DDNS is a method for clients to send requests to a DNS server to add or delete resource records in a zone. Prior to DDNS, the records were either directly updated via a text based zone file or via a vendor-supported GUI, such as the Windows DNS MMC snap-in. Active Directory takes full advantage of DDNS to relieve the maintenance of resource records.
DNSSec was introduced to secure dynamic updates using public key-based methods. The approach Microsoft takes to providing secure dynamic updates is by using access control lists in AD. Zones store their DNS data in AD. By default, authenticated computers in a forest can make new entries in a zone. This enables authenticated user or computer to directly add personal computers to the network.
Global Names Zone was introduced to ease migration from WINS. WINS uses short names as opposed to DNS that uses hierarchical names. However, DNS provides support for short names using DNS suffix search, orders on clients, and the DNS resolver on the client will attempt to resolve the short name by appending each DNS suffix, defined one at a time in the order listed. In a large organization with numerous DNS namespaces, this list of suffixes could be quite long. Since such lookup could be potentially time-consuming, difficult to maintain and also causes significant increases in network traffic during short name resolution, Global Names Zone was introduced in Windows Server 2008. GNZ supports resolution without suffix search list to be on the client. Any client that supports DNS resolution can utilize the global name zones functionality without additional configuration. Windows server 2008 DNS server will first try to resolve the name queried in the local zone and if that fails, they will then try to resolve it in the global name zone. The caveat is that the names are statically registered instead of dynamically registered so it needs to be maintained. GNZ is useful for IPv6 deployments. CName records are placed in the GlobalNames zone and alias them to the records for specific server/name in the relevant forward lookup zone.
DNSSec was introduced to secure dynamic updates using public key-based methods. The approach Microsoft takes to providing secure dynamic updates is by using access control lists in AD. Zones store their DNS data in AD. By default, authenticated computers in a forest can make new entries in a zone. This enables authenticated user or computer to directly add personal computers to the network.
Global Names Zone was introduced to ease migration from WINS. WINS uses short names as opposed to DNS that uses hierarchical names. However, DNS provides support for short names using DNS suffix search, orders on clients, and the DNS resolver on the client will attempt to resolve the short name by appending each DNS suffix, defined one at a time in the order listed. In a large organization with numerous DNS namespaces, this list of suffixes could be quite long. Since such lookup could be potentially time-consuming, difficult to maintain and also causes significant increases in network traffic during short name resolution, Global Names Zone was introduced in Windows Server 2008. GNZ supports resolution without suffix search list to be on the client. Any client that supports DNS resolution can utilize the global name zones functionality without additional configuration. Windows server 2008 DNS server will first try to resolve the name queried in the local zone and if that fails, they will then try to resolve it in the global name zone. The caveat is that the names are statically registered instead of dynamically registered so it needs to be maintained. GNZ is useful for IPv6 deployments. CName records are placed in the GlobalNames zone and alias them to the records for specific server/name in the relevant forward lookup zone.
No comments:
Post a Comment