Windows 2016 Server and DNS Zone Delegation
In this lecture, we will demonstrate the use of DNS delegation in a Windows 2016 server environment.
You have just been hired by a company in the U.S. to evaluate and fix the network issues of a multinational marketing company called Global Marketing.
Steve the CEO has requested that you present your solutions to management.
You make a short list of problems that you have discovered:
- All the Domains are hosted on one server – SVR-US-DNS1.
- All the records from all the sites in the organization are stored on one server, SVRUS-DNS1
- Network bandwidth is extremely limited due to all the queries coming to one server, which continually crashes.
- Germany, (DE) including two cities was will be coming on line shortly. The original plan was to add DE to the current domain DNS-ZONE.COM
Considering that the folks in management are not technically minded you plan to present your solutions in terms that they will understand.
- Just as Steve the CEO of the company has delegated control of the company’s five different locations to five different people, we are proposing that we will split up or delegate administrative control to servers strategically placed within each location of the company.
- In this slide if a request for information comes in to the US site for the site in Germany, the DNS server in the US would pass that request onto the DNS server at the DE site.
With this strategy, we will accomplish the following:
- Delegate administrative authority. Instead of the IT group in the US handling all the requests for Germany. The IT group in Germany will take administrative control of their own namespace.
- Improved Performance – Instead of one server handling all the DNS requests, any traffic for the DE site coming into the US server will be pointed to the DE server.
- Expand the namespace – As it is advantageous to expand the business into Germany. DNS allows for expansion of the namespace as well.
Management requests that you start work immediately. The CEO asks that you start with the DE site.
- You ask the DE IT department to setup a new server called SVR-DE-DNS1
- Remotely you install DNS then Active Directory, and promote the server to a Domain Controller and create a new child domain called DE.DNS-ZONE.COM
- From the DE server (SVR-DE-DNS1) open Server Manager, Tools, then open DNS Manager.
Let’s take a look at the current status of DNS after the server has been promoted to a domain controller.
The important points are:
- The forward lookup zone DE.DNS-ZONE.COM has been created.
- The start of authority for this zone is the server (SVR-DE-DNS1.DE) notice the zone name has been appended to the server name. The start of authority stores settings about how often the zone should be replicated.
- The name server record – Designates which server is authoritative for the zone or which server has an up to date copy of the zone data. In this case the server (SVRDE-DNS1.DE) is authoritative for the zone DE.DNS-ZONE.COM
- A-host record – In this instance, the A-host record maps the server svr-de-dns1 to the IP address 192.168.0.11
Now lets switch over to the US server and create our delegation.
From the US server (SVR-US-DNS1) open Server Manager, Tools, then open DNS Manager.
Let’s take a look at the current status of DNS. RT click on the zone – DNS-ZONE.COM
Select New Delegation
Type in the name of the domain that you want to delegate. In other words, what domain will the US server (SVR-US-DNS1) pass all the requests (queries) too. In this case the domain will be DE. The wizard automatically appends the FQDN. Click next.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.