Managing and Administering DNS in Windows Server 2008

advertisement
MCTS Guide to Microsoft Windows
Server 2008 Network Infrastructure
Configuration
Chapter 6
Managing and Administering
DNS in Windows Server 2008
Objectives
• Describe and install Active Directory Domain
Services
• Manage your Domain Name System (DNS)
environment
• Troubleshoot your DNS environment
• Manage Windows Internet Name Service
• Describe the new features of DNS in Windows
Server 2008
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
2
Introduction to Active Directory
Domain Services
• Active Directory (AD) clients
– Use DNS to locate all the resources available on the
network
• DNS servers you can run in an AD DS environment
– Standard DNS servers
– AD DS–integrated DNS servers
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
3
Introduction to Active Directory
Domain Services (continued)
• Activity 6-1: Resetting Network Adapters
• Time Required: 15 minutes
• Objective: Reset the network adapters on lab
servers
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
4
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
5
Using AD DS
• AD DS
– Microsoft’s implementation of a directory services
infrastructure
– Stores attributes, or specific information, for objects
within a network
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
6
Using AD DS (continued)
• Activity 6-2: Installing the AD DS Role on MSNSRV-0XX
• Time Required: 10 minutes
• Objective: Install the AD DS server role
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
7
Using AD DS (continued)
• Activity 6-3: Promoting MSN-SRV-0XX to a DC
• Time Required: 40 minutes
• Objective: Build the first DC in a domain
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
8
Using AD DS (continued)
• Activity 6-4: Reviewing the New DNS Zone
Additions
• Time Required: 10 minutes
• Objective: Review new zones and records created
by the AD DS installation process
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
9
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
10
Using AD DS (continued)
• Domain controller locator
– Runs at logon to provide client with location of a DC
that can authenticate its requests
• AD domain names
– Every AD domain in Windows Server 2008 has a
naming convention based on a DNS domain name
• DNS requirements for AD
– When a DC is added to a domain, SRV and A
records are created to allow clients to find a DC
during logon
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
11
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
12
AD-Integrated DNS
• Benefits of AD DNS
– Faster and more efficient replication
– Database security
– Multimaster support for updates and replication
• Administrators can choose one of the following
zone replication options for AD DS DNS zones
– To all DNS servers in this forest
– To all DNS servers in this domain
– To all domain controllers in this domain (for
Windows 2000 compatibility)
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
13
AD-Integrated DNS (continued)
• Activity 6-5: Changing the Zone Replication
Settings for bentech.local
• Time Required: 10 minutes
• Objective: Change replication options for AD DS–
integrated zone
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
14
DNS Zone Layout
• AD DS site structure
– AD DS sites are designed to limit the replication
traffic across wide area network (WAN) links
• Distribution of an IT department
– How your network is administered helps determine
the layout for your DNS zones and servers
• Forwarding
– Types: standard and conditional
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
15
DNS Zone Layout (continued)
• Activity 6-6: Delegating a DNS Zone to MSN-SC0XX
• Time Required: 20 minutes
• Objective: Delegate control of a DNS zone for a
subdomain to another server
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
16
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
17
Dynamic DNS
• Allows supported DNS clients to dynamically
update their DNS records on a DNS server
• Allows DNS clients to update their A, AAAA, and
PTR records
• Deletes records of clients removed from the
domain or whose DHCP leases expire
• Scavenging
– Process within a DNS database that uses time
stamps to determine when records can update
themselves
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
18
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
19
Dynamic DNS (continued)
• DHCP configuration
– By default, DHCP is configured to provide dynamic
updates to clients that support this feature
• DNS configuration
– Dynamic updates are configured at the DNS zone
level
• Secure and nonsecure updates
– Secure: Performed only by an authenticated client
– Nonsecure: Performed by any client
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
20
Dynamic DNS (continued)
• How clients use DNS in an Active Directory
environment
– Failure to point your client to internal DNS servers
can cause problems
• DNS Client Group Policy settings
– For environments that do not use DHCP or have
statically assigned IP addresses, this is a good
option for defining DNS suffixes and search orders
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
21
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
22
Dynamic DNS (continued)
• Activity 6-7: Changing Group Policy Settings
• Time Required: 20 minutes
• Objective: Modify Group Policy settings
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
23
Managing DNS
• DNS console
– Main GUI tool used for configuring DNS
– Provides access to all DNS zones available on a
server, along with configuration settings for the DNS
role
• DNS Manager
– Allows you to add DNS servers
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
24
Configuration Settings in the DNS
Console
• DNS server level
– Configuration and maintenance tasks you can
perform
•
•
•
•
•
Configure a DNS server
Create the default application (Directory Partitions)
Create a zone
Set aging/scavenging for all zones
Scavenge stale resource records
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
25
Configuration Settings in the DNS
Console (continued)
• Activity 6-8: Configuring DNS at the Server Level
• Time Required: 15 minutes
• Objective: Setting server-level properties
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
26
Configuration Settings in the DNS
Console (continued)
• DNS zone level
– Level where all DNS zones exist
• DNS record level
–
–
–
–
Modifying and deleting records
Defining security settings on a DNS record
Managing scavenging settings for a record
Setting record Time to Live
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
27
Configuration Settings in the DNS
Console (continued)
• Activity 6-10: Modifying a DNS Record
• Time Required: 5 minutes
• Objective: Modify properties of a DNS record
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
28
Round-Robin DNS
• Allows an administrator to configure load balancing
of servers based on DNS name resolution
information
• DNScmd
– Can be used to disable or enable round-robin DNS
along with other DNS features
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
29
Round-Robin DNS (continued)
• Activity 6-11: Setting Up Round-Robin DNS and
Creating Records
• Time Required: 15 minutes
• Objective: Setting up DNS records for load
balancing using round-robin DNS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
30
Conditional Forwarding
• Forwarding based on a specific domain name
• Created in their own location under your server in
the DNS console
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
31
Conditional Forwarding (continued)
• Activity 6-12: Creating a Conditional Forwarder for
badgerironman.com
• Time Required: 15 minutes
• Objective: Create a conditional forwarder in the
DNS console
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
32
Conditional Forwarding (continued)
• DNScmd
– Command-line tool for performing configuration and
maintenance tasks on a DNS server
– Can be used to:
•
•
•
•
Create and delete DNS zones
Add and delete
View information about DNS zones and records
Change the zone type
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
33
Conditional Forwarding (continued)
• Activity 6-13: Performing Management Tasks with
DNScmd
• Time Required: 15 minutes
• Objective: Managing DNS zones with DNScmd
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
34
Troubleshooting DNS
• DNS server logs
– Global Logs folder: contains a subset of the event
logs relating specifically to DNS called DNS Events
– General Tab: DNS Events log file is set to a default
size of 16,384 KB
– Filter Tab: allows you to modify the view of the DNS
Server log for better analysis of events
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
35
Troubleshooting DNS (continued)
• Activity 6-14: Modifying the DNS Server Log Size
and Retention Value
• Time Required: 10 minutes
• Objective: Modify the DNS Server log settings for
your environment
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
36
Troubleshooting DNS (continued)
• Activity 6-15: Modifying the DNS Server Log View
• Time Required: 10 minutes
• Objective: Modify the DNS Server log view to find
the root cause of a network issue
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
37
Command-Line Utilities
• Ping
– You can ping a server by host name or FQDN
• Ipconfig
– Commands and switches: ipconfig /all, ipconfig
/flushdns, ipconfig /displaydns, ipconfig /registerdns
• DCDiag
– Allows you to perform diagnostic queries of your
DCs
• Nslookup
– Allows you to perform detailed queries for DNS
information from the command line
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
38
Command-Line Utilities (continued)
• Nslookup
– Noninteractive - allows you to perform a single query
from the command line by entering all of the query
parameters at once
– Interactive - allows you to launch nslookup in a
command-line shell where you can define
parameters one by one
– Used with debug parameter; provides more detailed
information
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
39
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
40
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
41
Command-Line Utilities (continued)
• Activity 6-16: Using Nslookup in Interactive Mode
• Time Required: 15 minutes
• Objective: Perform DNS queries with nslookup
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
42
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
43
Command-Line Utilities (continued)
• Debug log
– Windows Server 2008 allows you to turn on debug
logging for a DNS server
– Allows you to capture packet data related to the
DNS server functionality
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
44
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
45
WINS
• Microsoft’s technology for resolving NetBIOS
names to IP addresses
• Based on two important pieces
– The Server service and the Client service
• WINS server service
– Responsible for maintaining the WINS database and
responding to WINS requests
• The WINS client service
– Responsible for initiating WINS queries, client
registration, and name renewal
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
46
WINS (continued)
• Activity 6-17: Installing WINS
• Time Required: 15 minutes
• Objective: Install a WINS server on your network
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
47
WINS (continued)
• Activity 6-18: Editing the LMHOSTS File
• Time Required: 15 minutes
• Objective: Edit a user’s LMHOSTS file
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
48
WINS (continued)
• Global name zones (GNZs)
– Provide single name–to–IP address resolution by
creating CNAME records in a special GNZ
– If a GNZ is created, a DNS server looks to the GNZ
first and then to WINS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
49
WINS (continued)
• Activity 6-19: Creating the GNZ
• Time Required: 15 minutes
• Objective: Create the GNZ and associated alias
records.
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
50
New DNS Features
• DNS on Server Core
– You can deploy a single or multirole server running
DNS and other services
• Support for IPv6
– Windows Server 2008 DNS supports the IPv6
address numbering scheme along with the AAAA
resource records
• Primary Read-Only Zone
– Read-only domain controllers (RODCs): contain a
copy of the AD DS database and can answer client
requests
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
51
New DNS Features (continued)
• Activity 6-20: Creating an RODC
• Time Required: 20 minutes
• Objective: Create an RODC
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
52
New DNS Features (continued)
• Link-local multicast name resolution
– Clients exchange simple messages to verify that
they have a unique name on the local subnet
• DNS client changes
– Clients periodically perform a check to ensure that
they are authenticating with a local DC
– Clients use LLMNR to resolve names on a local
network segment when a DNS server is not
available
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
53
New DNS Features (continued)
• Background zone loading
– Allows DNS server to handle client requests
immediately instead of waiting until the entire DNS
zone is loaded
• GNZ
– Allows you to host computer name–to–IP address
resolution records in their Windows Server 2008
DNS zone
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
54
Summary
• In an AD DS environment, you can run two types of
DNS servers
– Standard DNS servers and AD DS DNS–integrated
servers
• AD DS
– Uses DCs to store all the AD objects and information
about an environment
– Uses a database structure to maintain its objects
• AD
– Requires DNS for locating DCs, or the DC locator
function
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
55
Summary (continued)
• Windows Server 2008 DNS implementations
support two types of forwarding
– Standard and conditional
• Dynamic DNS
– Allows supported DNS clients to dynamically update
their DNS records on a DNS server
• DNS console
– Main GUI tool used for managing DNS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
56
Summary (continued)
• You can configure DNS at the DNS server, zone,
or record level
• During forwarding
– DNS server sends queries made for DNS zones that
do not match its own zone and cache information to
another internal or external DNS server
• Troubleshoot DNS when
– Your clients are having difficulties connecting to
applications or resources
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
57
Download