithregardtoWindows

Server2003'sDNS,ispossible.



DNSHistory

TheInternet,asoriginallyimplemented,utilizedasimpletext

filecalledaHOSTSfilethatcontainedasimplelistofallservers

ontheInternetandtheircorrespondingIPaddresses.Thisfile



wascopiedmanuallyfromthemasterservertomultiple

secondaryHOSTSservers.Asmoreandmoreserverswere

addedtotheInternet,however,updatingthisfilebecome

unmanageable,andanewsystembecamenecessary.

In1983,indirectresponsetothisproblem,theRFCsforthe

DomainNameSystemweredrawnup,andthisformofname

resolutionwasimplementedonalargescaleacrossthe

Internet.InsteadofasmallnumberofstaticHOSTSfiles,DNS

serversformedahierarchicalmethodofnameresolution,in

whichserversresolvedonlyacertainsegmentofhostsonthe

Internetanddelegatedrequeststhatitdidnotmanage.This

allowedthenumberofrecordsheldinDNStoscaleenormously,

withoutasubsequentlargeperformancedecrease.

MicrosoftdevelopeditsownimplementationofDNSinWindows

NT4.0,whichwasbasedontheRFCstandardsonwhichDNS

wasfounded.WiththeintroductionofWindows2000,Microsoft

adoptedDNSasthename-resolutionstrategyforMicrosoft

products.Older,legacyname-resolutionsystemssuchasWINS

areslowlybeingphasedout.Sincethattime,theDNS

implementationusedbyMicrosofthasevolvedtoincludea

numberofkeybenefitsthatdistinguishitfromstandardDNS

implementations,suchasthoseinotherDNS

implementationsforexample,UnixBIND.Tounderstandthese

improvements,however,youfirstneedabasicunderstandingof

DNSfunctionality.







FrameworkforDNS

DNSstructureiscloselytiedtothestructureoftheInternetand

oftenisconfusedwiththeInternetitself.ThestructureofDNS

ishighlyuseful,andthefactthatithasthrivedforsolongisa

tributetoitsfunctionality.Acloserexaminationofwhat

constitutesDNSandhowitislogicallystructuredisimportantin

understandingthebiggerpictureofhowDNSfitsinWindows

Server2003.



DNSHierarchy

DNSusesahierarchicalapproachtonameresolutioninwhich

resolutionispassedupanddownahierarchyofdomainnames

untilaparticularcomputerislocated.Eachlevelofthe

hierarchyisdividedbydots(.),whichsymbolizethedivision.A

fullyqualifieddomainname(FQDN)suchas

server1.sales.companyabc.comuniquelyidentifiesaresource'sspace

intheDNShierarchy.Figure9.1showshowthefictional

CompanyABCfitsintotheDNShierarchy.



Figure9.1.DNShierarchy.



Thetopofthehierarchyisknownastheroot,andis

representedbyasingle.(dot)thatismanagedbythemain

InternetRegistrationAuthority.MovingdowntheDNShierarchy,

thenextlayerinthemodelismadeupof.com,.net,.gov,.fr,

andsimilardomainnamespacesthatlooselydefinethe

particularcategorythatadomainnamespacefitsinto.For

example,educationalinstitutionsarecommonlygiven.edu

extensions,andcommercialbusinessesaregiven.com

extensions.Theseextensionsformthefirstsetofbranchesto

theDNStree.

ThesecondlevelintheDNShierarchycommonlycontainsthe

businessnameofanorganization,suchascompanyabcinFigure

9.1.ThislevelisnormallythefirstareaintheDNShierarchy

whereanorganizationhascontrolovertherecordswithinthe

domainandwhereitcanbeauthoritative.

Subdomainscaneasilybe,andoftenare,createdintheDNS

hierarchyforvariousreasons.Forexample,sales.microsoft.comis

apotentialdomainthatcouldexistasasublevelofthe



microsoft.comdomain.TheDNShierarchyworksinthisway,with



multiplelevelspossible.



TheDNSNamespace

TheboundedareathatisdefinedbytheDNSnameisknownas

theDNSnamespace.Microsoft.comisanamespace,asis

marketing.companyabc.com.Namespacescanbeeitherpublicor

private.PublicnamespacesarepublishedontheInternetand

aredefinedbyasetofstandards.Allthe.com,.net,.org,and

similarnamespacesareexternal,orpublic.Aninternal

namespaceisnotpublishedtotheInternet,butisalsonot

restrictedbyextensionname.Inotherwords,aninternal,

unpublishednamespacecanoccupyanyconceivable

namespace,suchasdnsname.localorcompanyabc.internal.Internal

namespacesaremostoftenusedwithActiveDirectorybecause

theygiveincreasedsecuritytoanamespace.Becausesuch

namespacesarenotpublished,theycannotbedirectlyaccessed

fromtheInternet.



GettingStartedwithDNSonWindowsServer

2003

TofullyunderstandthecapabilitiesthatWindowsServer2003

offersforDNS,theproductshouldbeinstalledinalab

environment.Thishelpstoconceptualizethevarious

componentsofDNSthatarepresentedinthischapter.



InstallingDNSUsingtheConfigureYourServer

Wizard

AlthoughtherearevariouswaystoinstallandconfigureDNS,

themoststraightforwardandcompleteprocessinvolves

invokingtheConfigureYourServerWizardandthesubsequent

ConfigureaDNSServerWizard.Theprocessdetailedinthis

sectionillustratestheinstallationofastandardzone.Multiple

variationsoftheinstallationarepossible,butthisparticular

scenarioisillustratedtoshowthebasicsofDNSinstallation.

InstallationofDNSonWindowsServer2003isstraightforward,

andnorebootisnecessary.ToinstallandconfiguretheDNS

serviceonaWindowsServer2003computer,followthese

steps.IfDNSisalreadyinstalledonaserverbutnotconfigured,

starttheprocedurefromstep7.

1. ChooseStart,AllPrograms,AdministrativeTools,Configure

YourServerWizard.

2. ClickNextontheWelcomescreen.

3. Makesurethatthelistedprerequisiteshavebeensatisfied

andclickNexttocontinue.TheConfigureYourServer

Wizardwillthenperformanetworktest.



Note

IfrunningtheConfigureYourServerWizardas

notedinstep3withthetypicalconfiguration

selected,thenetworkingcomponentsforDNSand

ActiveDirectoryDomainControllerwillbeinstalled

automaticallyatthispoint.Ifyouselectthecustom

configurationintheConfigureYourServerWizard,

youneedtofollowsteps4through21.

4. SelecttheDNSServerComponentandclickNext.

5. VerifythattheInstallDNSServerandRuntheConfigurea

DNSServerWizardtoConfigureDNSoptionsareselected

andclickNext.

6. AfterDNSisinstalled,youmaybepromptedforyour

WindowsServer2003CD.Ifso,insertitandclickOKwhen

prompted.

7. TheConfigureaDNSServerWizardisthenstarted

automatically,asillustratedinFigure9.2.(Or,ifDNSis

alreadyinstalled,installitmanuallybychoosingStart,Run,

andthentypingdnswiz.exe.)



Figure9.2.TheConfigureaDNSServerWizard.



8. OntheWelcomescreenfortheConfigureaDNSServer

Wizard,clickNexttocontinue.

9. SelectCreateForwardandReverseLookupZones

(RecommendedforLargeNetworks)andclickNext.

10. SelectYes,CreateaForwardLookupZoneNow

(Recommended)andclickNext.

11. Selectthetypeofzonetobecreatedinthiscase,choose

PrimaryZoneandclickNext.Iftheserverisadomain

controller,theStoretheZoneinActiveDirectorycheckbox

isavailable.

12. TypethenameofthezoneintheZoneNameboxandclick

Next.

13. Atthispoint,youcancreateanewzonetextfileorimport



onefromanexistingzonefile.Inthiscase,chooseCreate

aNewFilewithThisFileNameandacceptthedefault.Click

Nexttocontinue.

14. Thesubsequentscreenallowsazonetoeitheracceptor

declinedynamicupdates.Inthiscase,enabledynamic

updatesbyselectingtheAllowBothNonsecureandSecure

DynamicUpdatesradiobuttonandclickingNext.



Note

Whenenablingdynamicupdatestobeacceptedby

yourDNSserver,besureyouknowthesourcesof

dynamicupdatedinformation.Ifthesourcesare

notreliable,youcanpotentiallyreceivecorruptor

invalidinformationfromadynamicupdate.



15. Thenextscreenallowsforthecreationofareverselookup

zone.Here,selectYes,CreateaReverseLookupZoneNow

andclickNext.

16. SelectPrimaryZoneandclickNext.

17. TypeinthenetworkIDofthereverselookupzoneandclick

Next.(ThenetworkIDistypicallythefirstsetofoctets

fromanIPaddressinthezone.IfaclassCIPrangeof

10.1.1.0/24isinuseonanetwork,youwouldenterthe

values10.1.1,asillustratedinFigure9.3.)



Figure9.3.Reverselookupzonecreation.



18. Again,youareofferedtheoptiontocreateanewzonefile

ortoutilizeanexistingfile.Inthiscase,chooseCreatea

NewFilewithThisFileNameandclickNexttocontinue.

19. Again,youarepresentedtheoptionfordynamicupdates.

Inthiscase,selectAllowBothNonsecureandSecure

DynamicUpdatesandclickNexttocontinue.

20. Thenextscreendealswiththesetupofforwarders,which

willbedescribedinmoredetailinthe"DNSZones"section

laterinthischapter.Inthisexample,chooseNo,ItShould

NotForwardQueriesandclickNexttocontinue.

21. Thefinalwindow,showninFigure9.4,displaysasummary

ofthechangesthatwillbemadeandthezonesthatwillbe

addedtotheDNSdatabase.ClickFinishtwicetofinalize

thechangesandcreatethezones.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 9. The Domain Name System

Tải bản đầy đủ ngay(0 tr)

×