Working with Zones
Servers refer to their zones (also called DNS database files) to resolve names. The zones contain resource records that comprise the resource information associated with the DNS domain. For example, some resource records map friendly names to Internet Protocol (IP) addresses, and others map IP addresses to friendly names. Some resource records not only include information about servers in the DNS domain, but also serve to define the domain by specifying which servers are authoritative for which zones. In this lesson, you will learn how to configure DNS zones in Windows 2000.
Delegating Zones
A DNS database can be partitioned into multiple zones. A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS name space. Zone files are maintained on DNS servers. A single DNS server can be configured to host zero, one, or multiple zones. Each zone is anchored at a specific domain name referred to as the zone's root domain. A zone contains information about all names that end with the zone's root domain name. A DNS server is considered authoritative for a name if it loads the zone containing that name. The first record in any zone file is a start of authority (SOA) resource record. The SOA resource record identifies a primary DNS name server for the zone as the best source of information for the data within that zone and as an entity processing the updates for the zone.
Names within a zone can also be delegated to other zone(s). Delegation is a process of assigning responsibility for a portion of a DNS name space to a separate entity. This separate entity could be another organization, department, or workgroup within your company. In technical terms, delegating means assigning authority over portions of your DNS name space to other zones. The name server record that specifies the delegated zone and the DNS name of the server authoritative for that zone represents such delegation. Delegating across multiple zones was part of the original design goal of DNS. The following are the main reasons for the delegation of a DNS name space:
- A need to delegate management of a DNS domain to a number of organizations or departments within an organization
- A need to distribute the load of maintaining one large DNS database among multiple name servers to improve the name resolution performance as well as create a DNS fault-tolerant environment
- A need to allow for hosts' organizational affiliations by including them in appropriate domains
Understanding DNS Zones and Domains
Domain name servers store information about part of the domain name space called a zone. The name server is authoritative for a particular zone. A single name server can be authoritative for many zones. Understanding the difference between a zone and a domain is sometimes confusing.
A zone is simply a portion of a domain. For example, the domain microsoft.com may contain all of the data for microsoft.com, marketing.microsoft.com, and development.microsoft.com. However, the zone microsoft.com contains only information for microsoft.com and references to the authoritative name servers for the subdomains. The zone microsoft.com can contain the data for subdomains of microsoft.com if they have not been delegated to another server. For example, marketing.microsoft.com may manage its own delegated zone. The parent, microsoft.com, may manage development.microsoft.com. If there are no subdomains, then the zone and domain are essentially the same. In this case the zone contains all data for the domain.
To create a zone delegation
- Click Start, point to Programs, point to Administrative Tools, then click DNS.
- In the console tree, right-click your subdomain and then click New DelegationThe New Delegation Wizard appears.
- Click Next.
- In the Delegated Domain Name dialog box, type a delegated domain name, then click Next.
- In the Name Servers dialog box, click Add to specify names and IP addresses of DNS servers you want to have host the delegated zone.The New Resource Record dialog box will appear, allowing you to specify DNS servers.
- Type the DNS server name, click Add, then click OK.
- In the Name Servers dialog box, click Next.
- Click Finish to close the New Delegation Wizard.
- Click Start, point to Programs, point to Administrative Tools, then click DNS.
The DNS administrative console appears.
- In the console tree, right-click your zone, then click Properties.
The Zone Properties dialog box appears, as illustrated in Figure 8.3.
- In the Allow Dynamic Updates list box, click Yes.
- Click OK to close the Zone Properties dialog box.
- Close the DNS administrative console.
Working with Servers
Because DNS servers are of critical importance in most environments, it is important to continually monitor them. In this lesson, you will learn how to manage and monitor your DNS servers. In addition, you will learn how to implement a caching-only server.
Overview of DNS Servers and Caching
As DNS servers process client queries using recursion or iteration, they discover and acquire a significant store of information about the DNS name space. The server then caches this information. Caching provides a way to speed the performance of DNS resolution for subsequent queries of popular names while substantially reducing DNS-related query traffic on the network.
As DNS servers make recursive queries on behalf of clients, they temporarily cache resource records. Cached resource records contain information obtained from DNS servers that are authoritative for DNS domain names learned while making iterative queries to search and fully answer a recursive query performed on behalf of a client. Later, when other clients place new queries that request resource record information matching cached resource records, the DNS server can use the cached resource record information to answer them.
When information is cached, a Time to Live (TTL) value applies to all cached resource records. As long as the TTL for a cached resource record does not expire, a DNS server can continue to cache and use the resource record again when answering queries by its clients that match these resource records. Caching TTL values used by resource records in most zone configurations are assigned the minimum (default) TTL, which is set in the zone's SOA resource record. By default, the minimum TTL is 3600 seconds (1 hour), but can be adjusted or, if needed, individual caching TTLs can be set at each resource record.
Implementing a Caching-Only Server
Although all DNS name servers cache queries that they have resolved, caching-only servers are DNS name servers that only perform queries, cache the answers, and return the results. They are not authoritative for any domains and the information that they contain is limited to what has been cached while resolving queries. The benefit provided by caching-only servers is that they do not generate zone transfer network traffic because they do not contain any zones. However, there is one disadvantage: When the server is initially started, it has no cached information and must build up this information over time as it services requests.
- Install the DNS Server service on the computer.
It is strongly recommended that, when operating the computer as a DNS server, you manually configure TCP/IP and use a static IP address.
- Do not configure the DNS server to load any zones.
A caching-only DNS server can be valuable at a site where DNS functionality is needed locally but it is not administratively desirable to create a separate domain or zone for that location. Caching-only DNS servers do not host any zones and are not authoritative for a particular domain. They are DNS servers that build a local server cache of names learned while performing recursive queries on behalf of their clients. This information is then available from its cache when answering subsequent client queries.
- Verify that server root hints are configured or updated correctly.
No comments:
Post a Comment