Configuring and Managing the DNS Server Role Lesson 4 Skills Matrix Technology Skill Objective Domain Objective # Installing the DNS Server Role Configure a Domain Name System (DNS) server 2.1 Introducing DNS Zones Configure DNS zones 2.2 Configuring DNS Resource Records Configure DNS records 2.3 Configuring Active DirectoryIntegrated Zones Configure DNS replication 2.4 Introducing the DNS Name Resolution Process Configure name resolution for client 2.5 Domain Name System (DNS) • Because DNS plays such a key role in Windows Server 2008. • Without DNS, your network will most likely not function — clients won’t be able to resolve names to Internet Protocol (IP) addresses. • In addition, Active Directory clients use DNS to locate domain controllers. HOST file • Before DNS, name resolution was handled through the use of text files called HOSTS files that were stored locally on each computer. • The HOSTS file listed each name of the host and its corresponding IP address. • Whenever a new host was added to the network, an administrator would manually update the HOSTS file with the new host name or IP address information. Domain Name System • DNS because of the following benefits: – Scalability – Constancy – Ease of Use – Simplicity DNS Namespaces • A DNS namespace is a hierarchical, treestructured list of DNS host names, starting at an unnamed root that is used for all DNS operations. • Each domain can have additional child domains. DNS Namespaces DNS Namespaces • The DNS namespace has a hierarchical structure and each DNS domain name is unique within a namespace. • At the top of the Internet DNS namespace is the root domain. – The root domain is represented by “.” (a period). DNS Namespaces • Under the DNS root domain, the top-level domains, or first-level domains, are organizational types such as .org, .com, and .edu. – Generic — generic, top-level domain names. – Country code — Examples of country code domain names are .uk., .jp, and .us. – Infrastructure domain — .arpa is the Internet’s infrastructure domain name. DNS Namespaces Traditional Top-Level Domain Names • com – Commercial. • .edu – Education. • .gov – Agencies of U.S. federal government. • .net – Computers of network providers and ISPs. • .org – Nongovernmental and nonprofit organizations. DNS Namespaces • Second-level domains are registered to individuals or organizations. • Second-level DNS domains can have many subdomains, and any domain can have hosts. • A host is a specific computer or other network device within a domain. Fully Qualified Domain Name (FQDN) • DNS uses the fully qualified domain name (FQDN) to map a host name to an IP address. • An FQDN describes the exact relationship between a host and its DNS domain. DNS Server Types • DNS server types are determined by the type of zone or zones they host and by the functions they perform. • A DNS server may host either primary or secondary zones or both. • If the server doesn’t host any zones, it is referred to a caching-only server. • A server is said to be authoritative for a particular zone if it hosts a primary or secondary zone for a particular DNS domain. Primary Name Server • Primary name servers have been configured with one or more primary DNS zones. • When a change is made to the zone data, such as adding resource records to the zone, the changes must be made on the primary server for that zone; these changes will then propagate to secondary name servers. Secondary Name Server • A secondary name server hosts one or more secondary zone databases. • Because a zone transfer is used to create a secondary zone, the primary name server and zone already must exist to create a secondary name server. Caching-Only Server • Caching-only servers do not host any zones and are not authoritative for any domain. • Caching-only DNS servers start with an empty cache and then add resource record entries as the server fulfills client requests. • This information is then available from its cache when answering subsequent client queries. • A caching-only DNS server is valuable at a site when DNS functionality is needed locally but when creating a separate domain or zone is not desirable. AD-Integrated Zones • Zones are stored in Active Directory. • No distinction between primary and secondary servers. • Changes made on one DNS server are replicated to other DNS Server. Installing the DNS Server Role • Before you can use DNS Server Role, you must install it with Server Manger. Zones • DNS hierarchical structure is that workload for name resolution is distributed across many different resources. • For administrative purposes, DNS domains can be organized into zones. • A zone is a collection of host name–to–IP address mappings for hosts in a contiguous portion of the DNS namespace. Zones • Zone data is maintained on a DNS name server and is stored in one of two ways: – As a text-based zone file containing lists of mappings, called a standard zone or a filebacked zone. – Within an Active Directory database, called an Active Directory–integrated zone. Standard Primary Zone • A standard primary zone hosts a read/write copy of the DNS zone in which resource records are created and managed. • Only one server can host and load the master copy of the zone. – no additional primary servers for the zone are permitted, and only the server hosting the primary zone is allowed to accept dynamic updates and process zone changes. Standard Secondary Zone • A copy of the zone file may be stored on one or more servers to balance network load, provide fault tolerance, or avoid forcing queries across a slow, wide area network (WAN) link. • This standard secondary zone is a read-only copy of the standard primary DNS zone. • Information from a primary zone is transmitted to a secondary zone by performing a zone transfer, which is done by copying the zone file from the primary server to a secondary server. Zone Transfers • A zone transfer can be a full zone transfer (called an AXFR), in which the entire contents of the zone is copied from the primary server to the secondary server during each zone transfer. • An incremental zone transfer (called an IXFR), in which only changed information is transmitted after an initial AXFR, in order to cut down on bandwidth usage between. Forward Lookup Zone • Most queries sent to a DNS server are forward queries. – They request an IP address based on a DNS name. Includes Host (A) resource records that translate form host name to IP address. Reverse Lookup Zone • The Reverse Lookup zone is in-addr.arpa domain. • Enables a host to determine another host’s name based on its IP address. – Contains the Pointer (PTR) resource record that translates from IP addresses to host names. Stub Zone • A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative DNS servers for that zone. • A stub zone is a pointer to the DNS server that is authoritative for that zone, and it is used to maintain or improve DNS resolution efficiency. • The stub zone contains a subset of zone data consisting of an SOA, an NS, and an A record. • Like a standard secondary zone, resource records in the stub zone cannot be modified; they must be modified at the primary zone. Resource Records • The resource record is the fundamental data storage unit in all DNS servers. – Start of Authority (SOA) – Name Server (NS) – Host (A) – Host (AAAA) – Canonical Name (CNAME) – Mail Exchanger (MX) – Pointer (PTR) – Service Record (SRV) Start of Authority (SOA) Resource Records • Identifies which name server is the authoritative source of information for data within this domain. – The first record in the zone database file must be an SOA record. In the Windows Server 2008 DNS server, SOA records are created automatically with default values when you create a new zone. Start of Authority (SOA) Resource Records Resource Records Name Server (NS) Resource Records • Identifies the name server that is the authority for the particular zone or domain; that is, the server that can provide an authoritative name-to-IP address mapping for a zone or domain. Name Server (NS) Resource Records A and AAAA Resource Records • The A resource record is the fundamental data unit of the DNS that is used to translate the host name to the IPv4 address. • The AAAA resource record is used to translate the host name to the IPv6 address. • The Pointer (PTR) resource record is the functional opposite of the A record, providing an IP address-to-name mapping, which is found in the reverse lookup zones. A and AAAA Resource Records Canonical Name (CNAME) Resource Record • Sometimes called an Alias record, is used to specify an alternative name for the system specified in the Name field. Canonical Name (CNAME) Resource Record Mail Exchanger (MX) Resource Records • Identifies the email servers for a domain. Mail Exchanger (MX) Resource Records Service Record (SRV) • Enables clients to locate servers that are providing a particular service. – Windows Server 2008 Active Directory clients rely on the SRV record to locate the domain controllers they need to validate logon requests. Service Record (SRV) Root Hints • DNS servers resolve DNS queries using local authoritative or cached data. • But if the server does not contain the requested data and is not authoritative for the name in a query, it may perform recursive resolution or return a referral to another DNS server depending on whether the client requested recursion. • The DNS Server service must be configured with root hints to resolve queries for names that it is not authoritative for or for which it contains no delegations. • Root hints contain the names and IP addresses of the DNS servers authoritative for the root zone. You can use the DNS console to manage the list of root servers, as well as the dnscmd command-line utility. Root Hints • By default, DNS servers use a root hints file, called cache.dns, on Microsoft DNS servers. • The cache.dns file is stored in the %systemroot%\System32\Dns folder on the server computer. • When the server starts, cache.dns is preloaded into server memory. • By using root hints to find root servers, a DNS server is able to complete recursive queries. Iterative Query Recursive Query DNS Resolver Cache • Any Windows computer, key the following at a command prompt: ipconfig /displaydns: • To purge the cache, key the following at a command prompt: ipconfig /flushdns: Forwarders • A forwarder is a DNS server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. • A conditional forwarder forwards queries on the basis of domain name. Forwarders Forwarders Using NsLookup Using NsLookup Using NsLookup Dnscmd Command • You can use the Dnscmd command-line tool to perform most of the tasks that you can do from the DNS console. • This tool can be used to script batch files, to help automate the management and updates of existing DNS server configurations, or to perform setup and configuration of DNS servers. Advanced DNS Server Properties • Advanced DNS server properties refer to the settings that can be configured in the Advanced tab of the DNS Server Properties dialog box. • These properties relate to server-specific features, such as disabling recursion, handling resolution of multi-homed hosts, and achieving compatibility with nonMicrosoft DNS servers. Advanced DNS Server Properties Summary • DNS names and the DNS protocol are required for Active Directory domains and for compatibility with the Internet. • The DNS namespace is hierarchical and based on a unique root that can have any number of subdomains. • An FQDN is the name of a DNS host in this namespace indicating the host’s location relative to the root of the DNS domain tree. – An example of an FQDN is host1.subdomain.microsoft.com. Summary • A DNS zone is a contiguous portion of a namespace for which a server is authoritative. • A server can be authoritative for one or more zones and a zone can contain one or more contiguous domains. • A DNS server is authoritative for a zone if it hosts the zone, either as a primary or secondary DNS server. • Each DNS zone contains the resource records it needs to answer queries for its portion of the DNS namespace. Summary • There are several types of DNS servers: primary, secondary, master name, and caching-only. Summary • A DNS server that hosts a primary DNS zone is said to act as a primary DNS server. • Primary DNS servers store original source data for zones. • With Windows Server 2003, you can implement primary zones in one of two ways: as standard primary zones (zone data is stored in a text file) or as an Active Directory–integrated zone (zone data is stored in the Active Directory database). Summary • A DNS server that hosts a secondary DNS server is said to act as a secondary DNS server. • Secondary DNS servers are authoritative backup servers for the primary server. • The servers from which secondary servers acquire zone information are called masters. • A caching-only server forwards requests to other DNS servers and hosts no zones, but builds a cache of frequently requested records. Summary • Recursion is one of the two process types for DNS name resolution. • A DNS client will request that a DNS server provide a complete answer to a query that does not include pointers to other DNS servers, effectively shifting the workload of resolving the query from the client to the DNS server. Summary • For the DNS server to perform recursion properly, the server needs to know where to begin searching for names in the DNS namespace. • This information is provided by the root hints file, cache.dns, which is stored on the server computer. Summary • A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. • Conditional forwarding enables a DNS server to forward queries to other DNS servers based on the DNS domain names in the queries.