TAILIEUCHUNG - mcse exam 70-293 planning and maintaining a windows server 2003 network infrastructure phần 5

Một cách để giảm thiểu nguy cơ của việc sử dụng các máy chủ BIND để cập nhật động là để tạo ra các tên miền phụ để lưu trữ các dữ liệu AD DNS. Ví dụ, nếu tên miền , bạn có thể tạo ra một khu vực riêng biệt được gọi là tạo ra khu vực này, bạn phải phát hành | 398 Chapter 6 Planning Implementing and Maintaining a Name Resolution Strategy One way to mitigate the risk of using BIND servers for dynamic updates is to create subdomains to host the AD DNS data. For example if the domain name is you can create a separate zone called create this zone you must issue a zone statement specifying the zone name and the location of the files in the file on the BIND server. However Microsoft Active Directory-integrated zones still provide a much higher level of security. For this reason it is preferable to use Active Directory-integrated zones. BIND administrators can delegate authority to a subdomain hosted in Active Directory-integrated zones and configure BIND servers as secondaries to this zone to enhance fault tolerance and availability. Split DNS Configuration Many organizations want to use the same name on their internal network as they do on their publicly available external network. For example suppose that a company s name is and its Web server and e-mail servers located in the DMZ use this domain name in their FQDN. The company also wants to use this name for its AD domain on the internal network. This situation creates a number of challenges. Foremost among these is security of internal DNS records. It is not desirable to expose internal host names and IP addresses to external clients even if these hosts cannot be reached by external clients because of restrictions on the firewall. Also it is not a recommended DNS best practice to include any record in a zone file for a host that is unreachable. At a minimum a properly secured DNS configuration requires that the DNS records for the internal namespace be accessible to internal clients only and not accessible to external clients. Furthermore internal clients should be able to resolve queries for external hosts on the Internet so that e-mail servers are able to send mail to external hosts and users are able to connect

Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.