lesson04

advertisement
Configuring and Managing
the DNS Server Role
Lesson 4
Skills Matrix
Technology Skill
Objective Domain
Objective #
Installing the DNS Server
Role
Configure a Domain
Name System (DNS)
server
2.1
Introducing DNS Zones
Configure DNS zones
2.2
Configuring DNS Resource
Records
Configure DNS records
2.3
Configuring Active
DirectoryIntegrated Zones
Configure DNS replication
2.4
Introducing the DNS Name
Resolution Process
Configure name resolution
for client
2.5
Domain Name System (DNS)
• Because DNS plays such a key role in
Windows Server 2008.
• Without DNS, your network will most likely
not function — clients won’t be able to
resolve names to Internet Protocol (IP)
addresses.
• In addition, Active Directory clients use DNS
to locate domain controllers.
HOST file
• Before DNS, name resolution was handled
through the use of text files called HOSTS
files that were stored locally on each
computer.
• The HOSTS file listed each name of the host
and its corresponding IP address.
• Whenever a new host was added to the
network, an administrator would manually
update the HOSTS file with the new host
name or IP address information.
Domain Name System
• DNS because of the following benefits:
– Scalability
– Constancy
– Ease of Use
– Simplicity
DNS Namespaces
• A DNS namespace is a hierarchical, treestructured list of DNS host names, starting
at an unnamed root that is used for all DNS
operations.
• Each domain can have additional child
domains.
DNS Namespaces
DNS Namespaces
• The DNS namespace has a hierarchical
structure and each DNS domain name is
unique within a namespace.
• At the top of the Internet DNS namespace is
the root domain.
– The root domain is represented by “.” (a
period).
DNS Namespaces
• Under the DNS root domain, the top-level
domains, or first-level domains, are
organizational types such as .org, .com, and
.edu.
– Generic — generic, top-level domain names.
– Country code — Examples of country code
domain names are .uk., .jp, and .us.
– Infrastructure domain — .arpa is the
Internet’s infrastructure domain name.
DNS Namespaces
Traditional Top-Level Domain Names
• com – Commercial.
• .edu – Education.
• .gov – Agencies of U.S. federal government.
• .net – Computers of network providers and
ISPs.
• .org – Nongovernmental and nonprofit
organizations.
DNS Namespaces
• Second-level domains are registered to
individuals or organizations.
• Second-level DNS domains can have many
subdomains, and any domain can have
hosts.
• A host is a specific computer or other
network device within a domain.
Fully Qualified Domain Name (FQDN)
• DNS uses the fully qualified domain name
(FQDN) to map a host name to an IP
address.
• An FQDN describes the exact relationship
between a host and its DNS domain.
DNS Server Types
• DNS server types are determined by the type
of zone or zones they host and by the
functions they perform.
• A DNS server may host either primary or
secondary zones or both.
• If the server doesn’t host any zones, it is
referred to a caching-only server.
• A server is said to be authoritative for a
particular zone if it hosts a primary or
secondary zone for a particular DNS domain.
Primary Name Server
• Primary name servers have been configured
with one or more primary DNS zones.
• When a change is made to the zone data,
such as adding resource records to the zone,
the changes must be made on the primary
server for that zone; these changes will then
propagate to secondary name servers.
Secondary Name Server
• A secondary name server hosts one or more
secondary zone databases.
• Because a zone transfer is used to create a
secondary zone, the primary name server
and zone already must exist to create a
secondary name server.
Caching-Only Server
• Caching-only servers do not host any zones and are
not authoritative for any domain.
• Caching-only DNS servers start with an empty
cache and then add resource record entries as the
server fulfills client requests.
• This information is then available from its cache
when answering subsequent client queries.
• A caching-only DNS server is valuable at a site
when DNS functionality is needed locally but when
creating a separate domain or zone is not
desirable.
AD-Integrated Zones
• Zones are stored in Active Directory.
• No distinction between primary and
secondary servers.
• Changes made on one DNS server are
replicated to other DNS Server.
Installing the DNS Server Role
• Before you can use DNS Server Role, you
must install it with Server Manger.
Zones
• DNS hierarchical structure is that workload
for name resolution is distributed across
many different resources.
• For administrative purposes, DNS domains
can be organized into zones.
• A zone is a collection of host name–to–IP
address mappings for hosts in a contiguous
portion of the DNS namespace.
Zones
• Zone data is maintained on a DNS name
server and is stored in one of two ways:
– As a text-based zone file containing lists of
mappings, called a standard zone or a filebacked zone.
– Within an Active Directory database, called
an Active Directory–integrated zone.
Standard Primary Zone
• A standard primary zone hosts a read/write
copy of the DNS zone in which resource
records are created and managed.
• Only one server can host and load the
master copy of the zone.
– no additional primary servers for the zone are
permitted, and only the server hosting the
primary zone is allowed to accept dynamic
updates and process zone changes.
Standard Secondary Zone
• A copy of the zone file may be stored on one or
more servers to balance network load, provide
fault tolerance, or avoid forcing queries across a
slow, wide area network (WAN) link.
• This standard secondary zone is a read-only copy
of the standard primary DNS zone.
• Information from a primary zone is transmitted to a
secondary zone by performing a zone transfer,
which is done by copying the zone file from the
primary server to a secondary server.
Zone Transfers
• A zone transfer can be a full zone transfer
(called an AXFR), in which the entire
contents of the zone is copied from the
primary server to the secondary server
during each zone transfer.
• An incremental zone transfer (called an
IXFR), in which only changed information is
transmitted after an initial AXFR, in order to
cut down on bandwidth usage between.
Forward Lookup Zone
• Most queries sent to a DNS server are
forward queries.
– They request an IP address based on a DNS
name. Includes Host (A) resource records
that translate form host name to IP address.
Reverse Lookup Zone
• The Reverse Lookup zone is in-addr.arpa
domain.
• Enables a host to determine another host’s
name based on its IP address.
– Contains the Pointer (PTR) resource record
that translates from IP addresses to host
names.
Stub Zone
• A stub zone is a copy of a zone that contains only
those resource records necessary to identify the
authoritative DNS servers for that zone.
• A stub zone is a pointer to the DNS server that is
authoritative for that zone, and it is used to
maintain or improve DNS resolution efficiency.
• The stub zone contains a subset of zone data
consisting of an SOA, an NS, and an A record.
• Like a standard secondary zone, resource records
in the stub zone cannot be modified; they must be
modified at the primary zone.
Resource Records
• The resource record is the fundamental data
storage unit in all DNS servers.
– Start of Authority (SOA)
– Name Server (NS)
– Host (A)
– Host (AAAA)
– Canonical Name (CNAME)
– Mail Exchanger (MX)
– Pointer (PTR)
– Service Record (SRV)
Start of Authority (SOA) Resource Records
• Identifies which name server is the
authoritative source of information for data
within this domain.
– The first record in the zone database file
must be an SOA record. In the Windows
Server 2008 DNS server, SOA records are
created automatically with default values
when you create a new zone.
Start of Authority (SOA) Resource Records
Resource Records
Name Server (NS) Resource Records
• Identifies the name server that is the
authority for the particular zone or domain;
that is, the server that can provide an
authoritative name-to-IP address mapping
for a zone or domain.
Name Server (NS) Resource Records
A and AAAA Resource Records
• The A resource record is the fundamental
data unit of the DNS that is used to translate
the host name to the IPv4 address.
• The AAAA resource record is used to
translate the host name to the IPv6 address.
• The Pointer (PTR) resource record is the
functional opposite of the A record, providing
an IP address-to-name mapping, which is
found in the reverse lookup zones.
A and AAAA Resource Records
Canonical Name (CNAME) Resource Record
• Sometimes called an Alias record, is used to
specify an alternative name for the system
specified in the Name field.
Canonical Name (CNAME) Resource Record
Mail Exchanger (MX) Resource Records
• Identifies the email servers for a domain.
Mail Exchanger (MX) Resource Records
Service Record (SRV)
• Enables clients to locate servers that are
providing a particular service.
– Windows Server 2008 Active Directory clients
rely on the SRV record to locate the domain
controllers they need to validate logon
requests.
Service Record (SRV)
Root Hints
• DNS servers resolve DNS queries using local authoritative
or cached data.
• But if the server does not contain the requested data and is
not authoritative for the name in a query, it may perform
recursive resolution or return a referral to another DNS
server depending on whether the client requested
recursion.
• The DNS Server service must be configured with root hints
to resolve queries for names that it is not authoritative for
or for which it contains no delegations.
• Root hints contain the names and IP addresses of the DNS
servers authoritative for the root zone. You can use the DNS
console to manage the list of root servers, as well as the
dnscmd command-line utility.
Root Hints
• By default, DNS servers use a root hints file,
called cache.dns, on Microsoft DNS servers.
• The cache.dns file is stored in the
%systemroot%\System32\Dns folder on the
server computer.
• When the server starts, cache.dns is
preloaded into server memory.
• By using root hints to find root servers, a
DNS server is able to complete recursive
queries.
Iterative Query
Recursive Query
DNS Resolver Cache
• Any Windows computer, key the following at
a command prompt:
ipconfig /displaydns:
• To purge the cache, key the following at a
command prompt:
ipconfig /flushdns:
Forwarders
• A forwarder is a DNS server on a network
used to forward DNS queries for external
DNS names to DNS servers outside of that
network.
• A conditional forwarder forwards queries on
the basis of domain name.
Forwarders
Forwarders
Using NsLookup
Using NsLookup
Using NsLookup
Dnscmd Command
• You can use the Dnscmd command-line tool
to perform most of the tasks that you can do
from the DNS console.
• This tool can be used to script batch files, to
help automate the management and
updates of existing DNS server
configurations, or to perform setup and
configuration of DNS servers.
Advanced DNS Server Properties
• Advanced DNS server properties refer to the
settings that can be configured in the
Advanced tab of the DNS Server Properties
dialog box.
• These properties relate to server-specific
features, such as disabling recursion,
handling resolution of multi-homed hosts,
and achieving compatibility with nonMicrosoft DNS servers.
Advanced DNS Server Properties
Summary
• DNS names and the DNS protocol are required for
Active Directory domains and for compatibility with
the Internet.
• The DNS namespace is hierarchical and based on
a unique root that can have any number of subdomains.
• An FQDN is the name of a DNS host in this
namespace indicating the host’s location relative
to the root of the DNS domain tree.
– An example of an FQDN is
host1.subdomain.microsoft.com.
Summary
• A DNS zone is a contiguous portion of a
namespace for which a server is authoritative.
• A server can be authoritative for one or more zones
and a zone can contain one or more contiguous
domains.
• A DNS server is authoritative for a zone if it hosts
the zone, either as a primary or secondary DNS
server.
• Each DNS zone contains the resource records it
needs to answer queries for its portion of the DNS
namespace.
Summary
• There are several types of DNS servers:
primary, secondary, master name, and
caching-only.
Summary
• A DNS server that hosts a primary DNS zone
is said to act as a primary DNS server.
• Primary DNS servers store original source
data for zones.
• With Windows Server 2003, you can
implement primary zones in one of two ways:
as standard primary zones (zone data is
stored in a text file) or as an Active
Directory–integrated zone (zone data is
stored in the Active Directory database).
Summary
• A DNS server that hosts a secondary DNS server is
said to act as a secondary DNS server.
• Secondary DNS servers are authoritative backup
servers for the primary server.
• The servers from which secondary servers acquire
zone information are called masters.
• A caching-only server forwards requests to other
DNS servers and hosts no zones, but builds a
cache of frequently requested records.
Summary
• Recursion is one of the two process types for
DNS name resolution.
• A DNS client will request that a DNS server
provide a complete answer to a query that
does not include pointers to other DNS
servers, effectively shifting the workload of
resolving the query from the client to the
DNS server.
Summary
• For the DNS server to perform recursion
properly, the server needs to know where to
begin searching for names in the DNS
namespace.
• This information is provided by the root hints
file, cache.dns, which is stored on the server
computer.
Summary
• A DNS server on a network is designated as
a forwarder by having the other DNS servers
in the network forward the queries they
cannot resolve locally to that DNS server.
• Conditional forwarding enables a DNS server
to forward queries to other DNS servers
based on the DNS domain names in the
queries.
Download