Chapter
9, DNS in Name Resolution Designs
|1| Chapter 9 Overview
A. Designs That Include DNS
1. Identify the requirements and constraints
for creating a DNS design.
2. Describe the relationship between DNS and
Windows 2000.
3. Determine when to use DNS in name
resolution solutions.
4. Identify the design decisions you’ll need
to make.
B. Essential DNS Design Concepts
1. Place DNS servers in your design.
2. Determine how your organization’s domain
namespace affects your design.
3. Select zone types to use in your design.
4. Integrate DNS with other versions of DNS
and with WINS.
C. Name Resolution Protection in DNS Designs
1. Prevent unauthorized dynamic updates to
DNS zones.
2. Prevent unauthorized DNS server use and
administration.
D. DNS Design Optimization
1. Select strategies to increase DNS
availability and performance.
Chapter 9, Lesson 1
Designs That Include DNS
1. DNS and Name Resolution in Networking
Services Designs
A. DNS is one way to provide name resolution.
B. You can also provide name resolution by
using
1. A HOSTS file on the local computer
2. An LMHOSTS file on the local computer or
on shared computers
3. WINS
Note The following are some of
the disadvantages for the HOSTS, LMHOSTS, and WINS name resolution methods.
Possible
disadvantages for HOSTS: It requires administration on every computer; file
integrity can be compromised because users can modify the file.
Possible
disadvantages for LMHOSTS: It is available only on Microsoft operating systems;
requires administration on every computer; file integrity can be compromised
because users can modify the file.
Possible
disadvantages of WINS: It was designed for resolving NetBIOS names; fully
qualified domain names (FQDNs) are not fully supported.
C. DNS is the only name resolution method
that provides centralized administration and support for
1. The Active Directory directory service
2. FQDN name resolution
3. NetBIOS name resolution
D. This chapter focuses on DNS for FQDN name
resolution.
|2| 2. DNS
and Windows 2000
A. DNS provides forward name resolution and
reverse name resolution.
1. With forward name resolution, the DNS
server receives an FQDN from a DNS client and returns the corresponding IP
address.
2. With reverse name resolution, the DNS
server receives an IP address and returns the corresponding FQDN.
B. Windows 2000 includes DNS Client and DNS
Server services.
1. DNS Client
a. Receives requests for FQDN name resolution
from local applications
b. Forwards those requests to DNS servers
c. Is included in other operating systems
2. DNS Server
a. Provides forward and reverse name
resolution to DNS clients
b. Communicates with DNS clients, other DNS
servers, Active Directory domain controllers, WINS servers, and Dynamic Host
Configuration Protocol (DHCP) servers by using the IP stack in Windows 2000
c. Specify a fixed IP address for all
network interfaces on the DNS server that communicate with the DNS Server
service.
d. Manages a locally stored database that
contains the DNS records for forward and reverse name resolution resolved by
the DNS server
e. Is available in Microsoft Windows 2000
Server, Microsoft Windows 2000 Advanced Server, and Microsoft Windows 2000
Datacenter Server
f. Is not available in Microsoft Windows
2000 Professional
C. To create DNS designs, you should
understand
1. General IP and IP routing theory
2. General DNS and Berkeley Internet Name
Domain (BIND) server theory
Note BIND is a DNS designed for
UNIX systems based on BSD, the version of UNIX developed at the University of California’s
Berkeley
campus.
3. Common DNS resource record types and
formats
4. General domain namespace design theory
|3| 3. DNS
Design Requirements and Constraints
A. Collect your organization’s design
requirements and constraints.
B. Base design decisions on those
requirements and constraints, including
1. The amount of data transmitted between
existing network segments that contain the DNS clients and DNS server
2. The number of locations and network
segments that require name resolution
3. Plans for network growth
4. WAN connections in use
5. The organization’s current domain
namespace design
6. Characteristics of existing DNS servers,
including
a. The number of DNS resource records in
existing DNS databases
b. DNS server placement
c. Operating systems running current DNS
servers
d. The versions of DNS servers running on
other operating systems
|4| 4. DNS
Design Decisions
A. Decide how to
1. Integrate DNS into the existing network
based on
a. Existing domain namespace design
b. Operating systems in use and versions of
DNS or BIND used on any existing DNS servers
c. Location of existing DNS servers
d. Existing WINS servers
e. Types of DNS zones your design requires
2. Make DNS name resolution always available
to DNS clients
3. Optimize network traffic between DNS
clients and DNS servers
|5| 5. DNS and Active Directory Designs
A. Most DNS designs must support Active
Directory.
B. Ensure that domain controllers, member
servers, and client computers can resolve IP addresses for Active Directory
objects stored in DNS.
C. Decide which DNS features Active Directory
will use.
1. Support for SRV (service) resource
records
a. Required by Active Directory
b. Available in DNS in Windows 2000, and in
BIND version 4.9.6 and later
2. Dynamically updated zones
a. Optional, but they reduce design
complexity and administration tasks
b. Available in DNS in Windows 2000, and in
BIND version 8.1.2 and later
3. Incremental zone updates
a. Optional, but they reduce design
complexity and administration tasks
b. Available in DNS in Windows 2000, and in
BIND version 8.2.1 and later
D. The DNS services in Windows 2000 provide
all the features available in BIND DNS servers and more, including
1. Storage of DNS zone databases in Active
Directory. Specify the zone as an Active Directory integrated zone.
2. Active Directory replication
a. Lets you replicate DNS zone databases
between DNS servers
b. Is available for any Active Directory
integrated zones in your design
3. Automatic management of DNS resource
records
a. Is available for computers running Windows
2000 or for computers configured using DHCP
b. Dynamically updates corresponding resource
records in DNS
c. Allows you to restrict the computers,
groups, or users that can modify the DNS zone information in integrated Active
Directory zones
4. Integration with WINS servers, which
allows you to
a. Forward unresolved DNS queries to WINS
servers, which then search the WINS database to resolve host names
b. Forward unresolved WINS queries to DNS
servers, which then search the specified domain namespace to resolve NetBIOS
names
|6| 6. Traditional
DNS Designs
A. Some designs may require DNS services but
not Active Directory.
B. In traditional DNS designs, DNS servers in
a private network communicate with DNS servers on the Internet and with other
internal DNS servers.
C. To ensure interoperability with other DNS
servers, your DNS server design must support the following:
Note You can integrate DNS with
other DNS products based on IETF standards. The DNS in Windows 2000 is
compatible with DNS servers on other operating systems that comply with BIND
version 8.2.2. (Version 8.2.2 is recommended, although it’s possible to integrate
Windows 2000 DNS with earlier versions of BIND.)
1. A common character set
a. Restricted to US ASCII–based characters as
defined in RFC 1035
b. All DNS servers should adhere to RFC 1035
specifications.
2. The same DNS zone transfer method
a. Incremental zone transfers send only the
resource records that change.
b. Full zone transfers send the entire
contents of the zone.
Note Incremental zone transfers
are preferable to full zone transfers because they reduce network traffic.
c. All DNS servers should use the same
method.
3. The same compression method in DNS zone
transfers
a. Slow transfer method transfers a single
resource record in an uncompressed format and fast transfer.
b. Fast transfer method transfers multiple
resource records at a time in a compressed format.
c. The DNS services in Windows 2000 uses the
fast transfer method by default.
d. If your design includes DNS servers that
run BIND version 4.9.4 or earlier, specify that all DNS servers support the
slow transfer method.
4. The appropriate DNS resource record types
a. Different DNS server implementations
support different DNS resource record types.
b. Most DNS servers reject any DNS resource
records that the DNS server does not support.
c. All DNS servers need to support the DNS
resource record types that your organization uses.
5. Dynamic DNS zone update protocol
a. If your design requires dynamic updates,
all DNS servers in your design must support dynamic updates.
b. The DNS services in Windows 2000 support
dynamic updates compatible with RFC 2136, as do DNS servers running BIND
version 8.1.2 or later.
Chapter 9, Lesson 2
Essential DNS Design Concepts
1. Determining Domain Namespace Influences on
DNS
A. Understand the structure of your
organization's domain namespace.
1. Is represented by the DNS resource
records managed by the DNS servers
2. Affects the zone types you can include in
your design
3. Affects DNS server placement in your
design
|7| B. Evaluate relationships between
1. The organization’s domain namespace and
Internet naming conventions
2. The organization’s external and internal
namespaces
3. Active Directory and the organization’s
domain namespace
4. The organization’s domain namespace and
its subdomains
5. The domain namespace and DNS zones
C. Most designs include domain namespaces
accessed by Internet users.
1. Domain namespaces available to Internet
users must adhere to naming conventions.
2. All domain namespaces are at least partly
based on Internet naming conventions.
|8| D. The DNS domain namespace uses a
hierarchical tree structure of named domains.
1. Each level is a branch level or leaf
level.
a. The branch level contains other domain
names (branch levels) or multiple DNS resource records (leaf levels).
b. The leaf level domain names are resource
records that represent a specific resource.
2. You interpret the domain name structure
from right to left.
a. The rightmost portion of a domain name is
the highest portion in the domain name’s hierarchical structure.
b. The leftmost portion is the lowest
portion.
|9| E. A domain namespace includes the following
types of domain names:
Note ServerA.sales.asia.contoso.msft
msft
is the top-level domain name
contoso
is the second-level domain name
asia is a subdomain name
sales
is a subdomain name
ServerA
is a host or resource name
1. Domain root
a. Highest portion of the domain namespace tree
b. An unnamed portion of a domain namespace
designated by a trailing period “.”
c. Necessary when you specify an FQDN
2. Top-level domain
a. Two- or three-letter names that designate
the country, region, or type of organization using that name
b. Names are available from the organization
that governs Internet regulations (currently Network Solutions, Inc.).
3. Second-level domain
a. A variable-length domain name that
designates the organization or individual for Internet use
b. Available from the organization that
governs Internet regulations (currently Network Solutions, Inc.)
4. Subdomains
a. Additional variable-length domain names
that designate an organization’s internal structure
b. Can specify any number and levels of
subdomains
5. Host or resource name
a. Names of a computer or group of computers
(such as a cluster) within the organization
b. Can specify any number of resource names
|10| F. A domain namespace can be an external
domain namespace, an internal domain namespace, or a combination.
1. External namespaces are visible to
Internet users and computers.
2. Internal namespaces are visible to users
and computers within the organization only.
|11| 3. Your
organization’s internal domain namespace root
a. Can be part of the same namespace root as
the external namespace or can be separate
b. Must be different from other
organizations’ external domain namespace root
Note What happens if the
internal domain namespace root is identical to another organization’s external
domain namespace root? Answer: Private network users can’t access resources in
the other organization.
|12| G. Determine the subdomains in the namespace
design.
1. You can use subdomains to organize
resources by department, location, or other specifications.
2. You can include subdomains in the
external or internal namespace.
3. You can nest subdomains to create any
number of levels.
4. If your namespace design includes a
single domain namespace root, you can use subdomains to separate the external
and internal namespaces.
|13| H. Determine how to integrate Active
Directory into your organization’s domain namespace.
1. Active Directory domains correspond to
DNS domain or subdomain names in a DNS design.
2. Incorporate the domains and subdomains
used by Active Directory into the internal namespace.
3. For each domain in Active Directory, you
must
a. Include a DNS domain or subdomain
b. Enable dynamic updating of DNS zones if
you want Active Directory to automatically create the domains or subdomains
I. After analyzing the domain namespace,
convert it to DNS zones using one of the following methods:
|14| 1. Include all domains, subdomains, and
resource records in a single DNS zone. Use this method when
a. The organization’s namespace is relatively
small
b. DNS server administration is centrally
performed
c. The entire namespace is either internal
or external
d. The entire namespace is either dynamically
updated or manually updated
|15| 2. Specify multiple DNS zones for
corresponding domains and subdomains. Use this method when
a. The organization’s namespace is large and
you want to reduce the number of resource records in a DNS zone
b. DNS server administration is decentralized
c. The domain namespace includes internal or
external namespaces
d. The domain namespace includes dynamically
and manually updated zones
3. With either method, create a
corresponding DNS resource record for each resource that you want to advertise
in DNS.
|16| 2. Selecting
the Zone Types
A. After evaluating the domain namespace and
converting it to zones, determine which zone types to include in your design.
1. Each DNS server can manage one or more
zones.
2. Each zone can be a different type.
B. Your design can include
1. Only traditional DNS zones
2. Only Active Directory integrated zones
3. A combination of traditional DNS zones
and Active Directory integrated zones
Note You can choose either
traditional DNS zones or Active Directory integrated zones if the organization
uses Active Directory.
|17| C. Traditional DNS zones
1. Store zone information in operating
system files.
2. Store a single, read-write copy of the
zone information in primary zones.
3. Use a primary zone in your design to
a. Administer the domain namespace
b. Dynamically update the zone information
c. Create subdomains within the namespace
and decrease the number of resource records within a domain
4. Store multiple read-only copies of the zone
information in secondary zones.
5. Use secondary zones in your design to
a. Provide copies of zone information to
unsecured portions of the network
b. Reduce WAN network traffic for DNS servers
at remote locations
c. Provide redundancy if the primary DNS
zone becomes unavailable
d. Provide load balancing between DNS servers
6. Replicate zone information between DNS
servers by using full or incremental zone transfers.
|18| 7. Use traditional DNS zones as the
predominant zone type when
Note Choose the traditional DNS
zone when you need to integrate into an existing infrastructure or need
separate support for DNS and Active Directory.
a. You need to provide interoperability with
BIND DNS servers
b. Your organization does not plan to include
Active Directory in the design
c. Network support staff is familiar with
BIND DNS servers and your organization wants to keep support and training costs
low
d. You don’t need to provide secure dynamic
zone updates. The primary DNS zones can’t provide secured dynamic updates.
e. You need to place read-only copies of the
zone information on unsecured network segments
|19| D. Active Directory integrated zones
1. Store zone information (resource records)
in Active Directory.
a. The DNS service scans Active Directory to
resolve queries.
b. The DNS service creates a separate
organizational unit (OU) for each zone.
2. Store a multimaster, read-write copy of
the zone information.
a. You can modify any copy of an Active
Directory zone.
b. Modifications are automatically replicated
to other copies.
3. Use Active Directory integrated zones as
the predominant zone type when
Note You should choose Active
Directory integrated zones when you’re integrating into an existing Active
Directory (or it’s part of a future implementation) or when you want a single
point of support for DNS and Active Directory.
a. The design includes dynamically updated
DNS zones
b. You need to provide secured dynamic zone
updates
c. You want to reduce the administration
associated with DNS replication
|20| E. You can use both traditional and Active
Directory integrated zones in the same design.
1. You can substitute Active Directory
integrated zones for any standard primary zones.
2. Active Directory integrated zones can
replicate zone information to secondary zones by using traditional DNS zone
replication.
3. Determining the Placement of DNS Servers
Note The zone type you choose
influences server placement in the network design.
A. Your design must include enough DNS
servers to support the DNS zones.
|21| B. Place DNS servers at each location within
your organization to
1. Reduce WAN network traffic
a. If you have multiple locations, include a
DNS server at each location.
b. Including a DNS server at each location
allows you to resolve DNS queries locally.
2. Support an Active Directory domain
controller
3. Administer DNS at all locations
a. Include a local DNS server at each
location where DNS must be locally administered.
b. The local DNS servers must manage a
portion of the domain namespace that contains the local subdomains and resource
records.
4. Improve DNS query response times
a. Allows DNS clients to resolve names
locally
b. The local DNS server should contain the
portion of the domain namespace that the local DNS clients commonly query.
5. Provide load balancing
a. Distributes DNS query traffic across
multiple DNS servers in the same location
b. Improves performance
6. Provide redundancy
a. Provides fault tolerance for existing DNS
servers at the same location
|22| 4. Integrating
DNS with Other Versions of DNS
A. The most common DNS versions are
BIND-based DNS servers and Windows NT 4.0–based DNS servers.
1. Both support only traditional DNS zone
types.
2. Each version supports different types of
resource records.
3. Not all versions support dynamically
updated DNS zones.
B. Integration issues
1. Dynamically updated DNS zones
2. Character set support
3. Resource records: RFC compliant and
non-RFC compliant
C. Dynamically updated DNS zones
1. Required for many solutions
2. Reduce the resource record administration
in the zones
3. Supported by
a. DNS Server service in Windows 2000
b. BIND version 8.1.2 and later only
4. Not supported by Windows NT 4.0
D. Character set support
1. All DNS servers that manage the same zone
must support the same character set.
2. To provide interoperability with other
DNS servers, use character sets that meet RFC 1035 specifications.
3. All versions of DNS servers support the
character sets specified in RFC 1035.
4. To provide compatibility with BIND-based
and Windows NT 4.0–based DNS servers, all domain names within the domain namespace
must adhere to RFC 1035, including
a. Computer names
b. Domain names
c. NetBIOS names
5. Windows 2000 also supports UTF-8
compatible characters in DNS zones.
a. UTF-8 supports extended ASCII characters
and multiple languages.
b. Use UTF-8 only when all DNS servers are
running Windows 2000.
E. Resource record support
1. All DNS servers that manage the same zone
must support the same resource record types.
2. The following DNS resource records are
common to all versions of DNS and are RFC compliant.
a. Host address (A)
b. Canonical name (CNAME)
3. DNS servers usually ignore invalid
resource records in the zone database.
4. Most DNS servers do one of the following
when receiving invalid resource records during zone transfers:
a. Ignore the invalid resource records
b. Terminate the zone transfer
5. If you include Active Directory or WINS
interoperability in your design, your DNS zones include the following resource
record types:
a. SRV—required for Active Directory
b. WINS forward lookup (WINS)—required for
WINS
c. WINS reverse lookup (WINS-R)—required for
WINS
|23| 5. Integrating
DNS and WINS
A. If your organization has an existing
Windows NT 4.0–based network, integrate WINS into your DNS design.
1. Windows NT 4.0 relies on NetBIOS names to
locate network resources.
2. WINS registers and resolves NetBIOS
names.
3. You can integrate WINS and DNS as part of
a migration strategy or as a permanent solution, depending on the
organization’s needs.
|24| B. To integrate WINS NetBIOS names into DNS,
specify the following:
1. A subdomain in your namespace for WINS
resolution
a. This subdomain acts as a container for the
NetBIOS names that WINS resolves.
b. If your design includes internal and
external namespaces, create the WINS subdomain in the internal namespace.
c. To reduce WAN traffic, create a WINS
subdomain in each location and ensure that it includes the WINS servers in that
location.
2. Whether names from DNS or WINS are
resolved first
3. The IP addresses for the WINS servers to
integrate with DNS
a. Reference more than one WINS server to
improve availability
b. Can use Windows 2000 or Windows NT 4.0
servers
Chapter 9, Lesson 3
Name Resolution Protection in DNS Designs
|25| 1. Preventing
Unauthorized Dynamic Updates to DNS Zones
A. Determine how to
1. Perform dynamic zone updates
2. Secure the updates
B. Perform dynamic zone updates for host
address and pointer resource records in DNS by using
1. DHCP Server in Windows 2000
a. Specify that the DHCP server is the only
computer authorized to update the records.
b. Allows updates to DNS zone information for
any DHCP client
c. Reduces administration, because the DHCP
server updates DNS for many clients
2. Windows 2000 DNS Client
a. Specify that the computer running DNS
Client is the only computer authorized to update the records.
b. Requires the DNS Client in Windows 2000
c. Increases administration, because each
DNS Client must be configured to perform dynamic updates (however, you can set
them up to be configured by DHCP)
C. Secure dynamic zone updates by doing the
following:
1. Specify Active Directory integrated zones
for each dynamically updated zone.
2. Specify the permissions to update the
dynamically updated zones in Active Directory.
a. Specify which computer, group, or user
account is authorized to perform dynamic updates.
b. Assign permissions to an entire DNS zone
or to individual resource records.
c.
For zones that
are dynamically updated by DHCP servers, grant the DHCP server permission to
(1) Dynamically update corresponding zones
(2) Modify all the resource records in the zone
d.
For zones that
are dynamically updated by DNS Clients, grant each DNS Client permission to
(1) Dynamically update corresponding zones
(2) Modify only the corresponding resource records
in the zone
|26| 2. Preventing
Unauthorized Access to DNS Servers
A. Prevent unauthorized access to DNS servers
based on zone types in several ways.
1. Restrict the number of DNS
administrators.
a. Grant network administration permissions
judiciously.
b. Create a Windows 2000 group and assign the
group the permissions needed to manage your organization’s DNS servers.
c. In the Windows 2000 group, include the
authorized network.
2. Isolate read-write copies of DNS zones
from public networks.
Note You should aim to create
read-only copies of zone information so Internet-based users can’t modify them.
a. Ensure that unauthorized or anonymous
users can access only standard secondary zones.
b. Secondary zones are read-only.
3. Isolate zones that manage internal
namespaces from public networks.
a. Ensure that unauthorized or anonymous
users can access only the external portions of your organization’s namespace.
c.
Ensure that all
computers in the external namespace
(1) Are accessible to anonymous users
(2) Provide enough security to protect
confidential data
4. Use only Active Directory integrated
zones within your private network.
Chapter 9, Lesson 4
DNS Design Optimization
|27| 1. Enhancing
DNS Availability
A. Optimize your design for increased availability
with three primary strategies.
1. Replicate DNS zones across multiple DNS
servers.
a. Specify that the DNS clients include both
DNS servers in the list of DNS servers they can use for name resolution.
b. Replicate zone information using two
methods:
(1) Replicate zone information between two
Active Directory integrated zones.
(2) Replicate zone information between standard
primary and secondary zones.
c. Advantage: requires no additional
hardware or software resources
d. Disadvantage: no automatic failover—DNS
clients may experience delays in DNS query resolutions if the first DNS server
fails
2. Use Windows Clustering server clusters.
a. Windows 2000 DNS Server service is
cluster-unaware, which means that it can run on server clusters, but can’t
communicate with the cluster.
b. You can store DNS zones on a common
cluster drive between two computers.
c. The DNS Server service runs on only one
cluster node, called the active node, at a time.
d. If the DNS active node fails for any reason,
the other cluster node automatically starts the DNS Server service. The
redundant DNS Server service contains the current DNS zone contents from the
failed node.
e. You cannot use this method for DNS servers
that manage Active Directory integrated zones.
3. Dedicate a computer to DNS.
|28| 2. Improving
DNS Performance
A. Use the following strategies to improve
DNS configuration performance:
1. Reduce DNS query resolution latency.
2. Reduce or reschedule DNS zone replication
traffic.
3. Dedicate a computer to DNS.
B. Reduce DNS query resolution latency.
1. Place DNS servers at remote locations to
reduce WAN traffic.
2. Load balance DNS queries across multiple
DNS servers.
a. This is useful when existing DNS servers
are working to capacity and you cannot upgrade hardware.
b. Evenly distribute DNS clients across
multiple DNS servers to ensure that each DNS server responds to approximately
the same number of DNS queries over time.
c. Configure DNS clients to use different
servers as their primary DNS server.
d. Use DHCP to reduce administration in
configuring the DNS clients to distribute DNS queries between DNS servers.
3. Divide domains into subdomains.
a. Specify two or more subdomains beneath the
current domain.
b. Evenly divide existing resource records
across the subdomains.
c. Specify that the domain should forward
DNS queries to the subdomains (called delegated domains).
4. Include caching-only DNS servers.
a. Caching-only servers don’t store DNS zone
information.
b. Only cache responses to DNS queries in
local memory.
c. Requires another DNS server
d. Place caching-only DNS servers in remote
locations when network connections between locations are reliable and queries
are forwarded to reliable DNS servers.
e. Place DNS servers in remote locations when
network connections between locations are unreliable, DNS servers in other
locations are unreliable, and additional network traffic is acceptable.
C. Reduce or reschedule DNS zone replication
traffic.
1. Place caching-only DNS servers at remote
locations.
a. Do not store DNS information locally.
b. Zone replication is not necessary.
2. Perform incremental zone transfers.
a. Reduces network traffic
b. Transmits updates to zone resource records
only
3. Perform fast zone transfers.
a. Available for DNS servers running Windows
2000
b. Send multiple zone resource records at
once and compress the zone updates.
4. Perform zone updates during nonpeak
periods.
D. Dedicate a computer to DNS to prevent
other applications and services from overusing system resources.
|29| Chapter Summary
A. DNS services in Windows 2000 resolve
resource names to IP addresses and vice versa.
B. You can integrate WINS-based computers and
other DNS versions into your DNS-based network.
C. Decide whether to design your network to
support Active Directory integrated zones or to use a traditional DNS design.
D. Consider your organization’s domain
namespace as you plan where to place DNS servers, determine the zone types to
include, and make other design decisions.
E. Use a number of methods to protect the
integrity of DNS name resolution.
1. Perform dynamic zone updates using DHCP
Server in Windows 2000 or Windows 2000 DNS Client.
2. Restrict the number of DNS
administrators.
3. Isolate read-write copies of zone
information and zones that manage internal namespaces from public networks.
4. Require only Active Directory integrated
zones within your private network.
F. Use the following optimization techniques
to improve the availability and performance of your DNS design:
1. Replicate DNS zones across multiple DNS
servers.
2. Use Windows Clustering server clusters.
3. Dedicate a computer to DNS.
4. Reduce DNS query resolution latency.
5. Reduce or reschedule DNS zone replication
traffic.