Thursday, February 24, 2011

Planning DNS


Planning DNS

Domain Name System (DNS) is the primary method for name resolution in Windows Server® 2008 and for other versions of Microsoft® Windows® operating systems, such as Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. DNS is a requirement for deploying the Active Directory Domain Services (AD DS) server role. Integrating DNS with AD DS makes it possible for DNS servers to take advantage of the security, performance, and fault-tolerance capabilities of AD DS.
Typically, you organize your DNS namespace (that is, the association of domains, subdomains, and hosts) in a way that supports your plan for using AD DS to organize the computers on your network.

Understanding the DNS namespace

The following illustration shows how the DNS namespace is organized.


A DNS name consists of two or more parts separated by periods, or "dots" (.). The last (rightmost) part of the name is called the top-level domain (TLD). Other parts of the name are subdomains of the TLD or another subdomain. The names of the TLDs are either functional or geographical. Subdomains usually refer to the organization that owns the domain name.
Functional TLDs suggest the purpose of the organization that has registered a subdomain in the TLD. The following table shows some of the most common functional TLD names.

Functional TLD
Typically used by …
.com
Commercial entities, such as corporations, to register DNS domain names
.edu
Educational institutions, such as colleges, and public and private schools
.gov
Government entities, such as federal, state, and local governments
.net
Organizations that provide Internet services, such as Internet service providers (ISPs)
.org
Private, nonprofit organizations

Geographical TLDs indicate the country or region where the organization that registered the domain is located. For example, an organization that wants to show that it is located in Canada registers its Internet domain name in the .ca TLD, and an organization that wants to show that it is located in Brazil registers its Internet domain name in the .br TLD.
Most organizations that want to have an Internet presence for a Web site or that want to send and receive e-mail messages, for example, register an Internet domain name that is a subdomain of a TLD. Usually, they choose a subdomain name based on their organization's name, such as contoso.com or treyresearch.net. Most small organizations work with their Internet service provider (ISP) to register their domain name, although you can also register your domain name directly with a registrar that is listed at InterNIC (http://www.internic.com/regist.html).
Registering an Internet domain name reserves the name for the exclusive use of the organization and configures DNS servers on the Internet to provide the appropriate IP address when those servers are queried for that name. That is, it creates the equivalent of a telephone directory entry for the Internet domain name. But instead of providing a telephone number for the name, it provides the IP address that a computer requires to access the computers in the registered domain.
The DNS namespace is not limited to only the publicly registered Internet domain names. Organizations that have networks with their own DNS servers can create domains for their internal use. As the next section explains, these internal DNS namespaces can be—but are not required to be—subdomains of a public Internet domain name.

Designing a DNS namespace

You can design an external namespace that is visible to Internet users and computers. You can also design an internal namespace that is visible only to users and computers that are in your internal network.
Organizations that require an Internet presence and an internal namespace must deploy both an internal and an external DNS namespace and manage each namespace separately. In this case, we recommend that you make your internal domain a subdomain of your external domain. For example, an organization that has an external domain name of contoso.com might use the internal domain name corp.contoso.com. Using an internal domain that is a subdomain of an external domain has the following advantages:
·      Requires you to register only one name with an Internet name authority even if you later decide to make part of your internal namespace publicly accessible.
·      Ensures that all of your internal domain names are globally unique.
·      Simplifies administration by enabling you to administer internal and external domains separately.
·      Allows you to use a firewall between the internal and external domains to secure your DNS deployment.
If you want to deploy an AD DS domain for each division in your organization, you can use your internal domain as a parent for additional child domains that you create to manage those divisions. Child domain names are immediately subordinate to the domain name of the parent. For example, a child domain for a manufacturing division that you add to the us.corp.contoso.com namespace might have the domain name manu.us.corp.contoso.com.

Creating an Internet DNS domain name

An Internet DNS domain name has a TLD name, such as .com, .org, or .edu, and a unique subdomain name that the domain owner chooses. For example, a company named Contoso Corporation would probably choose contoso.com as its Internet domain name.
Before you register an Internet DNS domain, conduct a preliminary search of the Internet to confirm that the DNS domain name that you want to use is not already registered to another organization. If the domain name that you want to use is available, contact your Internet service provider (ISP) to confirm that the domain name is available and to help you register your domain name. Your ISP might set up a DNS server on its own network to host the DNS zone for your domain name or it might help you set up a DNS server on your network for this purpose.

Creating internal DNS domain names

For your internal domains, create names that are related to your registered Internet DNS domain name. For example, if you register the Internet DNS domain name contoso.com for your organization, use a DNS domain name such as corp.contoso.com for the internal, fully qualified DNS domain name and use CORP as the NetBIOS name.
If you want to deploy DNS in a private network, but you do not plan to create an external namespace, you should still register the DNS domain name that you create for your internal domain. If you do not register the name, and you later attempt to use it on the Internet or you use it to connect to a network that is connected to the Internet, the name might be unavailable.

Creating DNS computer names

When you create DNS names for the computers on your network, develop and follow a logical DNS computer-naming convention. This makes it possible for users to remember easily the names of computers on public and private networks, which facilitates access to network resources.
Use the following guidelines when you create DNS names:
·      Select computer names that are easy for users to remember.
·      Identify the owner of a computer in the computer name.
For example, andrew-dixon indicates that Andrew Dixon uses the computer, and pubs-server indicates that the computer is a server that belongs to the Publications department.
·      As an alternative, select names that describe the purpose of the computer.
For example, a file server named past-accounts-1 indicates that the file server stores information related to past accounts.
·      Do not use capitalization to convey the owner or purpose of a computer.
DNS is not case sensitive.
·      Match the AD DS domain name to the primary DNS suffix of the computer name.
The primary DNS suffix is the part of the DNS name that appears after the host name.
·      Use unique names for all computers in your organization.
Do not assign the same computer name to different computers in different DNS domains. For example, do not use such names as server1.acct.contoso.com and server1.hr.contoso.com. Also, do not use the same computer name when a computer is configured to run different operating systems. For example, if a computer can run Windows Server 2008 or Windows Vista, do not use the same computer name for both operating systems.
·      Use ASCII characters to ensure interoperability with computers running versions of Windows earlier than Windows 2000.
For computer and domain names, use only the characters A through Z, 0 through 9, and the hyphen (-). Do not use the hyphen as the first character in a name.
In particular, the following characters are not allowed in DNS names:
·      comma (,)
·      tilde (~)
·      colon (:)
·      exclamation point (!)
·      at sign (@)
·      number sign (#)
·      dollar sign ($)
·      percent sign (%)
·      caret (^)
·      ampersand (&)
·      apostrophe (')
·      period (.), except as a separator between names
·      parentheses (())
·      braces ({})
·      underscore (_)
·      The number of characters in a name must be between 2 and 24.
·      Avoid nonstandard TLDs such as .local. Using a nonstandard TLD will prevent you from being able to register your domain name on the Internet.

No comments:

Post a Comment