設定名稱解析為聯盟 dns 伺服器 Proxy 區域該服務,這兩個周邊網路和網際網路戶端Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Both the Perimeter Network and Internet Clients

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

這樣的名稱解析可以成功適用於聯盟伺服器 proxy 一或多個 (DNS) 網域名稱系統區域做周邊網路和網際網路戶端 Active Directory 同盟服務 (AD FS) 案例中,必須完成以下工作:So that name resolution can work successfully for a federation server proxy in an Active Directory Federation Services (AD FS) scenario in which one or more Domain Name System (DNS) zones serve both the perimeter network and Internet clients, the following tasks must be completed:

  • 您可以控制網際網路區域中的 DNS 必須設定為解析所有網際網路 client 要求 AD fs 都主機聯盟 proxy 伺服器的名稱。DNS in the Internet zone that you control must be configured to resolve all Internet client requests for the AD FS host name to the federation server proxy. 若要完成此動作,您加入主機 (A) 資源記錄網際網路 DNS 區域聯盟 proxy 伺服器。To accomplish this, you add a host (A) resource record to the Internet DNS zone for the federation server proxy.

  • 必須設定周邊網路的 DNS 解析所有連 client 要求 AD fs 主機聯盟伺服器的名稱。DNS in the perimeter network must be configured to resolve all incoming client requests for the AD FS host name to the federation server. 若要完成此動作,您加入主機 (A) 資源記錄周邊 DNS 區域聯盟 proxy 伺服器。To accomplish this, you add a host (A) resource record to the perimeter DNS zone for the federation server proxy.

注意

假設的主機 (A) 資源建立一筆資料聯盟伺服器已被 DNS 公司網路中。It is assumed that a host (A) resource record for the federation server has already been created in the corporate network DNS. 如果這個記錄還不存在,建立這個記錄,然後執行下列程序。If this record does not yet exist, create this record and then perform these procedures. 如需有關如何來建立主機 (A) 資源聯盟伺服器的資訊,請查看新增主機和 #40;A 與 #41;企業的 DNS 伺服器聯盟資源記錄For more information about how to create a host (A) resource record for the federation server, see Add a Host (A) Resource Record to Corporate DNS for a Federation Server.

新增網際網路 DNS 時區主機 (A) 資源記錄聯盟 proxy 伺服器Add a host (A) resource record to the Internet DNS zone for a federation server proxy

這樣 client 網際網路上的電腦已成功可以存取聯盟伺服器透過部署新聯盟 proxy 伺服器,您必須先建立主機 (A) 資源記錄您控制網際網路 DNS 區域。So that client computers on the Internet can successfully access a federation server through a newly deployed federation server proxy, you must first create a host (A) resource record in the Internet DNS zone that you control. 此資源記錄解析主機伺服器的名稱 account 聯盟 \ (例如,fs.fabrikam.com) proxy account 聯盟伺服器的 IP 位址 \ (例如,131.107.27.68) 周邊網路中。This resource record resolves the host name of the account federation server (for example, fs.fabrikam.com) to the IP address of the account federation server proxy (for example, 131.107.27.68) in the perimeter network.

注意

假設您使用執行 Windows 2000 Server、Windows Server 2003 或 Windows Server 2008 的 DNS 伺服器服務的 DNS 伺服器控制網際網路 DNS 區域。It is assumed that you are using a DNS server running Windows 2000 Server, Windows Server 2003, or Windows Server 2008 with the DNS Server service to control the Internet DNS zone.

資格在系統管理員,或相當於,才能完成此程序最小值。Membership in Administrators, or equivalent, is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

新增網際網路 DNS 時區主機 (A) 資源記錄聯盟 proxy 伺服器To add a host (A) resource record to the Internet DNS zone for a federation server proxy

  1. 在 [網際網路 DNS 區域的 DNS 伺服器,開放 DNS snap\ 中。On a DNS server for the Internet DNS zone, open the DNS snap-in.

  2. 在主機中樹狀結構 right\ 按一下適用的正向對應區域,,然後按一下新主機 (A or AAAA)In the console tree, right-click the applicable forward lookup zone, and then click New Host (A or AAAA).

  3. 名稱,輸入只聯盟伺服器的電腦名稱。In Name, type only the computer name of the federation server. 例如的完整網域名稱 (FQDN) fs.fabrikam.com,輸入fsFor example, for the fully qualified domain name (FQDN) fs.fabrikam.com, type fs.

  4. 的 IP 位址,輸入新聯盟伺服器 proxy,例如 131.107.27.68 的 IP 位址。In IP address, type the IP address for the new federation server proxy, for example, 131.107.27.68.

  5. 按一下新增主機Click Add Host.

新增至周邊 DNS 區域主機 (A) 資源記錄聯盟 proxy 伺服器Add a host (A) resource record to the perimeter DNS zone for a federation server proxy

可讓網際網路 client 要求處理聯盟 proxy 伺服器成功並到達聯盟伺服器網際網路 DNS 區域解析之後,您必須建立主機 (A) 資源記錄周邊 DNS 區域中。So that Internet client requests can be processed successfully by the federation server proxy and reach the federation server after they are resolved by the Internet DNS zone, you must create a host (A) resource record in the perimeter DNS zone. 此資源記錄解析主機伺服器的名稱 account 聯盟 \ (例如 fs。This resource record resolves the host name of the account federation server (for example, fs. fabrikam.com) account 聯盟伺服器的 IP 位址 \ (例如,192.168.1.4) 公司網路中。fabrikam.com) to the IP address of the account federation server (for example, 192.168.1.4) in the corporate network.

注意

假設您使用執行 Windows 2000 Server、Windows Server 2003、Windows Server 2008 或 Windows Server® 2012 年的 DNS 伺服器服務的 DNS 伺服器控制周邊 DNS 區域。It is assumed that you are using a DNS server running Windows 2000 Server, Windows Server 2003, Windows Server 2008 , or Windows Server® 2012 with the DNS Server service to control the perimeter DNS zone.

資格在系統管理員,或相當於,才能完成此程序最小值。Membership in Administrators, or equivalent, is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

若要主機 (A) 資源記錄周邊 DNS 時區新增聯盟 proxy 伺服器To add a host (A) resource record to the perimeter DNS zone for a federation server proxy

  1. 在周邊網路的 DNS 伺服器,請打開DNS snap\ 在On a DNS server for the perimeter network, open the DNS snap-in.

  2. 在主機中樹狀結構 right\ 按一下適用的正向對應區域,,然後按一下新主機 (A or AAAA)In the console tree, right-click the applicable forward lookup zone, and then click New Host (A or AAAA).

  3. 名稱,輸入只聯盟伺服器的電腦名稱。In Name, type only the computer name of the federation server. 例如,fqdn fs.fabrikam.com 中,輸入fsFor example, for the FQDN fs.fabrikam.com, type fs.

  4. 的 IP 位址文字方塊中,輸入 IP 位址的企業網路,在聯盟伺服器,例如 192.168.1.4。In the IP address text box, type the IP address for the federation server in the corporate network, for example, 192.168.1.4.

  5. 按一下新增主機Click Add Host.

其他參考資料Additional references

檢查清單︰ 聯盟 Proxy 伺服器設定Checklist: Setting Up a Federation Server Proxy

聯盟的 Proxy 伺服器的名稱解析需求Name Resolution Requirements for Federation Server Proxies