DHCP DNS i RAID

  • Upload
    -

  • View
    236

  • Download
    0

Embed Size (px)

Citation preview

  • 7/27/2019 DHCP DNS i RAID

    1/18

    Odravanje i testiranje mrene postavke

    Windows Server 2003 sadri mnoge alate za odravanje i testiranje TCP/IP postavke.

    Osnovni mreni testovi

    Kada se instalira novi raunar ili se menja mrena konfiguracija raunara koji je ve instaliran neophodno je

    obaviti testiranje konfiguracije.Najosnovniji TCP/IP test predstavlja koritenje naredbe Ping u komandnom prozoru za testiranje konekcije

    raunara sa mreom.

    Naredba se ispisuje na sledei nain,ping host

    gde hostpredstavlja raunar koji elimo da kontaktiramo.

    Naredba Ping se moe koristiti na vie naina kod Windows Server 2003 za testiranje konfiguracije:

    ping IP adrese

    Ako je raunar konfigurisan kako treba I ako je hostraunar dostupan na raunarskoj mrei, naping zahtev se dobija odgovor. Ako se ne moe kontaktirati host, ping zahtevu istekne vreme.

    Na domenima koji koriste WINS, moemo pokuati da ping-ujemo NetBIOS ime raunara.

    Ako je NetBIOS ime raunara prepoznato kako treba, korektno su na raunaru konfigurisanNetBIOS instrumenti, kao to je WINS.

    Na domenima koji koriste, moemo pokuati da ping-ujemo DNS ime raunara

    Ako je potpuno kvalifikovano DNS ime prepoznato korektno, DNS name resolution je ispravnokonfigurisan.

    Mogue je testirati raunarsku mreu tako to proveravamo, da li do eljenog raunara moemo dopretraivanjem mree. Ako je raunar lan Windows Server 2003 domena i pretraivanje raunara je

    dozvoljeno kroz domen, logovanjem na raunar I koritenjem Windows Explorer-a odnosnoMy Network Places

    opcije u okviru istog pretraujemo dostupne raunare u domenu. Na ovaj nain moemo proveriti da li je neki

    odreeni raunar konfigurisan kako treba. Ovaj test nam omoguava uvid u dali jeDNS resolution u lokalnomokruenju podeen kako treba. Ako je nemogue nai eljeni raunar, treba proveriti DNS servise i protokole u

    TCP/IP konfiguraciji.

    Otkazivanje i obnavljanje DHCP konfiguracije

    DHCP serveri mogu dodeliti automatski vei broj mrenih konfiguracija, to ukljuuje IP adrese, defaulgateways, primarne I sekundarne DNS servere, primarne i sekundarne WINS servere, i drugo. Kada raunar

    koriste dinamiko adresiranje, iznajmljena (lease) I dodeljena im je odgovarajua IP adresa. Iznajmljivanjepredstavlja dobro reenjae, jer se konfiguracija iznajmljuje i dodeljuje na odreeno vreme i mora se obnavljati

    periodino. Kada istekne vreme iznajmljivanja neophodno je obnoviti dozvolu za koritenje dodeljene mrenekonfiguracije. Raunar kontaktira DHCP server koji je odobrio iznajmljivanje i ako je dostupan na mrei

    odobrena je dodele mrene konfiguracije I poinje novi period iznajmljivanja. Obnavljanje dodele mrene

    konfiguracije moe se izvesti i manuelno na odreenom raunaru ili ako je neophodno na samom DHCPserveru.

  • 7/27/2019 DHCP DNS i RAID

    2/18

    Mogu se pojaviti problem u komunikaciji na raunarskoj mrei u toku iznajmljivanja i obnavljanja mrene

    konfiguracije. Ako server nije dostupn i ne moe kontaktirati pre nego to istekne vreme iznajmljivanja, IPdres moe postti neve. Ako se to desi, runr moe koristiti lterntivnu IP dresu koja se postavlja

    konfigurcijom lterntivne drese, koj u veini slujev im neprikladne prmetre koji ometaju prvilnu

    komunikciju preko mree.Reenje problema je otkazivanje DHCP konfiguracije i ponovno iznajmljivanje

    nove mrene konfiguracije.Druga vrsta problema se moe pojaviti kada korisnici se kreu po raznim delovima raunarske mree u okviru

    kompanije, te tokom pomeranja njihov raunar moe dobiti DHCP konfiguraciju od pogrenog servera

    Povratkom na osnovnu lokaciju u mrei raunar ne moe da komunicira ispravno preko raunarske mreeNeophodno je otkazati staru konfiguraciju I zatraiti novu od DHCP server.

    Na sledei nain moemo da obnovimo i otkaemo mrenu konfiguraciju manuelno:

    1. Kliknemo Starti selektujemoRun. Otkucamo cmdu otvoreni tekst boksRun dijalog boksa i kliknemo OK

    Na ovaj nain se startuje command prompt.2. da bismo otkazali trenutnu DHCP konfiguraciju otkucamo ipconfig /release u komandnoj liniji. Za obnovu

    DHCP konfiguracije otkucamo ipconfig /renew u komandnom prozoru.3. Trenutnu IP konfiguraciju miemo proveriti tako to otkucamo ipconfig /allu komandnoj liniji.

    Preregistracija i Flushing DNS-a

    DNS resolver cash sadri istoriju lookup-a DNS- koji su izvreni kd korisnik pristupi resursim mrekorienjem TCP/IP protokol. Ovj ke sdri forward lookup-e, koji obezbeuju ime host-a n dat zahtev

    razreavanja IP drese, i reverse lookup-e, koji obezbeuju IP dresu na zahtev razreavanja host imena. Kd

    su DNS stvke suvne u DNS resolver cash u z odreeni DNS host, loklni runr vie ne mor d seobraa spoljnim serverim z DNS informcije n tom host-u. Ovo omoguv runru d razrei DNS

    zhteve na loklnom DNS-u, koji omoguv bri odgovor. Koliko dugo se zapisi uvju uDNS resolver cash-u zvisi od dodeljenog vremena, Time To Leave (TTL), zpisu od strane originalnog server. D biste videl

    trenutnu evidenciju i pogledli preostle TTL vrednost z svki zpis, otkucjte ipconfig/displydns u

    komndnoj liniji. Date vrednosti predstavljaju broj sekundi tokom kojih odreeni zpis moe ostti u keu prenego to istekne vreme. Ova vremena se stlno odbrojavaju od strane loklnog runra. Kd vrednost TTL

    dostigne nulu, istie zpis i uklanja se izDNS resolver cash-a.

    Povremeno, desie se da moramo iz DNS resolver cash a ukloniti sve zapise i dozvoliti raunarima dazahtevima update-ju DNS pre isteka vremena zapisa. Ovakav sluaj se deava kada se adrese promene I pointer-

    I u yapisima ukazuju na stare adrese. Deava se da DNS resolver cash sam po sebi nije sinhronizovan sa

    stanjem na mrei , pogotovo kad DHCP nije dobro konfigurisan.

    U veini sluajeve problem sa DNS resolver cache-om mogu se reitiflushing the cache

    ili preregistracijom DNS-a. Kada se obaviflush the resolver cache, svi DNS zapisi su obrisani Ii novi zapisi seformiraju tek kada se sledei put raunar obavi DNS lookup za odgovarajue host ime ili IP adresu. Kada se

    preregistruje DNS, Windows Server 2003 nastoji da osvei sva tekua izdavanja IP konfiguracija, DHCP leases

    i izvodi lookup na svaki DNS yapis in the resolver cache-u. Na ovaj nain se svaki host ili IP adresapreregistruju u resolver cache-u . Generalno, izvoenjem flush the cache kompletno briemo sve zapise I

    dozvoljavamo raunarima da izvode lookup-ove ako je neophodno. Preregistracija se izvodi samo ako

    sumnjamo da postoje problem sa DHCP-om i resolver cache-om.

  • 7/27/2019 DHCP DNS i RAID

    3/18

    Za brisanje resolver cache-a, kucamo ipconfig /flushdns na komandnoj liniji.

    Za obnavljanje DHCP leases i preregistraciju zapisa, kucamo ipconfig /registerdns na komandnoj liniji.4. Provera DNS zapisa se obavlja kucanjem ipconfig /displaydns na komandnoj liniji.

    Izvoenje detaljne mrene dijagnostike

    Samo par stvari je komplikovanije od pokuavanja da se razree problem na mrei. Problem je to postoji

    mnogo meuzavisnosti izmeu servisa, protokola I konfiguracionih postavki.

    Windows Server 2003 poseduje moan alat za mrenu dijagnostiku za detekciju problema vezano za:

    Problem povezanosti mree Postavka Internet servisa za e-mail, newsgroup-e, and proxy-je Postavke za modeme, mrene klijente, imrene adaptere DNS, DHCP, i WINS konfiguraciju Podrazumevane gateway-e i IP adrese

    To run the diagnostics tests using the default setup, follow these steps:

    1. Click Start and then select Help And Support. This starts the Help And Support Center.2. Under Support Tasks, click Tools. Afterward, in the left pane expand the Help AndSupport Center Tools node and then select Network Diagnostics.

    3. Click Scan Your System to start the testing.

    Tokom testirnj, Help And Support Services konzola se prikzuje progres br koji pokazuje brzinu

    npredovnj testov z dijgnostiku. Podrazumevani testovi koji se izvode obuhvtju ping testove d bi seutvrdilo d li je mre dostupn, provera povezanosti preko testov nad konfigurisnim modemima i mrenim

    dpterima i testove za Internet servise, e-mail-ove, diskusione grupe i proxy -je. Testovi daju povrtnu

    informcije o runrskom sistemu, o konfigurciji operativnog sistem, ko i o verziju opertivnog sistem.

  • 7/27/2019 DHCP DNS i RAID

    4/18

  • 7/27/2019 DHCP DNS i RAID

    5/18

    3. Ako je IP dres n rspolgnju, klijent konfigurie NIC- sa ovom dresom. Klijent pokuv dkontktir DHCP server, alje broadcast svkih pet minut na mreu. Kd klijent uspeno kontktira

    server, klijent dobij zakup (lease) i vri rekonfiguraciju mrenog interfejs.

    Provera dodela IP adresa

    Moe se koristitiIpconfigza proveru trenutno dodeljene IP drese i drugih informcija o konfigurciji. Za

    dobijanje informcije z sve mrene dptere n runru, otkucjte komndu ipconfig / allu komndnoj liniji.

    Ako je IP dres je utomtski dodeljen, videete mesto za unos autokonfiguracione IP drese. U ovom

    primeru autokonfiguraciona IP adresa je 169.254.98.59 :

    Wi ndows I P Conf i gurat i onHost Name . . . . . . . . . . . . . . . . . : DELTAPri mary DNS Suf f i x . . . . . . . . : mi crosof t . comNode Type . . . . . . . . . . . . . . . . . : Hybr i dI P Rout i ng Enabl ed. . . . . . . . . : NoWI NS Pr oxy Enabl ed. . . . . . . . . : NoDNS Suf f i x Sear ch Li st . . . . . : mi crosof t . com

    Et hernet adapt er Local Ar ea Connect i on:Connect i on- speci f i c DNS Suf f i x. . . :Descri pt i on . . . . . . . . . . . . . . . . : NDC ND5300 PnP Et her net Adapt erPhysi cal Addr ess. . . . . . . . . . . . : 05- 82- C6- F8- FD- 67DHCP Enabl ed. . . . . . . . . . . . . . . . : YesAut oconf i gur at i on Enabl ed. . . : YesAut oconf i gur at i on I P Addr ess: 169. 254. 98. 59Subnet Mask . . . . . . . . . . . . . . . . : 255. 255. 0. 0Def aul t Gateway . . . . . . . . . . . . :DNS Ser ver s . . . . . . . . . . . . . . . . :

    Understanding Scopes

    Scopes su pulovi IP dresa koji se mogu dodeliti klijentim kroz zkupe i rezervcije. Rezervcij rzlikuje od

    zakupa tako to je IP dres dodeljen odreenom runru dok god se ne ukloni rezervcija. Ovo omoguv

    postavljanje polutrjnih dresa z ogrnieni broj DHCP klijent.

    Scope-ovi se kreiraju tako to se odrede opsezi IP dres koje su dostupne DHCP-klijentim.. N primer,

    moete d dodelite IP opseg dres 192.168.12.2 - 192.168.12.250 Scope-u pod nazivom Enterprise Primary.

    Scope-ovi mogu d koriste jvne ili privtne IP drese n

    Class A networksIP addresses from 1.0.0.0 to 126.255.255.255

    Class B networksIP addresses from 128.0.0.0 to 191.255.255.255

    Class C networks

  • 7/27/2019 DHCP DNS i RAID

    6/18

    IP addresses from 192.0.0.0 to 223.255.255.255

    Class D networksIP addresses from 224.0.0.0 to 239.255.255.255

    Note

    The IP address 127.0.0.1 is used for local loopback.

    A single DHCP server can manage multiple scopes. Three types of scopes are available:

    Normal scopes

    Used to assign IP address pools for class A, B, and C networks.

    Multicast scopesUsed to assign IP address pools for class D networks. Computers use multicast IP addresses as

    secondary IP addresses in addition to a standard IP address assigned from a class A, B, or C network.

    SuperscopesThese are containers for other scopes and are used to simplify management of multiple scopes.

    Napomena

    Although you can create scopes on multiple network segments, you'll usually want these segments to be in thesame network class, such as all class C IP addresses. Don't forget that you must configure DHCP relays to relay

    DHCP broadcast requests between network segments. You can configure relay agents with the Routing and

    Remote Access Service (RRAS) and the DHCP Relay Agent Service. You can also configure some routers as

    relay agents.

    Starting and Stopping a DHCP Server

    DHCP-serverom se upravlja kroz servis DHCP server. Ko i svki drugi servis, moete zpoeti, zaustaviti,

    puzirati, p nstviti DHCP server servis u Services node of Computer Management ili iz komndne linije.Tkoe moete uprvljti DHCP servisom u DHCP konzoli. Kliknite desnim tsterom mi n server koji elite

    d upravljate u DHCP konzoli, izbere se All Tasks, ztim se izbere strt, stop, puse, resume, ili restart.

    Napomena

  • 7/27/2019 DHCP DNS i RAID

    7/18

    Da bi se pokrenuo i stopirao DHCP server koritenjem Computer Management-a, treba proiriti meni DHCP-a,

    zatim desni klik na server, odabratiAll Tasks, a zatim odabrati Start, Stop,Pause,Resume, iliRestart.

    Autorizacija DHCP servera u Aktivnom direktorijumu

    Pre upotrebe DHCP server-a u domenu, mora se izvriti autorizacija servera u Aktivnom direktorijumu. Samo

    autorizovani DHCP server moe obezbeivati dinamiko IP adresiranje u domenu. Windows Server 2003

    zahteva autorizaciju da bi se spreilo da neautorizovani DHCP serveri opsluuju klijente domena. Na ovaj nain

    je obezbeeno da se mrene operacije izvode bez zastoja.

    Ako koristimo DHCP konzolu, autorizacija DHCP servera se obavlja desnim klikom naserver entry u tree view

    i selektujemo Authorize. Da bi se uklonila autorizacija, desnim klikomserver entry , i selektujemo

    Unauthorize.

    Note

    Autorizacija DHCP server using Computer Management, expand DHCP, right-click the server, and then select

    Authorize. The authorization process can take several minutes, so be patient. Press F5 to refresh the view. When

    the DHCP server is authorized, the scope status should change to active and you should see a green up arrow inthe console tree. To remove the authorization, expand DHCP, right-click the server, and then select

    Unauthorize.

    Tip

    You might need to log on or remotely connect to a domain controller in order to authorize the DHCP server inActive Directory. Once you access the domain controller, start the DHCP console, and connect to the server you

    want to authorize. Afterward, right-click the server and then select Authorize.

    Integrating DHCP and DNS

    DNS is used to resolve computer names in Active Directory domains and on the Internet. Thanks to the DNS

    dynamic update protocol, you don't need to register DHCP clients in DNS manually. The protocol allows eitherthe client or the DHCP server to register the necessary forward lookup and reverse lookup records in DNS, as

    necessary. When configured using the default setup for DHCP, Windows Server 2003 DHCP clients

    automatically update their own DNS records after receiving an IP address lease, and DHCP server updates

    records for preWindows Server 2003 clients after issuing a lease.

  • 7/27/2019 DHCP DNS i RAID

    8/18

    Tip

    Microsoft Windows NT 4.0 DNS servers don't support the dynamic update protocol, and records aren't updatedautomatically. One workaround is to enable WINS lookup for DHCP clients that use NetBIOS. This allows the

    client to find other computers through WINS. A better long-term solution is to upgrade older DNS servers to

    Windows Server 2003.

    Avoiding IP Address Conflicts

    Konflikt IP adresa je najvei uzrok problema sa DHCP-om. Jedna IP adresa sme da bude dodljena samo jednom

    raunaru na mrei. Ako im je ipak dodeljena ista unicast IP address jedan od ta dva raunara ili oba mogli bi biti

    iskljueni sa mree. To better detect and avoid potential conflicts, you might want to enable IP address conflict

    detection by completing the following steps:

    1. In the DHCP console, right-click the server you want to work with, and then select Properties.2. In the Advanced tab, set Conflict Detection Attempts to a value other than zero. The value you enter

    determines the number of times DHCP server checks an IP address before leasing it to a client. DHCP

    server checks IP addresses by sending a ping request over the network.

    Saving and Restoring the DHCP Configuration

    Once you configure all the necessary DHCP settings, you might want to save the DHCP configuration so that

    you can restore it on the DHCP server. To save the configuration, enter the following command at the command

    prompt:

    net sh dump dchp >dhcpconf i g. dmp

    In this example, dhcpconfig.dmp is the name of the configuration script you want to create. Once you create this

    script, you can restore the configuration by entering the following command at the command prompt:

    net sh exec dhcpconf i g. dmp

    Tip

    You can also use this technique to set up another DHCP server with the same configuration. Simply copy the

    configuration script to a folder on the destination computer and then execute it.

  • 7/27/2019 DHCP DNS i RAID

    9/18

    Configuring Multiple Scopes on a Network

    You can configure multiple scopes on a single network. A single DHCP server or multiple DHCP servers canserve these scopes. However, anytime you work with multiple scopes, it's extremely important that the address

    ranges used by different scopes don't overlap. Each scope must have its own unique address range. If it doesn't,

    the same IP address might be assigned to different DHCP clients, which can cause severe problems on the

    network.

    To understand how you can use multiple scopes, consider the following scenario where each server has its

    respective DHCP scope IP address ranges on the same subnet.

    DHCP Scope IP Address Range

    Server A 192.168.10.1 to 192.168.10.99

    Server B 192.168.10.100 to 192.168.10.199

    Server C 192.168.10.200 to 192.168.10.254

    Each of these servers will respond to DHCP discovery messages, and any of them can assign IP addresses to

    clients. If one of the servers fails, the other servers can continue to provide DHCP services to the network.

    Managing the Address Pool, Leases, and Reservations

    Scopes have separate folders for address pools, leases, and reservations. By accessing these folders, you can

    view current statistics for the related data and manage existing entries.

    Viewing Scope Statistics

    Scope statistics provide summary information on the address pool for the current scope or superscope. To view

    statistics, right-click the scope or superscope and then select Display Statistics.

    The primary fields of this dialog box are used as follows:

    Total ScopesShows the number of scopes in a superscope.

  • 7/27/2019 DHCP DNS i RAID

    10/18

    Total AddressesShows the total number of IP addresses assigned to the scope.

    In UseShows the total number of addresses being used, as a numerical value and as a percentage of the totalavailable addresses. If the total reaches 85 percent or more, you might want to consider assigning

    additional addresses or freeing up addresses for use.

    AvailableShows the total number of addresses available for use, as a numerical value and as a percentage of the

    total available addresses.

    Backing Up and Restoring the DHCP Database

    DHCP servers store DHCP lease and reservation information in database files. By default, these files are stored

    in the %SystemRoot%\System32\dhcp directory. The key files in this directory are used as follows:

    Dhcp.mdbThe primary database file for the DHCP server

    J50.logA transaction log file used to recover incomplete transactions in case of a server malfunction

    J50.chkA checkpoint file used in truncating the transaction log for the DHCP server

    Res1.logA reserved log file for the DHCP server

    Res2.logA reserved log file for the DHCP server

    Tmp.edbA temporary working file for the DHCP server

  • 7/27/2019 DHCP DNS i RAID

    11/18

    Understanding DNSDNS- orgnizuje grup runr u domeni. Ovi domeni su orgnizovne po hijerrhijskoj strukturi, koji moebiti definisn n Internetu nivou osnov z jvne mree ili n celom preduzeu osnov z privtne mree

    (tkoe poznt ko intrnet i ekstrnets). Rzliitim nivoim u hijerrhiji identifikuje pojedinne runre,

    orgnizcione domen, i top-level domeni. Z potpuno kvlifikovno ime domin omeg.microsoft.com,Omeg predstvlj domin ime z pojedinc runr, Microsoft je orgnizcioni domen, sr je domen

    njvieg nivo.

    Top-level domeni su u korenu hijerrhije DNS- i stog se nziv koren domen. Ovi domeni se orgnizujugeogrfski, orgnizcij tip, po funkciji. Normln domen, ko to je microsoft.com, su tkoe nvedeni

    ko roditelj domen. Nzvo si roditelj domen, jer su oni roditelji orgnizcione strukture. Roditelj domen

    mogu se podeliti u poddomene, koji se moe koristiti z grupe ili odeljenj u okviru orgnizcije.

    Poddomeni se esto nziv domen dete. N primer, potpuno kvlifikovn nziv domen (FKDN) z

    runr unutr grupe ljudskih resurs moe biti oznen ko jcob.hr.microsoft.com. Evo, Jkov je

    host nme, sr je domen dete, i roditelj je microsoft.com domen.

    Integrating Active Directory and DNS

    As stated in Chapter 6, "Using Active Directory," Active Directory domains use DNS to implement their

    naming structure and hierarchy. Active Directory and DNS are tightly integrated, so much so that you must

    install DNS on the network before you can install Active Directory.

    During installation of the first domain controller on an Active Directory network, you'll have the opportunity to

    automatically install DNS if a DNS server can't be found on the network. You'll also be able to specify whetherDNS and Active Directory should be integrated fully. In most cases you should respond affirmatively to both

    requests. With full integration, DNS information is stored directly in Active Directory. This allows you to takeadvantage of Active Directory's capabilities. The difference between partial integration and full integration is

    very important:

    Partial integrationWith partial integration, the domain uses standard file storage. DNS information is stored in text-based

    files that end with the .dns extension, and the default location of these files is

    %SystemRoot%\System32\ Dns. Updates to DNS are handled through a single authoritative DNSserver. This server is designated as the primary DNS server for the particular domain or area within a

    domain called a zone. Clients that use dynamic DNS updates through DHCP must be configured to use

    the primary DNS server in the zone. If they aren't, their DNS information won't be updated. Likewise,dynamic updates through DHCP can't be made if the primary DNS server is offline.

    Full integrationWith full integration, the domain uses directory-integrated storage. DNS information is stored directly in

    Active Directory and is available through the container for the dnsZone object. Because the informationis part of Active Directory, any domain controller can access the data and a multimaster approach can be

  • 7/27/2019 DHCP DNS i RAID

    12/18

    used for dynamic updates through DHCP. This allows any domain controller running the DNS Server

    service to handle dynamic updates. Furthermore, clients that use dynamic DNS updates through DHCPcan use any DNS server within the zone. An added benefit of directory integration is the ability to use

    directory security to control access to DNS information.

    When you look at the way DNS information is replicated throughout the network, you also see advantages tofull integration with Active Directory. With partial integration, DNS information is stored and replicatedseparately from Active Directory. By having two separate structures, you reduce the effectiveness of both DNS

    and Active Directory and make administration more complex. Because DNS is less efficient than Active

    Directory at replicating changes, you might also increase network traffic and the amount of time it takes to

    replicate DNS changes throughout the network.

    Enabling DNS on the Network

    To enable DNS on the network, you need to configure DNS clients and servers. When you configure DNS

    clients, you tell the clients the IP addresses of DNS servers on the network. Using these addresses, clients can

    communicate with DNS servers anywhere on the network, even if the servers are on different subnets.

    When the network uses DHCP, you should configure DHCP to work with DNS. To do this, you need to set the

    DHCP scope options 006 DNS Servers and 015 DNS Domain Name as specified in the section entitled "Setting

    Scope Options" in Chapter 18, "Running DHCP Clients and Servers."

    Additionally, if computers on the network need to be accessible from other Active Directory domains, you need

    to create records for them in DNS. DNS records are organized into zones, where a zone is simply an area within

    a domain.

    Note

    Configuring a DNS client is explained in the section entitled "Configuring DNS Resolution" in Chapter 16,"Managing TCP/IP Networking." Configuring a DNS server is explained in the following section of this

    chapter.

    Installing DNS Servers

    You can configure any Windows Server 2003 system as a DNS server. Four types of DNS servers are available:

    Active Directoryintegrated primary serverA DNS server that's fully integrated with Active Directory. All DNS data is stored directly in Active

    Directory.

  • 7/27/2019 DHCP DNS i RAID

    13/18

    Primary serverThe main DNS server for a domain that uses partial integration with Active Directory. This server storesa master copy of DNS records and the domain's configuration files. These files are stored as text with

    the .dns extension.

    Secondary serverA DNS server that provides backup services for the domain. This server stores a copy of DNS records

    obtained from a primary server and relies on zone transfers for updates. Secondary servers obtain theirDNS information from a primary server when they're started, and they maintain this information until

    the information is refreshed or expired.

    Forwarding-only serverA server that caches DNS information after lookups and always passes requests to other servers. These

    servers maintain DNS information until it's refreshed or expired or until the server is restarted. Unlikesecondary servers, forwarding-only servers don't request full copies of a zone's database files. This

    means that when you start a forwarding-only server, its database contains no information.

    Before you configure a DNS server, you must install the DNS Server service. Afterward, you can configure the

    server to provide integrated, primary, secondary, or forwarding-only DNS services.

    Configuring a Primary DNS Server

    Every domain should have a primary DNS server. This server can be integrated with Active Directory or it can

    act as a standard primary server. Primary servers should have forward lookup zones and reverse lookup zones.

    Forward lookups are used to resolve domain names to IP addresses. Reverse lookups are needed to authenticateDNS requests by resolving IP addresses to domain names or hosts.

    Configuring a Secondary DNS Server

    Secondary servers provide backup DNS services on the network. If you're using full Active Directory

    integration, you don't really need to configure secondaries. Instead, you should configure multiple domaincontrollers to handle DNS services. On the other hand, if you're using partial integration, you might want to

    configure secondaries to lessen the load on the primary server. On a small or medium-sized network, you might

    be able to use the name servers of your Internet service provider (ISP) as secondaries; in this case you should

    contact your ISP to configure secondary DNS services for you.

    Since secondary servers use forward lookup zones for most types of queries, reverse lookup zones might not be

    needed. But reverse lookup zone files are essential for primary servers, and they must be configured for proper

    domain name resolution.

  • 7/27/2019 DHCP DNS i RAID

    14/18

    Configuring Reverse LookupsForward lookups are used to resolve domain names to IP addresses. Reverse lookups are used to resolve IPaddresses to domain names. Each segment on your network should have a reverse lookup zone. For example, if

    you have the subnets 192.168.10.0, 192.168.11.0, and 192.168.12.0, you should have three reverse lookup

    zones.

    The standard naming convention for reverse lookup zones is to type the network ID in reverse order and then

    use the suffix in-addr.arpa. With the previous example, you'd have reverse lookup zones named 10.168.192.in-addr.arpa, 11.168.192.in-addr.arpa, and 12.168.192.in-addr.arpa. Records in the reverse lookup zone must be in

    sync with the forward lookup zone. If the zones get out of sync, authentication might fail for the domain.

    Once you set up the reverse lookup zones, you need to ensure that delegation for the zone is handled properly.Contact the Information Services department or your ISP to ensure that the zones are registered with the parent

    domain.

    Managing DNS Records

    After you create the necessary zone files, you can add records to the zones. Computers that need to be accessed

    from Active Directory and DNS domains must have DNS records. Although there are many types of DNS

    records, most of these record types aren't commonly used. So rather than focus on record types you probably

    won't use, let's focus on the ones you will use:

    A (address)Maps a host name to an IP address. When a computer has multiple adapter cards or IP addresses, or

    both, it should have multiple address records.

    CNAME (canonical name)Sets an alias for a host name. For example, using this record, zeta.microsoft.com can have an alias as

    www.microsoft.com.

    MX (mail exchange)Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail

    servers in the domain.

    NS (name server)Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary

    and secondary name server should be declared through this record.

    PTR (pointer)Creates a pointer that maps an IP address to a host name for reverse lookups.

  • 7/27/2019 DHCP DNS i RAID

    15/18

    SOA (start of authority)Declares the host that's the most authoritative for the zone and, as such, is the best source of DNS

    information for the zone.

    Each zone file must have an SOA record (which is created automatically when you add a zone).

  • 7/27/2019 DHCP DNS i RAID

    16/18

    Improved Performance and Fault Tolerance with RAIDsYou'll often want to give important data increased protection from drive failures. To do this, you can use RAIDtechnology to add fault tolerance to your file systems. With RAID you increase data integrity and availability by

    creating redundant copies of the data. You can also use RAID to improve your disks' performance.

    Different implementations of RAID technology are available. These implementations are described in terms oflevels. Currently, RAID levels 0 to 5 are defined. Each RAID level offers different features. Windows Server

    2003 supports RAID levels 0, 1, and 5.

    You can use RAID 0 to improve the performance of your drives. You use RAID 1 and 5 to provide fault tolerance for data.

    Table 12-2 provides a brief overview of the supported RAID levels. This support is completely software-based.

    Table 12-2. Windows Server 2003 Support for RAID

    RAID

    Level

    RAID Type Description Major Advantages

    0 Disk

    striping

    Two or more volumes, each on a separate drive,

    are configured as a striped set. Data is broken intoblocks, called stripes, and then written sequentially

    to all drives in the striped set.

    Speed/performance.

    1 Disk

    mirroring

    Two volumes on two drives are configured

    identically. Data is written to both drives. If onedrive fails, there's no data loss because the other

    drive contains the data. (Doesn't include disk

    striping.)

    Redundancy. Better write

    performance than disk striping withparity.

    5 Disk

    striping withparity

    Uses three or more volumes, each on a separate

    drive, to create a striped set with parity errorchecking. In the case of failure, data can be

    recovered.

    Fault tolerance with less overhead

    than mirroring. Better readperformance than disk mirroring.

    The most common RAID levels in use on servers running Windows Server 2003 are level 1 disk mirroring and

    level 5 disk striping with parity. Disk mirroring is the least expensive way to increase data protection withredundancy. Here, you use two identically sized volumes on two different drives to create a redundant data set.

    If one of the drives fails, you can still obtain the data from the other drive.

    On the other hand, disk striping with parity requires more disksa minimum of threebut offers fault

    tolerance with less overhead than disk mirroring. If any of the drives fail, you can recover the data bycombining blocks of data on the remaining disks with a parity record. Parity is a method of error checking that

    uses an exclusive OR operation to create a checksum for each block of data written to the disk. This checksum

    is used to recover data in case of failure.

  • 7/27/2019 DHCP DNS i RAID

    17/18

    Implementing RAID on Windows Server 2003

    Windows Server 2003 supports disk mirroring, disk striping, and disk striping with parity. Implementing these

    RAID techniques is discussed in the sections that follow.

    Caution

    Some operating systems, such as MS-DOS, don't support RAID. If you dual boot your system to one of these

    noncompliant operating systems, your RAID-configured drives will be unusable.

    Implementing RAID 0: Disk Striping

    RAID level 0 is disk striping. With disk striping, two or more volumeseach on a separate driveare

    configured as a striped set. Data written to the striped set is broken into blocks that are called stripes. These

    stripes are written sequentially to all drives in the striped set. You can place volumes for a striped set on up to32 drives, but in most circumstances sets with two to five volumes offer the best performance improvements.

    Beyond this, the performance improvement decreases significantly.

    The major advantage of disk striping is speed. Data can be accessed on multiple disks using multiple drive

    heads, which improves performance considerably. However, this performance boost comes with a price tag. Aswith volume sets, if any hard disk drive in the striped set fails, the striped set can no longer be used, which

    means that essentially all data in the striped set is lost. You'll need to recreate the striped set and restore the data

    from backups. Data backup and recovery is discussed in Chapter 15, "Data Backup and Recovery."

    Caution

    The boot and system volumes shouldn't be part of a striped set. Don't use disk striping with these volumes.

    When you create striped sets, you'll want to use volumes that are approximately the same size. Disk

    Management bases the overall size of the striped set on the smallest volume size. Specifically, the maximumsize of the striped set is a multiple of the smallest volume size. For example, if the smallest volume is 50 MB,

    the maximum size for the striped site is 150 MB.

    Implementing RAID 1: Disk Mirroring

    RAID level 1 is disk mirroring. With disk mirroring, you use identically sized volumes on two different drives

    to create a redundant data set. Here, the drives are written with identical sets of information and, if one of the

    drives fails, you can still obtain the data from the other drive.

    Disk mirroring offers about the same fault tolerance as disk striping with parity. Because mirrored disks don't

    need to write parity information, they can offer better write performance in most circumstances. However, disk

  • 7/27/2019 DHCP DNS i RAID

    18/18

    striping with parity usually offers better read performance because read operations are spread out over multiple

    drives.

    The major drawback to disk mirroring is that it effectively cuts the amount of storage space in half. For

    example, to mirror a 5-GB drive, you need another 5-GB drive. That means you use 10 GB of space to store 5

    GB of information.

    Tip

    If possible, it's a good idea to mirror boot and system volumes. Mirroring these volumes ensures that you'll be

    able to boot the server in case of a single drive failure.

    As with disk striping, you'll often want the mirrored disks to be on separate disk controllers. This provides

    increased protection against failure of the disk controller. If one of the disk controllers fails, the disk on othercontroller is still available. Technically, when you use two separate disk controllers to duplicate data, you're

    using a technique known as disk duplexing. Figure 12-5 shows the difference between the two techniques.

    Where disk mirroring typically uses a single drive controller, disk duplexing uses two drive controllers.

    Implementing RAID 5: Disk Striping with Parity

    RAID level 5 is disk striping with parity. With this technique you need a minimum of three hard disk drives to

    set up fault tolerance. Disk Management sizes the volumes on these drives identically.

    RAID 5 is essentially an enhanced version of RAID 1with the key addition of fault tolerance. Fault tolerance

    ensures that the failure of a single drive won't bring down the entire drive set. Instead, the set continues to

    function with disk operations directed at the remaining volumes in the set.

    To allow for fault tolerance, RAID 5 writes parity checksums with the blocks of data. If any of the drives in the

    striped set fails, the parity information can be used to recover the data. (This process, called regenerating the

    striped set, is covered in the section of this chapter entitled "Managing RAIDs and Recovering from Failures.")

    If two disks fail, however, the parity information isn't sufficient to recover the data and you'll need to rebuild the

    striped set from backup.