Root Hints and Forwarders
There are two ways to direct DNS queries out of your organization: root hints and DNS forwarders. Root hints are simply pointers to DNS servers that are higher in the DNS hierarchy, sometimes to the most authoritative DNS servers on the Internet. Root hints are used to configure servers that are authoritative for non-root zones such that they can discover authoritative servers that manage domains located at a higher level of the namespace or in other subtrees. The best use of root hints is on internal DNS servers at lower levels of the namespace. Root hints should not be used for querying DNS servers outside your organization; DNS forwarders are better equipped for performing this function.
DNS forwarders are DNS servers on your network that are used to forward DNS queries for a separate DNS namespace from internal DNS clients to DNS servers that can resolve the query. In a manner of speaking, the key difference between root hints and forwarders is that forwarders create a chain of DNS servers that ascend the DNS hierarchy, while root hints shoot right for the top. You designate a DNS server on a network as a forwarder by configuring the other DNS servers in your network to direct those queries that cannot be resolved to that particular server. A DNS forwarder is the sole means for enabling name resolution for host names in external namespaces, notably the Internet. It can also improve the efficiency of name resolution by offloading the processing of queries to other DNS servers, rather than performing some very resource intensive, constant replication of external namespaces. A new DNS feature that was introduced with Windows Server 2003 is Conditional Forwarding, which uses forwarders that can be configured to forward queries according to specific domain names to make name resolution more efficient.
In Windows Server 2003, there is a new method of forwarding queries to an external domain for resolution, Conditional Forwarding. Conditional forwarders can be configured to forward DNS queries based on specific domain names. With conditional forwarders, a DNS server can forward queries to specific DNS servers based on the specific domain names that are being requested within the queries instead of having the DNS servers follow the typical resolution path all the way to the root domain. A conditional forwarder forwards only queries for a specific domain that is specified in the forwarders list. If a conditional forwarder entry does not exist, the query will be sent to the default forwarder. Conditional forwarders improve upon regular forwarding by adding a name-based condition to the forwarding process. For example, Name Resolution University is partnering with Acme DNS Software. Name Resolution University and Acme DNS Software inform each other of the names of their respective DNS
servers to include in each others' DNS. The result is that when users on Name Resolution University's network need to query for resources on Acme DNS Software's network, conditional forwarding routes these queries directly to Acme DNS Software's DNS server. All other queries will go follow the conventional path for resolving names (that is, up to the authoritative DNS server for the root top-level domain, if necessary).
When a DNS client sends a query to a DNS server, the DNS server looks at its own database to see if the query can be resolved using its own zone data. The server will also examine its cache of resolved queries and send the data back to the client that sent the query. If the DNS server is configured to forward for the domain name designated in the query, the query is forwarded to the IP address of the DNS forwarder that is associated with that domain name. If the DNS server has no forwarder listed for the name designated in the query, it attempts to resolve the query using standard recursion.You can use conditional forwarders to enhance and improve upon both internal and external name resolution.
Warning_
Remember that with a stub zone, certain records exist on the DNS server hosting the stub zone, whereas a conditional forwarder is used to forward DNS resolutions to specific DNS servers based on domain name.
In planning your DNS namespace, you will encounter situations in which you might need to use any of the types of forwarders that we discussed. The way you configure your forwarders within your environment will affect how well queries are answered. If your forwarding scheme is poorly designed, it will affect your ability to properly direct and resolve these queries. For this reason, you need to consider some issues prior to implementing forwarders into your environment:
■ Keep it simple Implement only as many forwarders as necessary for optimum resolution performance. If possible, don't overload internal DNS servers with dozens of DNS forwarders. Keep in mind that every time a DNS server attempts to process a query, it first attempts to resolve it locally, and then forwards it sequentially through its list of known DNS forwarders.This creates additional overhead by using system resources to complete the query request.
■ Balance is key One common mistake in using DNS forwarders is pointing multiple internal DNS servers to a single, external DNS forwarder. This practice simply creates a bottleneck within your environment. To keep a DNS forwarder from becoming a bottleneck—and a single point of failure—consider creating more than one DNS forwarder and load-balance your forwarding traffic.
■ No "chains of love" Unless it is completely unavoidable, do not chain your DNS servers together in a forwarding configuration. In other words, if you are configuring your internal DNS servers to forward requests for www.learn-aboutdns.com to server X, do not configure server X to forward requests for
www.learnaboutdns.com to server Y, and so on. Doing so will just create additional overhead and increase the amount of time it takes to resolve a query.
■ Know your forwarders In our discussion of conditional forwarders, we mentioned how they could be used for Internet resolution outside your environment. If you plan to use conditional forwarders in this manner, make sure that you know where these forwarders are and who is managing them. For example, make sure that company XYZ is not using a third-party DNS hosting company (such as www.mydns.com) to host their DNS names.You must also be sure you trust your forwarders to be available and that their IP addresses do not change. These servers can potentially be anywhere in the world and run by any number of people.
■ Remember the big picture Keep your entire infrastructure in mind when you are configuring a forwarding scenario. In our Name Resolution University example, it wouldn't make sense to forward requests from the Vancouver office to the Halifax office, considering that the query would have to cross North America. Since there are other network "hops" between Vancouver and Halifax, this would be inefficient. Examine your network bandwidth prior to implementing DNS forwarders, and even when sufficient bandwidth exists, try to keep your DNS forwarders in the same physical location as your internal DNS servers.
By following these simple guidelines, you will make client query requests much more streamlined and avoid creating administration nightmares for yourself.
Related posts
-
Active Directory Integrated versus Primary Zones Designing Infrastructure Windows Server 2003
- Setting the DHCP Lease Duration Designing Infrastructure Windows Server 2003
- Replication Designs Designing Infrastructure Windows Server 2003
- Understanding the Default Policy Designing Infrastructure Windows Server 2003
- Active Directory Sizer Tool Designing Infrastructure Windows Server 2003
Post a comment