Information Technology Reference
In-Depth Information
After GNZ support is enabled, you create a new zone that can be (but need not be) Active
Directory integrated and named GlobalNames (not case sensitive). Dynamic updates should be
disabled because GNZ doesn't support DDNS. For each host to be accessed with a single-label
name, create a CNAME record in the GNZ that references the host's A record. You must enable
GNZ support on each server to which the zone is replicated.
Advanced DNS Server Settings
So far, you have focused on DNS zone creation and configuration—and rightly so because
zones are where all the data is and where most DNS configuration takes place. However, you
should be familiar with several DNS server settings to configure an optimal DNS environ-
ment and solve DNS problems when they occur. The following settings are discussed in this
section:
• Forwarders
• Root hints
• Round robin
• Recursion
• Debug logging
DNS Forwarders
Forwarders were defined previously in “DNS Server Roles,” but this section goes into more
detail on when to configure and use them. Recall how a typical DNS query is processed: A DNS
server receives a lookup request from a client and, if it's unable to satisfy the request, a recursive
query ensues, starting with a root server. This process works well, but in situations such as the
following, referring the query to a forwarder is more efficient:
When the DNS server address for the target domain is known —Suppose a company has
a department working on highly confidential research, and this department is segmented
from the rest of the network by routers and firewalls. This department maintains its own
domain controllers and DNS servers that aren't part of the organization's domain.
However, department members often need access to resources on the corporate servers. In
addition, the research department's DNS servers aren't permitted to contact the Internet.
For computers in this department network to resolve names for corporate resources, a for-
warder can be configured on its DNS server that points to a corporate DNS server. The
corporate DNS server not only resolves queries for corporate domain resources, but also
performs recursive lookups for external domains on behalf of the research department's
DNS server.
When only one DNS server in a network should make external queries —A network
consisting of several DNS servers might want to limit external queries to a single DNS
server. This strategy has several benefits. First, network security can be enhanced by
limiting exposure to the Internet to only one server. Second, because a single server is
making all the queries to Internet domains, overall DNS performance can be enhanced
because the server builds an extensive cache of Internet names. To use this strategy, all
DNS servers on the network, except the actual forwarder, should be configured with
the forwarder.
When a forest trust is created —Windows requires DNS name resolution between the two
forests involved in a trust relationship. Configuring conditional forwarders in the forest
root name servers of both forests that point to each other is a good way to accomplish
this.
When the target domain is external to the network and an external DNS server's address
is known —A company running a small network with limited bandwidth might find that
 
Search WWH ::




Custom Search