Post on 18-Jan-2016
description
Windows Server 2003DNS 新增功能
林寶森jeffl@ms11.hinet.net
2003 DNS 的新增功能• Stub Zone
• Conditional Forwarding
• Local Subnet Priority
• Round-robin Rotation
• Disabling Recursion
• Store DNS Data in Application Partition of Active Directory
Fully Qualified Domain Name
• FQDN = Host Name + Domain Name
• Example: www.abc.com.tw– www is Host Name– abc.com.tw is Domain Name
What is a DNS Zone?
abc.com.twabc.com.tw
westwestsouthsouth
supportsupportsalessales trainingtraining
northnorth
What Are DNS Zone Types?
Zones Description
Primary
Read/write copy of a DNS database
Secondary
Read-only copy of a DNS database
Stub
Copy of a zone containing limited records
Read/Write
Read-Only
Copy oflimitedrecords
Multiple Domain 的名稱解析• Windows 2000 Server
– 公司自行成立 DNS Root Server ,所有的 DNS Server 皆修改 Root Hints 指向公司的 Root Server 。
– DNS Server 互相做對方的 Secondary– DNS Server 互相 Forwarding
• Windows Server 2003– Stub Zone– Conditional Forwarding
Server Default Preferences
Property Default setting
Disable recursion Off
BIND secondaries On
Fail on load if bad zone data Off
Enable round robin On
Enable netmask ordering On
Secure cache against pollution On
Name checking Multibyte (UTF8)
Load zone data on startup From Active Directory and registry
Enable automatic scavenging Off
DNS Server RolesRole Situation
Caching-only servers
A remote office has a limited amount of available bandwidth
Non-recursive servers
You have Internet-facing DNS that are authoritative for one or more zones
Forward-only servers
You want to manage the DNS traffic between your network and the Internet
Conditional forwarders
You want DNS clients in separate networks to resolve each others’ names without having to query the DNS server on the Internet
Using Caching-Only Servers• Perform name resolution on behalf of client computers and
cache the results• Can be used to reduce DNS-related traffic across a WAN
Caching-OnlyDNS ServerClient
Client
Client
Remote Office
DNS Server
Corporate Headquarters
Slow WAN Link
NSLOOKUP 指令• set OPTION - set an option
[no]recurse - ask for recursive answer to query
domain=NAME - set default domain name to NAME
type=X - set query type (ex. A, ANY, CNAME, MX, NS)
querytype=X - same as type
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
• server NAME- set default server to NAME• ls [opt] DOMAIN - list addresses in DOMAIN
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A, CNAME, MX, etc.)
用 NSLOOKUP 解決下列問題
• 使用者抱怨有些網站無法連結• 廠商或客戶連不上公司網站• 廠商或客戶的電子郵件寄不過去• 廠商或客戶的電子郵件收不到• 強迫別人的 DNS 學習的方式
電子郵件無法傳遞時• 自家的 DNS Server 是否能夠查到對方的記錄 ?• 自家的 Mail Server 是否能連線對方的 Server?• 兩邊的 Mail Server 頻寬是否足夠 ?• 對方是否有對 Mail Server 做反向查詢驗證 ?• 對方是否有設 Block List?• 收件者是否存在 ? 是否超過收件者人數上限 ?• 郵件是否超過可接受之大小 ? 是否中毒 ?• 啟動 Mail Server 的 Log 功能以檢查詳細過程
改善收信的狀況• External DNS 委外• 架設多台 Mail Server 及 Mail Relay
MX 10 mail1.nwtraders.msft
MX 10 mail2.nwtraders.msft
MX 20 mail.seed.net.tw
MX 30 mail.uu.net
• 租用 ETRN 服務• 租用 Mailbox 服務