Creating an Application Directory Partition for DNS | Kickoff

Creating an Application Directory Partition for DNS

21 Aug

In this practice, you will create a custom application directory partition and then modify the
Nwtraders.msft zone to store data in that partition. (Note that zone data can only be stored in
directory partitions for Active Directory–integrated zones.)
 Exercise 1 Creating the New Application Directory Partition
In this exercise, you will create an application directory partition on Dcsrv1.
1. Log on to Nwtraders from Dcsrv1 as a domain administrator.
2. At an elevated command prompt, type the following:
dnscmd . /createdirectorypartition DNSpartitionA.nwtraders.msft
This command creates an application directory partition that will replicate in Active
Directory only to domain controllers that you enlist in the partition. You do not need to
enlist the local server in the partition.
 Exercise 2 Storing Zone Data in the New Application Directory Partition
In this exercise, you will modify the properties of the Nwtraders.msft zone so that its data is
stored in the new application directory partition you have just created.
1. While you are logged on to Nwtraders from Dcsrv1 as a domain administrator, open
DNS Manager.
2. In the DNS Manager console tree, expand the Forward Lookup Zones folder, select and
then right-click the Nwtraders.msft zone, and then choose Properties.
206 Chapter 3 Configuring a DNS Zone Infrastructure
3. In the General tab of the Nwtraders.msft Properties dialog box, click the Change button
for replication. This button is found directly to the right of the text “Replication: All DNS
Servers In This Domain.”
4. In the Change Zone Replication Scope dialog box that opens, select To All Domain Controllers
In The Scope Of This Directory Partition.
5. In the associated drop-down list box, select DNSpartitionA.nwtraders.msft, and then
click OK.
6. In the Nwtraders.msft Properties dialog box, click OK.
The Nwtraders.msft zone data is now stored in the new application directory partition
you have created on Dcsrv1. Other domain controllers that are DNS servers in the
Nwtraders.msft forest will receive a copy of the Nwtraders.msft primary zone only if you
later enlist those servers in the new partition by using the following command:
dnscmd <server name> /enlistdirectorypartition DNSpartitionA.nwtraders.msft
PRACTICE Deploying a Secondary Zone
In this practice, you will create a secondary DNS zone for Nwtraders.msft on the Boston server.
Because the Boston server is not a domain controller, it cannot host an Active Directory–
integrated copy of the Nwtraders.msft primary zone. In a production environment you
might choose to install a secondary zone when you want to install a DNS server without
installing a domain controller.
 Exercise 1 Adding the DNS Server Role
In this exercise, you will install the DNS server role on the Boston server.
1. Log on to Nwtraders from Boston as a domain administrator.
2. If the Initial Configuration Tasks window appears, click Add Roles. Otherwise, open
Server Manager and click Add Roles in the details pane.
3. On the Before You Begin page of the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the DNS Server check box, and then click Next.
5. On the DNS Server page, read all of the text, and then click Next.
6. On the Confirm Installation Selections page, click Install.
7. After the installation completes, on the Installation Results page, click Close.
Lesson 2: Configuring Zone Replication and Transfers 207
 Exercise 2 Creating the Secondary Zone
In this exercise, you will create a secondary zone named Nwtraders.msft on Boston.nwtraders.
msft.
1. While you are still logged on to Nwtraders from Boston as a domain administrator, open
DNS Manager.
2. Expand the DNS Manager console tree.
3. In the DNS Manager console tree, select and then right-click the Forward Lookup Zones
folder, and then choose New Zone.
The Welcome page of the New Zone Wizard appears.
4. Click Next.
5. On the Zone Type page, read all of the text, and then select Secondary Zone.
Note that the option to store the zone in Active Directory is dimmed. This choice is
unavailable because the local computer is not a domain controller.
6. Click Next.
7. On the Zone Name page, in the Zone Name text box, type nwtraders.msft. Click Next.
8. On the Master DNS Servers page, read the text on the page.
9. In the Master Servers area, type 192.168.0.1, and then press Enter.
10. Wait about 30 seconds for the name DCSRV1 to appear beneath the Server FQDN heading
in the Master Servers area. Click Next.
11. On the Completing The New Zone Wizard page, click Finish.
The new zone now appears in DNS Manager.
12. In the DNS Manager console tree, select the Nwtraders.msft forward lookup zone.
An error message that appears in the details pane indicates that the zone is not loaded
by the DNS server. The problem is that you have not enabled zone transfers in the properties
of the primary zone on Dcsrv1.
 Exercise 3 Enabling Zone Transfers to the Secondary Zone
In this exercise, you will enable zone transfers to the Boston computer from Dcsrv1.
1. Log on to Nwtraders from Dcsrv1 as a domain administrator.
2. Open DNS Manager.
3. Expand the DNS Manager console tree.
4. Right-click the Nwtraders.msft forward lookup zone, and then choose Properties.
5. In the Nwtraders.msft Properties dialog box, click the Zone Transfers tab.
6. In the Zone Transfers tab, select the Allow Zone Transfers check box.
7. Verify that To Any Server is selected, and then click OK.
208 Chapter 3 Configuring a DNS Zone Infrastructure
 Exercise 4 Transfer the Zone Data
In this exercise, you will load the zone data from the primary zone to the secondary zone. You
will perform this exercise while logged on to Nwtraders from the Boston computer as a
domain administrator.
1. On Boston, in the DNS Manager console tree, right-click the Nwtraders.msft forward
lookup zone, and then choose Transfer From Master. If you see an error, wait 15 seconds,
and then press F5 or select Refresh from the Action menu.
2. The Nwtraders.msft zone data eventually appears in the details pane of DNS Manager.
Note that the application directory partition DNSpartitionA appears above DomainDNSZones
and ForestDNSZones.
 Exercise 5 Creating an NS Record for the Server Hosting the Secondary Zone
In this exercise, you will create an NS record for the Boston DNS server in the primary zone.
Note that you cannot create an NS record for a secondary zone server from within the secondary
zone itself because a secondary zone is a read-only copy of the zone.
You perform this exercise while logged on to Nwtraders from Dcsrv1 as a domain administrator.
1. On Dcrsv1, in the DNS Manager console tree, select the Nwtraders.msft zone.
In the details pane, note that the only name server (NS) record included in the zone
points to dcsrv1.nwtraders.msft. The fact that there is only one such NS record means
that even if the DNS domain were connected to a larger DNS namespace, information
about names in the Nwtraders.msft domain will always originate from Dcsrv1.
2. In the detail pane, double-click the NS record.
The Nwtraders.msft Properties dialog box opens, and the Name Servers tab is selected.
3. Click the Add button.
4. In the New Name Server Record dialog box, in the Server Fully Qualified Domain Name
(FQDN) text box, type boston.nwtraders.msft, and then click Resolve.
The name is resolved to an IPv6 address and an IPv4 address.
5. In the New Name Server Record dialog box, click OK.
6. In the Nwtraders.msft Properties dialog box, click the Zone Transfers tab.
7. Select Only To Servers Listed On The Name Servers Tab.
This setting provides security for the zone by restricting copies (transfers) of the zone
data to only authorized servers.
8. In the Nwtraders.msft Properties dialog box, click OK.
In the details pane of DNS Manager, a new NS record appears that points to boston.
nwtraders.msft.
9. Close all windows and log off both servers.

No comments yet

Leave a Reply

You must be logged in to post a comment.