Microsoft wizards have been created to handle most of the mainstream tasks in creating zones, securing DNS, handling forward lookups and zone transfers. In general, the average user will find the configuration of DNS in .NET a little simpler. The more advanced user will still have access to the Microsoft Management Console (MMC) interface and Active Directory tools needed for more complex installations. What exactly is a DNS server's function in Windows 2000?
Domain Name Service (DNS) is name resolution for Windows 2000 systems. However, when you consider Windows 2000 Active Directory, its importance elevates. The DNS hierarchy in an enterprise serves as a foundation for the Active Directory hierarchy. Windows 2000 uses DNS to publish the Active Directory services so that other Windows 2000 systems can easily locate these services, regardless of where they are located in the enterprise. Poorly designed DNS systems, hierarchy and zone transfer sets are the cause of much pain in an AD administrator's life. Has working with DNS changed in .NET Server? If so, how?
Primarily speed. The .NET Servers (RC1) so far have been able to handle much more traffic than their Windows 2000 counterparts. The interface and operation otherwise does not appear to have changed much. What are some of the common challenges when integrating DNS into a newly upgraded Windows 2000/Active Directory infrastructure?
Preparation is a big key! Properly configured DNS zones are very important. Once you have defined your Windows 2000 Active Directory, it will be complex and painful to try to change the name. Also, improper configuration of the DNS zones and hierachy can lead to security exposures. One of the non-technical issues is that traditionally Unix administrators were the owners and operators of DNS. Windows administrators must now education themselves on DNS, as well as convince Unix admins to adjust the DNS to better suite Windows. Often political issues arise. What do you consider to be the best configuration when setting up DNS on a Windows 2000 network?
Anyone who answers this question with a configuration is just wrong. DNS configurations on a Windows 2000 network must be designed specifically to suit the business's computing environment. Multiple domains, multiple geographical locations, Internet presence and even business organizational structures all have profound impact on the DNS hierarchy. Some general rules should be that the DNS structure is as simple as possible and limits the exposure of internal DNS to external influences and risks. What are some ways of making a DNS server secure?
Considering that dynamic updates are very desirable and also carry an inherent security risk, it is typically good practice to separate the DNS servers that carry external zones from those that carry internal zones. The externally facing DNS servers will not allow direct dynamic updates and remain relatively static. The internal DNS servers will allow dynamic updates (and if Windows systems, only secure updates). Usually the external systems will be of the Unix variety, a historical fact since Unix has been running DNS for much longer. The internal servers will be Windows 2000 so that Active Directory will be better served. Generally, you will not want to perform zone transfer between the two (external and internal) DNS systems. The external DNS will simply delegate the internal zone to the Windows systems.