Configuring DNS for Active Directory - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

• Minimum (default) TTL —This setting specifies a default TTL value for zone data when

a TTL isn't supplied. The TTL value tells other DNS servers that cache records from this

zone how long to keep cached data and should be adjusted according to how often data in

the zone is likely to change. For example, a zone that maintains only static entries for

resources that aren't changed, added, or removed often can specify a high TTL value. If a

zone maintains dynamic records or records for resources that are going online and offline

constantly, this value should be lower. If a redesign of your network will cause many

changes to zone data, this value can be lowered temporarily. Then wait until the previous

TTL time has elapsed before making the changes. This way, servers caching records that

will be changed don't store them very long. The TTL set on resource records overrides this

default value, which is 1 hour.

Name Server Records

NS records specify FQDNs and IP addresses of authoritative servers for a zone. A typical con-

figuration with Active Directory-integrated zones has an NS record for each domain controller

configured as a DNS server in the domain or forest, depending on the scope of zone replication.

NS records are also used to refer DNS queries to a name server that has been delegated

authority for a subdomain. For example, com TLD servers refer queries for resources in the tech-

net.microsoft.com subdomain to a DNS server that's authoritative for the microsoft.com

domain. The microsoft.com domain name server can then refer the query to another DNS server

that has been delegated authority for the technet subdomain of microsoft.com. Subdomains need

not be delegated; they can simply be created under the zone representing their parent domain. If

the subdomain has many resources and traffic on it is heavy, however, zone delegation (explained

in more detail in the next section) is a wise approach.

An NS record technically consists of just the name server's FQDN, but for the name to be

useful, there must be a way to resolve it to an IP address. DNS does this with a glue A record ,

which is an A record containing the name server's IP address. In DNS Manager, glue records are

created automatically, if possible, by a DNS lookup on the NS record's FQDN; they don't appear

as an A record anywhere in the zone database. Figure 9-13 shows the interface for creating and

Figure 9-13

The Name Servers tab

Search WWH ::

Custom Search

Home