DNS on Windows Server 2003 Paperback – 27 Dec 2003
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Customers Who Viewed This Item Also Viewed
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
About the Author
Cricket Liu matriculated at the University of California's Berkeley campus, that great bastion of free speech, unencumbered Unix, and cheap pizza. He joined Hewlett-Packard after graduation and worked for HP for nine years. Cricket began managing the hp.com zone after the Loma Prieta earthquake forcibly transferred the zone's management from HP Labs to HP's Corporate Offices (by cracking a sprinkler main and flooding Labs' computer room). Cricket was firstname.lastname@example.org for over three years, and then joined HP's Professional Services Organization to cofound HP's Internet Consulting Program. Cricket left HP in 1997 to form Acme Byte & Wire, a DNS consulting and training company, with his friend (and now co-author) Matt Larson. Network Solutions acquired Acme in June 2000, and later the same day merged with VeriSign. Cricket worked for a year as Director of DNS Product Management for VeriSign Global Registry Services. Cricket joined Men & Mice, an Icelandic company specializing in DNS software and services, in September, 2001. He is currently their Vice President, Research & Development. Cricket, his wife, Paige, and their son, Walt, live in Colorado with two Siberian Huskies, Annie and Dakota. On warm weekend afternoons, you'll probably find them on the flying trapeze or wakeboarding behind Betty Blue.
Matt Larson started Acme Byte & Wire, a company specializing in DNS consulting and training, with Cricket Liu in January 1997. Previously, he worked for Hewlett-Packard, first as Cricket's successor as hp.com hostmaster, then as a consultant in HP's Professional Services Organization. Matt graduated from Northwestern University in 1992 with two degrees: a bachelor of arts in computer science and a bachelor of music in church music/organ performance. He lives in Bethesda, Maryland, with his wife, Sonja Kahler, and their two pugs. In his spare time he enjoys playing the 10-rank pipe organ in his house and flying light airplanes. Cricket worked for five and a half years at Hewlett-Packard's Corporate Network Services, where he ran hp.com, one of the largest corporate domains in the world, and helped design the HP Internet's security architecture. Cricket left HP in 1997 to start his own company, Acme Byte & Wire, with his friend and co-author Matt Larson. Network Solutions acquired Acme Byte & Wire in June of 2000, and then subsequently, Network Solutions merged with VeriSign. Cricket became Director of DNS Product Management of the merged company, helping determine which new DNS-related products VeriSign would offer.
Robbie Allen is a Senior Systems Architect in the Advanced Services Technology Group at Cisco Systems. He was instrumental in the deployment and automation of Active Directory, DNS, and DHCP at Cisco. Robbie enjoys working on the Unix and Windows platforms, especially when Perl is installed. He is a firm believer that all system administrators should be proficient in at least one scripting language and most of his writings preach the benefits of automation. Robbie has a web site at www.rallenhome.com.
Excerpt. © Reprinted by permission. All rights reserved.
Chapter 8 - Integrating with Active Directory
"The face is what one goes by, generally," Alice
remarked in a thoughtful tone.
With the release of Windows 2000, Microsoft replaced the Windows NT Security Account Manager (SAM) with Active Directory (AD), which serves as the repository for information about users, groups, computers, and other network resources. In contrast to the SAM, Active Directory is built on several well-known standards including the Lightweight Directory Access Protocol (LDAP) for accessing and manipulating data, Kerberos for authentication, andyou guessed itDNS for name resolution.
In fact, using DNS for name resolution is one of the major improvements of Active Directory over Windows NT, which relied on the Windows Internet Naming Service (WINS). Microsoft made the decision to develop WINS in the early days of Windows NT because, at the time, DNS did not support dynamic update capability, which Microsoft needed for its clients. As a result, many companies had to implement both services: DNS for standard Internet-based name resolution and WINS for the Windows NT environment. This often pitted the NT administrators against the DNS administrators because of the need to maintain two separate namespaces. Over time, dynamic update support was added to DNS, and WINS failed to garner industry supportin no small part because it was a proprietary Microsoft offering.
Even with the opportunity to get rid of WINS, migrating to Active Directory hasnt always resulted in a harmonious union between AD and DNS administrators. While Windows NT had virtually no DNS requirement, Active Directory is at the opposite extreme. It is completely dependent on DNS. If DNS becomes unavailable, clients may fail to authenticate or log in to Active Directory, and domain controllers will not be able to replicate changes throughout the forest. This highly visible dependency on DNS requires that the AD and DNS administrators work closely together (assuming they are in separate groups) and agree on implementation details, which can sometimes be a challenge. It is not uncommon for DNS administrators to be reluctant to delegate part of the namespace for Active Directory, and AD administrators are oftenhesitant to entrust a critical component to another group and forgo the advantages of AD-integrated DNS.
This chapter explores many of the key DNS-related issues you need to be aware of when implementing and supporting Active Directory. We cover how Active Directory uses DNS for service advertisement and domain controller location; and, conversely, how Active Directory can be used to enhance DNS by providing robust replication and security for zone data. We do notin fact, cannot in a single chapter cover the numerous other Active Directory components. For more information on designing, implementing, and automating Active Directory, see Active Directory, Second Edition (OReilly) by our own Robbie Allen. For examples on how to perform common Active Directory administrative tasks, see Active Directory Cookbook (OReilly), also by Robbie.
Active Directory Domains
One of the first issues you have to consider when implementing an Active Directory infrastructure is how many domains you need and what to name them. Active Directory domain names are DNS domain names, butand this is importantnot every DNS domain name is an Active Directory domain name.* So while an organizations Active Directory namespace resembles its DNS namespace, the two dont have to be identical.
The number of domains you create in your forest is largely dependent on your administrative and replication requirements. A domain is mastered by one or more domain controllers, which are servers that have writeable copies of the data (about users, groups, computers, etc.) contained in the domain. Unfortunately, Active Directory is not like DNS, where a single name server can be authoritative for multiple zones. A domain controller can be authoritative only for a single Active Directory domain. To create a new Active Directory domain, you have to install a new domain controlleryour existing domain controllers cannot be used. However, Active Directory uses a multimaster replication system, unlike DNS, and consequently any domain controller can process updates and replicate the changes to the other domain controllers in the domain.
* And every square is a rectangle, but not all rectangles are squares. All registered mail is certified, but not all certified mail is registered. You get the idea.
Domains, Domain Trees, and Forests
Domain trees and forests are two important Active Directory concepts. A domain tree is simply a collection of one or more domains that share a common namespace. The fx.movie.edu and movie.edu domains would be considered part of the movie.edu domain tree; however, the example.com domain, if created after movie.edu, would be in a separate domain tree called example.com. If the domain you create does not contain the full name of the parent domain or forest root domain, it is considered part of a separate domain tree.
A forest is a collection of one or more domain trees. The domains in the movie.edu domain tree and the example.com domain tree could be part of the same forest. A domain tree is based on a common namespace, but a forest is not.
A forest is named after the first domain created in the forest. If movie.edu was the first domain we created, the forest is automatically named movie.edu. We can then create additional domains for fx.movie.edu and example.com all belonging to the movie.edu forest. Another option is to create the example.com domain in its own forest, which has certain implications for user access.
Most Helpful Customer Reviews on Amazon.com (beta)
I have to disagree with reviewer "Santhosh Sivarajan". Just as with the base OS, there weren't huge differences with DNS between 2000 and 2003, but I think this book did a good job in covering the differences. All the major enhancements including conditional forwarding and stub zones were covered in detail. Also, contrary to what Santhosh said, application partitions are covered in depth in the AD chapter.
In short, if you are running Windows Server 2003 DNS, you won't go wrong with this book.
In addition, it covers the basis and "the guts" behind DNS in general irrespective of operating system but of course focuses and drills deep into the application of DNS in the Windows AD NOS. For you UNIX fiends out there, go with its sister book "DNS and BIND" written by the same team.
You can be an absolute novice on DNS or a seasoned systems engineer/administrator and this book will be equally enthralling.
Whether this is your first book on DNS or not, it definitely will be the last one you need to buy...at least until Windows "Longhorn" Server debues in 2007-2008.
And despite one mistaken reviewer's comment: THERE IS FULL COVERAGE of Active Directory Integrated DNS Domain and Forest Zone Application Partitions.
Just buy it,and you will never bat an eye at tackling any DNS issue ever again.
The book doesn't assume much, only that you have some idea about Server 2003 (really, just 2000...they introduce the new features of 2003 in a seamless way that blends the evolving technology together in a way that makes sense).
We all know that DNS and AD are extremely critical pieces of the Windows 2000+ infrastructure, so it's a good idea to know a little bit more about it than the average Corvus albicollis.
Fortunately, this book develops the DNS story in a readable way, with logical organization & topic introduction. There is also quite a bit of hands-on, in the way of configuration and troubleshooting. It makes for a decent lab manual, if you happen to have a domain tree and a couple of DNS servers handy to play with.
Look for similar items by category
- Books > Computing & Internet > Computer Science > Information Systems
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Microsoft Windows > Operating Systems
- Books > Computing & Internet > Microsoft Windows > Windows Administration
- Books > Computing & Internet > Networking & Security > Network Topics
- Books > Computing & Internet > Programming > Languages & Tools
- Books > Computing & Internet > Web Development > Web-server Software > Microsoft