Planning a DNS Name Resolution Strategy

Module Planning a DNS Name Resolution Strategy

Introduction
DNS is the most commonly used name resolution method. Internet names are assigned based on the DNS. A DNS plan involves various stages that includes determining requirements for DNS servers, zones and security. The module covers the following 8 lessons: Lesson 1 Determining Name Resolution Requirements explains the different names that can be resolved. It also explains the DNS requirements for a network. Lesson 2 Planning a DNS Server Implementation explains the activities involved in creating a plan for installing DNS servers in the network. Lesson 3 Planning a Server Implementation explains the components of a namespace plan and the best practices and guidelines for creating the namespace plan. Lesson 4 Planning Zones explains the different types of zones and zone locations. It also explains the zone security considerations and guidelines for planning a zone. Contd..
2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Module Planning a DNS Name Resolution Strategy

Overview (contd.)
Lesson 5 Planning Zone Replication and Delegation explains the reasons for creating secondary zones and the principles involved in planning a zone transfer and delegation. Lesson 6 Integrating DNS and WINS explains the principles of integrating WINS and DNS and the best practices that are used for WINS integration. Lesson 7 Planning DNS Security explains the threats that can affect DNS and the tools provided by Windows Server 2003 to secure the DNS service. Lesson 8 Troubleshooting Name Resolution explains the methods to optimize DNS performance. It also explains troubleshooting name resolution problems in DNS.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 1 Determining Name Resolution Requirements

Introduction
Name resolution is a very important function for Internet communications. When you are planning your network infrastructure, you should plan the name resolution methods for the network. In this lesson, you will learn about : Defining Name Resolution Types of Names to be Resolved Determining DNS Requirements NetBIOS Names Local Host Name Resolution

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Defining Name Resolution

Name resolution is a process of converting a computer name to an address.
Example of a name resolution IIHT Web site address is www.iiht.com and its IP address is 172.68.1.1.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Types of Names to be Resolved

Before planning a name resolution strategy, the types of names that are to be installed should be determined. This topic explains the types of names to be resolved.
Name types that require resolution Network Basic Input/ Output (NetBIOS) names Domain Name System (DNS) names

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Determining DNS Requirements

DNS requirements depend on the applications and domains hosted on a network. The following are the thumb rules to determining DNS requirements:
Either use DNS servers provided by ISP or install your own DNS servers for the network. If you host an Internet domain on the network, you will have to configure the domain with a second-level name. If you host a Web server on the network, you will have to register a first-level name. If you are running Active Directory services on the network, you will have to install a DNS server on the network
2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 4 NetBIOS Names

NetBIOS names are used by computers that run on Windows operating systems released before Windows 2000. The following are traits of NetBIOS names:
Used by computers that run on Windows operating systems released before Windows 2000. Not hierarchical in its design. Intended for private networks and not for Internet

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 5 Local Host Name Resolution

The Lmhosts and Hosts files is a standby method for resolving local host names
The Lmhosts and Hosts files are created on a computer to store important name resolution information. This method is rarely used.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 2 Planning a DNS Server Implementation

Introduction
After determining the DNS requirements, you must plan the DNS server requirements. Planning a DNS server involves a list of activities. In this lesson, you will learn about : Planning DNS Server Capacity DNS Server Requirements Placing DNS Servers in the Network Determining the Number of DNS Servers

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Planning DNS Server Capacity

This topic lists the factors to be considered in planning a DNS server capacity. These are:
Number of zones in the network Size of the zone. The size of the zone can be computed based on the size of the zone file or the number of resource records that are used in the zone Number of IP address assigned for the DNS server Number of clients that have to be serviced by a DNS server

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 DNS Server Requirements

This topic explains methods of arriving at DNS server requirements. These are:
Review sample DNS server performance test results -Developments and testing teams for Windows Server 2003 DNS provide these result. Use Windows Server 2003 monitoring tools.- DNS server-related counters provides performance measurements for the DNS servers

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Placing DNS Servers in the Network

This topic explains the factors to be considered in placing DNS servers in the network. These factors are:
Client access Number of subnets in the network Making available an alternate DNS server as a backup Ensuring that if DNS servers on a particular subnet fail, DNS requests of the subnet clients are routed to a DNS server on a different subnet Ensuring that a DNS server installed to support Active Directory can also service other DNS functions of the network.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 4 Determining the Number of DNS Servers

This topic explains the factors to be considered in determining the number of DNS servers to be placed on the network. These factors include
Traffic load on the DNS server Number of subdomains in the network namespace Use of Active Directory Service Requirement for backup servers Balancing network traffic

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 3 Planning a Namespace Strategy

Introduction
A namespace plan includes selecting names for the computers on the network. The functioning of the internal and external network must be taken into account when creating the namespace plan. In this lesson, you will learn about : Selecting a domain name Options available for DNS Namespace Best practices for namespace planning Guidelines for planning a namespace

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Selecting a Domain Name

This topic explains the types of domains and the factors to be considered in creating a domain.
Domain Types External Domain Internal Domain Thumb rules for setting up external domain names Register multiple second level domains Register a single second level domain and create multiple sub-domains under it Thumb rules for setting up internal domain names Keep domain names short, avoid names that are difficult to spell Do not have a number of domain levels Avoid abbreviations that cannot be easily understood Design a proper DNS name that you do not have to change. Replacing existing DNS names is a difficult task.
2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Options Available for DNS Namespace

There are different ways by which you can create a DNS namespace for your internal and external networks. This topic explains the following options which are available for creating a DNS namespace:
Using the same DNS Namespace Using separate domain names Using a subdomain for the internal network

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Best Practices for Namespace Planning

This topic explains the best practices for planning a namespace. These include:
Use unique names throughout the organization namespace Do not overlap internal and external domains Create Active Directorycompatible namespace, if the network uses Active Directory features or plans to use in the future

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 4 Guidelines for Planning a Namespace

This topic provides the guidelines for planning a namespace for a network. These are:
Select a DNS namespace for your domain Create separate namespaces for internal and external use Install separate servers for internal and external namespace

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 4 Planning Zones

Introduction
In a DNS plan, it is necessary that you decide the creation of zones in the environment. Decisions have to be taken for the type of zones and also their storage locations. These decisions will influence the placement of DNS servers in the network. In this lesson, you will learn about : Selecting Zone Types Selecting a Zone Data Location Considerations for Zone Security Guidelines for Zone Planning

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Selecting Zone Types

This topic explains the different zone types that are used to synchronize zone information located in different servers. Zone types:
Primary Zone this is the first zone created by the user to store DNS records. Secondary Zone this is the second zone which copies records from the primary zone. Stub Zone this zone is created to store the name server records, that is, the IP address of the DNS server

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Selecting a Zone Data Location

This topic explains the factors to be considered in selecting a zone data location. Location options and their advantages are:
Active Directory-integrated DNS server - allows you to make updates in the DNS records on any server. Changes are reflected in all servers Traditional DNS server - mainly used to integrate with an already existing system

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Considerations for Zone Security

After planning zone type and storage location for the network, you will have to plan the security for the zones. This topic explains the measures to be adopted for zone security. To ensure security, you can
Allow only DHCP servers to update DNS server records Secure dynamic updates by using the Active Directory security features. Assign of zone permissions to users or groups in the Active Directory

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 4 Guidelines for Zone Planning

This topic explains the guidelines to be followed when planning zones for DNS service on the network. Before zone planning, determine:
Type of zone for the DNS Storage location for the zone data Integration process of DNS with WINS, if required Security requirements for the zone

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 5 Planning Zone Replication and Delegation

Introduction
DNS is a service that is mostly required by all network users. To make the service available to all network users, you have to install multiple servers on the network. The DNS namespace is then managed by creating zones. In this lesson, you will learn about : Creating a secondary zone Transfer and replication of zones Security measures for zone transfers Delegating zones Guidelines for zone replication and delegation

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Creating a Secondary Zone

This topic explains reasons for creating a secondary zone in the network. Reasons for creating a secondary zone:
Providing a backup for the DNS service Reducing network traffic

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Transferring and Replication of Zones

This topic explains the difference between zone transfer and zone replication. The differences are:
Zone transfers occur in traditional DNS zones. In zone transfers, only the primary zone can enable changes to the DNS database. Zone replication occurs in Active Directory-integrated zones. In zone replication, any DNS server can make changes to the DNS database.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Security Measures for Zone Transfer

This topic explains how to secure data during zone transfers. The following guidelines apply:
Restrict zone transfers to only specific servers. The servers should be specified by their IP addresses Use IPSec protocol for protecting the data Use a VPN tunnel for transferring the data from one server to another Use Active Directory for transferring the data.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 4 Delegating Zones

This topic explains the concept of delegating zones and its advantages.
Definition of zone delegation Zone delegation is the process of assigning responsibility of a subdomain a zone Advantages Delegation helps in better management of the namespace Enlarges the namespace by adding more subdomains Helps distribute network traffic among different zone

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 5 Guidelines for Zone Replication and Delegation

This topic provides the guidelines for zone replication and delegation. The guidelines are:
Decide when to create additional zones Decide whether to use zone transfers or zone replication Decide security requirements for the DNS environment Decide whether you need zone delegation in your environment

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 6 Integrating DNS and WINS

Introduction
Before DNS was used as a communications standard, Microsoft networks relied on WINS to resolve the name resolution. WINS operated on NetBIOS names. Even at present, there are computers that use NetBIOS names and as a result require WINS. In this lesson, you will learn about : WINS Integration Modification of Cache Timeout Settings Best Practices of WINS Integration

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 WINS Integration

This topic explains the need for integrating DNS with WINS and the process of WINS integration. WINS integration is required when a network has clients with NetBIOS names and a standard DNS server Integration requirements
Standard DNS servers cannot process NetBIOS names. The network should contain both DNS and WINS servers. A DNS zone that includes WINS must be created. Contd..

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 - WINS Integration

Integration options
Integrating WINS on DNS server
Disadvantages: A request is processed by both services leading to more processor utilization and system degradation

Separate DNS and WINS Servers

Disadvantages: Increase in network traffic between both servers

Integrating DNS on WINS

Request is first processed by DNS. If the name does not match the database record for WINS, it is forwarded to wins for resolution.

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Modification of Cache Timeout Settings

This topic explains the DNS server cache and the procedure to modify the cache timeout value for a DNS zone. Characteristics of DNS cache
Information received by a DNS server is stored in its cache Time for which the information is stored is called Time To Live (TTL) When WINS server data does not change frequently, data stored in the cache can remain for a longer time Results in a faster response and also lesser traffic exchanged between the DNS server and the WINS server

Setting cache timeout value in the DNS console

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 3 Best Practices of WINS Integration

There are many best practices for integrating WINS with DNS. The most important of these are:
Create a subdomain for the WINS server Transfer unresolved DNS queries to a WINS server on the network Configure WINS in the DNS zone

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 7 Planning DNS Security

Introduction
Providing security to the DNS service is a component of the DNS name resolution strategy. There is a risk involved if the data from the DNS server is intercepted by unauthorized users. The enterprise functioning will be affected if DNS service fails. In this lesson, you will learn about : Identifying DNS Security Threats Securing the DNS Server

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Identifying DNS Security Threats

This topic explains the threats against which the DNS system should be protected. Critical DNS threats include
DNS service interruption Denial-of-Service (DoS). IP Spoofing Unauthorized access to DNS data Redirection Footprinting

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Securing the DNS Server

A DNS server has to be protected against all possible threats. The following measures help to protect your DNS server and prevent service interruptions:
Installing backup DNS servers Using Active Directory-integrated DNS Securing DNS server cache Securing Dynamic Updates Limiting DNS network interfaces

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Lesson 8 Troubleshooting Name Resolution

Introduction
It is important that the DNS server that is installed performs to optimum capacity and problems in name resolution are effectively resolved. In this lesson, you will learn about : Optimization of DNS Servers Troubleshooting Name Resolution

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 1 Optimization of DNS Servers

There are several methods to optimize DNS Servers. These include:
Disabling recursion option in Windows Server 2003 Update to the root hints Disabling round robin DNS Disabling priority based IP addresses Modifying cache timeout settings Using caching-only servers Using Extension Mechanisms for DNS (EDNSO) protocol

2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Topic 2 Troubleshooting Name Resolution

Troubleshooting name resolution requires problem identification. The steps in troubleshooting such problems:
First, isolate the problem to the DNS Server. Problems with connectivity could also arise due to other causes such as network connectivity. Check if client is able to ping the server Check whether DNS Service activated If the client computer is able to connect to the DNS server for name resolution, but the resolved names are incorrect, problems could be: Incorrect resource records Failed Dynamic Updates Failed Zone transfers If the DNS server is able to resolve names in its domain and cannot resolve names outside the domain, the problem could be recursion failure.
2006 IIHT Limited

Planning a DNS Name Resolution Strategy

Conclusion
Summary of the module

NetBIOS and DNS are the two types of names that are to be resolved DNS server capacity depends on the number of clients, zones and IP addresses assigned to the DNS server Domains are categorized as internal and external domains Types of zone: Primary zone, Secondary zone and Stub zone Active Directory-integrated DNS service offers a more efficient and secure zone than a traditional DNS server Secondary zones provide zone redundancy and lesser network traffic DNS server is secured by providing DNS server redundancy; using Active Directory services; securing DNS server cache; securing dynamic updates; limiting network interface Possible errors of the DNS server are: Incorrect TCP/IP configurations, problems with the resource records and recursion failures

Question and Answer Session

2006 IIHT Limited