06-为活动目录域服务配置DNS
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
3
4 5 6
Integrating Service Locator Records and AD DS Sites
Local DNS Server
NYC-DC1 NYC Site
MIA-DC1 Miami Site
Lesson 2: Configuring AD DS Integrated Zones
1
2
3
4
5
5
Windows Server 2008 Windows Vista Windows XP
How Secure Dynamic DNS Updates Work
A secure dynamic update is accepted only if the client has the proper credentials to make the update
1
DNS Server Resource Records
Client sends SOA query
2
3 4
DNS server sends zone name and server IP address
Client verifies existing registration DNS server responds by stating that registration does not exist Client sends dynamic update to DNS server
protocol.service.name TTL class type priority weight
Example of an SRV record
port target
_ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den-dc1.contoso.msft
To all domain controllers in the AD DS domain Domain Config Schema DomainDNSZone ForestDNSZones CustomApp To all domain controllers in the replication scope for the application partition
What Are Application Partitions in AD DS?
The AD DS database is divided into directory partitions, with each directory partition replicated to specific domain controllers • A DNS zone can be stored in the domain partition or in an application partition • Administrators can define the replication scope of custom application partitions • DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data
What Are Service Locator Records?
SRV resource records allow DNS clients to locate TCP/IPbased Services. SRV resource records are used when:
• A domain controller needs to replicate changes • A client computer logs on to AD DS
Lesson 3: Configuring Read-Only DNS Zones
• What Are Read-Only DNS Zones? • How Read-Only DNS Works • Discussion: Comparing DNS Options for Branch Offices
How Service Resource Locator Records Are Used
1 2
Locator initiates a call to Net Logon service
Locator collects information about the client Net Logon uses the information and queries DNS for SRV resource records Net Logon tests connectivity to target servers Domain controllers respond, indicating that they are operational Net Logon returns the information to clients
AD DS integrated zones store DNS zone data in the AD DS database
Benefits of using AD DS integrated zones:
• Replicates DNS zone information using AD DS replication • Supports multiple master DNS servers • Enhances security • Supports record aging and scavenging
When a domain controller with Active Directory-integrated DNS zones starts, it:
• Enumerates all zones to be loaded • Loads root hints from files or AD DS servers • Loads all zones that are stored in files rather than in AD DS • Begins responding to queries and RPCs • Starts one or more threads to load the zones that are stored in AD DS
• A sub domain of the external
name space
• A different name space where the
domain and local are different names
WoodgroveBank.com Corp.WoodgroveBank.com Woodgrovecorp.com
AD DS domain names must use DNS names
• The same name space
You can integrate an AD DS domain name with the external name space by using:
WoodgroveBank.com
Domain Domain Config Schema App1 Domain Config Schema Config Schema App1 App2
Options for Configuring Application Partitions for DNS
DNS information can be stored in a variety of application partitions
Module 6: Configuring Domain Name Service for Active Directory® Domain Services
Module Overview
• Overview of Active Directory Domain Services and
DNS Integration
• A DNS zone as AD DS integrated • Dynamic updates on DNS zones • Dynamic update settings on a network connection • Secure dynamic updates
How Background Zone Loading Works
Domain Controllers
• How Service Resource Locator Records Are Used
• Integrating Service Resource Locator Records and
AD DS Sites
AD DS and DNS Namespace Integration
Demonstration: SRV Resource Records Registered by AD DS Domain Controllers
In this demonstration, you will see how to view and manage the SRV resource records registered by domain controllers
• A user attempts to change his or her password • An Exchange 2003 server performs a directory lookup
• An administrator modifies AD DS
SRV record syntax:
• How Secure Dynamic DNS Updates Work
• Demonstration: Configuring AD DS Integrated Zones • How Background Zone Loading Works
What Are AD DS Integrated Zones?
• What Are AD DS Integrated Zones? • What Are Application Partitions in AD DS? • Options for Configuring Application Partitions
for DNS
• How Dynamic Updates Work
Windows Vista DNS Client
Local DNS Server
Domain Controller with Active Directory Integrated DNS Zone
Demonstration: Configuring AD DS Integrated Zones
In this demonstration, you will see how to configure:
• Configuring AD DS Integrated Zones
• Configuring Read-Only DNS Zones
Lesson 1: Overview of Active DireБайду номын сангаасtory Domain Services and DNS Integration
• AD DS and DNS Namespace Integration • What Are Service Resource Locator Records? • Demonstration: SRV Locator Records Registered by AD DS
To all domain controllers that are DNS servers in the AD DS domain
To all domain controllers that are DNS servers in the AD DS forest
How Dynamic Updates Work