Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Draft Proposal for DNS for ISIS Based Workgroups

advertisement 
DNS for ISIS Based Workgroups
Updated: December 14, 2005, Chris Quinones
Abstract
This document discusses how to implement DNS on a machine running Windows 2000
Server. Other DNS options are available but not covered in this document.
DNS is used to resolve host names to IP address (forward resolution/lookup) and IP
addresses to host names (reverse resolution/lookup). This document only deals with host
name to IP address resolution/lookup (forward).
Table of Contents
Abstract ............................................................................................................................... 1
1 Issues Addressed ......................................................................................................... 1
2 DNS Placement ........................................................................................................... 2
3 Install DNS.................................................................................................................. 2
4 Configure Zone (Primary) for a Domain .................................................................... 4
4.1
Sub-Domain in a Customer Domain ................................................................... 4
4.2
Arbitrary Domain ................................................................................................ 4
4.3
Create Zone ......................................................................................................... 5
5 Add a Host to a Zone .................................................................................................. 5
6 Configure Forwarding ................................................................................................. 6
7 Create Secondary DNS Server .................................................................................... 7
8 DNS Client Configuration .......................................................................................... 8
8.1
DNS Servers........................................................................................................ 9
8.2
DNS Suffixes ...................................................................................................... 9
9 Zone Configuration Examples .................................................................................. 10
9.1
Example Network Config Info.......................................................................... 10
9.2
Media Manager ................................................................................................. 11
9.3
Transfer Manager .............................................................................................. 11
9.4
System Director ................................................................................................ 12
10
Testing/Trouble shooting ...................................................................................... 12
11
NOTES .................................................................................................................. 14
1 Issues Addressed
Local Subnetting: The ISIS solution has several servers that have more than one IP
address (examples: Media Manager, Transfer Manager). The same server name can have
more than one IP address. If a client is on the same subnet as a server that has multiple IP
addresses, it is desirable to have the DNS server resolve the IP of the server that is on the
same subnet as the client. The intent is to have the client connect to the server IP address
that is on the same LAN. This is the default behavior for Windows 2000 Server DNS.
106754151
1 of 14
Round Robin: For clients that are not on the same subnets as the servers, the goal is to
have the addresses resolved in an alternating way. This enforces some level of balancing
of client traffic across the different server network interfaces. This is the default behavior
for Windows 2000 Server DNS.
Secondary DNS server(s): To allow for DNS redundancy, it is possible to have more
than one DNS server. The secondary DNS server(s) will pull the DNS (zone) information
from the primary/master DNS server. The secondary will serve DNS clients with its copy
of the zone information.
DNS forwarding: If a customer has an existing DNS infrastructure and would like to
integrate the ISIS DNS servers, it is possible to have the ISIS DNS servers forward
requests it does not know how to handle to other DNS servers. This will allow ISIS DNS
to be handled on the local ISIS network and all other requests to be handled by other
DNS servers.
2 DNS Placement
Considerations for what server to locate the DNS service on:
To use the standard Windows 2000 DNS server service, Windows 2000 Server is
required.
A dual connected server is recommended for availability reasons, but is not
required
Based on the above considerations, the Media Manager would work well as a DNS
server. The load from DNS, especially for the local ISIS network is very light and should
not impact Media Manager performance.
The choice for the secondary DNS server (optional) will vary from site to site.
3 Install DNS
Before we configure DNS, the service needs to be installed on the target server. One way
to check if DNS is installed is by looking in Computer Management for the DNS entry
under “Services and Applications”. See picture below
106754151
2 of 14
If DNS is not installed, do the following to install:
1. Run “Add or Remove Programs” from the control panel
2. Select “Add/Remove Windows Components”
3. Select/check “Domain Name System (DNS)” from within “Networking Services”.
See picture.
106754151
3 of 14
4. Click OK then next to install DNS.
NOTE: Depending on your Windows 2000 Server configuration, a Windows 2000 Server
CD may or may not be required to complete the install of the DNS service.
4 Configure Zone (Primary) for a Domain
As a rough description, a Zone file or Zone configuration contains the information (host
names and IP addresses) for a Domain. A Domain is the name space that the hosts are
associated with – example: hostname.avid.com, Avid.com is the Domain.
The first thing required is to figure out what Domain name to use for the zone. See the
following sections for advice on how to choose a name.
4.1 Sub-Domain in a Customer Domain
If the customer has an existing Domain that the workgroup DNS will be integrated with,
a sub-domain can be created that is part of the main Domain.
Example:
Customer domain: [customer Domain].com
Sub-domain: [ISIS DNS Domain].[customer Domain].com
If we wanted to create an ISIS DNS domain called avidwg (avid workgroup) in a
customers existing Domain called bigbroadcaster.com, the resulting sub-domain would
be: AvidWG.bigbroadcaster.com.
A Media Manager in this domain might be called: mm.avidwg.bigbroadcaster.com
4.2 Arbitrary Domain
If the ISIS DNS is not going to integrate with an existing domain we can choose an
arbitrary Domain name, avidwg for example.
106754151
4 of 14
A Media Manager in this domain might be called: mm.avidwg
4.3 Create Zone
To create a new primary zone file for a Domain:
Right click on “Forward Lookup Zones” and choose “New Zone”
Choose “Standard Primary”
Enter desired domain name (see above sections)
Accept the default file recommendation
Zone setup complete
Now you are ready to add host names and IP addresses for the Domain/zone
5 Add a Host to a Zone
The host entry in the forward zone file tells the DNS server how to resolve a name to an
IP address. A host entry in a Zone file contains a device name and IP address. The host
name does not have to match the actual name configured on the server/device.
For devices that have multiple IP addresses like Media Manager, multiple entries with the
same name and different IP addresses can be created.
To create a new host entry:
Right click on the zone you want to add the host to
Choose “new host”
Enter the name and IP address for the host
Leave “Create associated point (PTR) record” unchecked unless the reverse zone
for the IP address has been created on the local system (not in the scope of this
document)
Click add host
106754151
5 of 14
Host configuration complete
6 Configure Forwarding
Forwarding tells a DNS server to send any requests it does not know how to handle
(domains it does not know about) to other DNS servers for resolution.
This would be used when integrating an ISIS DNS server into an existing DNS
infrastructure at a customer site or with Internet DNS servers.
To configure forwarding:
Right click on the server name under the DNS section
Choose “Properties”
Click on the “Forwarders” tab
Check the “Enable Forwarders” box
Add the IP address of the DNS servers you would like to forward the requests to.
This information needs to be supplied by the customers IT department.
106754151
6 of 14
Click OK
Done
7 Create Secondary DNS Server
A secondary DNS server can be used for providing redundancy for the primary DNS
server. This is done by having the secondary DNS server pull the zone information from
the primary and server that information to the clients.
The clients need to be configured to point at both the primary DNS server and the
secondary DNS server. If a client fails to connect to the first DNS server configured, it
will try to connect to the next server in the list configured on the client. (see the client
configuration section).
The device that the secondary DNS service could be any Windows 2000 server on the
ISIS network. Ideally it will be connected to both of the ISIS networks.
To configure a DNS server to be a secondary:
Install the DNS server software if it isn’t already (see the Install DNS section)
Right click “Forward Lookup Zones” and choose “new zone”
Choose “Standard secondary”
Enter the same zone name used on the Primary DNS server, click next
106754151
7 of 14
Enter the IP address(es) of the DNS server(s) the zone information will be pulled
from – the primary DNS server
Click “Next” and click “Finish”
Secondary configuration is complete
8 DNS Client Configuration
There are two main items to configure for a client to use DNS, these are the DNS servers
and the DNS suffixes the client will use.
These settings are applied in: Local Area Connection Properties -> Internet Protocol
(TCP/IP) Properties -> Advanced -> DNS tab
106754151
8 of 14
8.1 DNS Servers
Add the IP addresses of the DNS servers.
For Zone 1 & 2 clients, at least one of the DNS server IP addresses should be on the same
IP sub-net as the client. This should be the top IP address in the order. This will make
sure the client will be querying the DNS server on the local network, reducing the chance
a network failure will cause DNS resolution to fail. IP addresses associated with the
Primary and Secondary DNS servers should be in this list.
For Zone 3 clients, choose an IP address of the Primary on one network (e.g. the .10
network) and choose an IP address of the Secondary on the other network (e.g. the .20
network). If the .10 network fails, the Zone 3 client should still be able to resolve DNS
through the .20 interface on the Secondary.
8.2 DNS Suffixes
Appending DNS suffixes is a sort of shortcut when using host and domain names. This
lets the user just type in the machine name and the system will automatically add on the
domain name.
106754151
9 of 14
Example:
Suppose there is a suffix configured on the client for: avidwg.bigbroadcaster.com
When the user on the client types in mm for a host name, the system will first try to find a
name to IP match for mm. If there is none, it will then try to find a match for
mm.avidwg.bigbroadcaster.com. If no match is found and there are no other suffixes, the
name resolution will fail.
To add suffixes:
Select the “Append these DNS suffixes (in order)” radio button
Click add
Enter the DNS suffix, e.g. avidwg.bigbroadcaster.com
Repeat for all desired suffixes
Make sure suffixes are in desired order – top suffix will be tried first
Click OK to save changes
Suffix Order: Suffix order is important. The top suffix is used first and then each suffix
down the list until a successful name match is found. If there are servers with the same
name but in different domains, e.g. servername.avidwg.bigbroadcaster.com and
servername.bigbroadcaster.com, the order of the suffixes will determine which Fully
Qualified Domain Name gets resolved.
NOTE: If the clients are using DHCP, DNS server addresses and DNS suffixes can be
automatically set using DHCP. If DHCP is configured to do this, no manual
configuration of DNS servers or DNS suffixes on the client is required.
9 Zone Configuration Examples
This section discusses the zone file configuration for different types of devices.
Most of the entries in the zone files should be straightforward. The majority of the
devices on the network have a single IP address. For theses devices, a single entry is all
that is required.
There are a few devices in the Avid workgroup that have more than one IP address, such
as Transfer Manager, Media Manager, and System Director.
9.1 Example Network Config Info
Networks:
ISIS “.10” network: 192.168.10.0/255.255.255.0
ISIS “.20” network: 192.168.20.0/255.255.255.0
Transfer network for TMs: 10.4.22.57/255.255.255.0
Devices/Host Name:IP addresses:
Media Manager/mm: 192.168.10.201, 192.168.20.201
106754151
10 of 14
System Director 1/sysdir01: 192.168.10.211, 192.168.20.211
System Director 2/ sysdir02: 192.168.10.212, 192.168.20.212
Virtual ISIS – System Director/isis01: 192.168.10.210, 192.168.20.210
Transfer Manager/tm1: 192.168.10.202, 192.168.20.202, 10.4.22.57
Example view of a Windows Zone file:
9.2 Media Manager
Media Manager has two IP addresses, one on the “.10” network (192.168.10.201) and
one on the “.20” network (192.168.20.201). The DNS zone file has two entries for Media
Manager, one for each of the IP addresses. (see picture above)
9.3 Transfer Manager
Transfer Manager has three IP addresses, one on the “.10” network (192.168.10.202), one
on the “.20” network (192.168.20.202) and one on the “transfer” network (10.4.22.57).
The transfer network is used for devices that the transfer manager will transfer to (e.g.
TMs on other workgroups, archive, nearchive)
The DNS zone file has three entries for Transfer Manager. (see picture above)
Special considerations for Transfer Manager DNS: Devices that transfer to the Transfer
Manager should only connect to the transfer network IP address. This will make sure
transfers go through the transfer network and not the ISIS network. Make sure that the
devices that transfer to the Transfer Manager resolves the Transfer Manager name (tm1)
to the transfer network IP address (10.4.22.57) and not the ISIS addresses
(192.168.10.202, 192.168.20.202).
106754151
11 of 14
“Local sub-netting” DNS resolution may already do this – confirm by using nslookup. If
this is not the case, a hosts file entry on the remote device (e.g. archive server) can force
the correct IP to be resolve.
9.4 System Director
Each System Director has two IP addresses, one on the “.10” network (192.168.10.211,
192.168.10.212) and one on the “.20” network (192.168.20.211, 192.168.20.212). The
DNS zone file has two entries for each of the System Directors, one for each of the IP
addresses. (see picture above)
The virtual IP addresses for the ISIS/System Directors (isis01) is setup the same way.
Two virtual IP addresses, one on each network. “.10” (192.168.10.210), “.20”
(192.168.20.210).
10 Testing/Trouble shooting
Ping
ping can be a quick and easy test to check what IP address a name is being resolved to
and what DNS suffix is being used by the client.
Example:
C:\>ping mm
Pinging mm.avidwg.bigbroadcaster.com [192.168.10.201] with 32 bytes of data:
Reply from 192.168.10.201: bytes=32 time<1ms TTL=126
Reply from 192.168.10.201: bytes=32 time<1ms TTL=126
This shows that the name mm is being resolved with the DNS suffix
avidwg.bigbroadcaster.com to the IP address 192.168.10.201
If the IP address or DNS suffix is not what is expected there is a misconfiguration on the
client or the DNS server.
nslookup
nslookup can be used to query a name server directly, this will ignore the hosts file and
DNS suffixes. Nslookup if available on most Windows, Unix, and Linux systems. Note:
nslookup is not available on the System Director image.
To use DNS lookup, type in nslookup on the command line/dos window:
Z:\>nslookup
Default Server: someserver.somedomain.com
Address: 172.20.4.20
>
106754151
12 of 14
If the Default Server is not the one you want, you can change which server nslookup is
pointed to. To specify which DNS server to query type in server [IP ADDRESS OF DNS
SERVER]:
> server 192.168.10.201
Default Server: mm.avidwg.bigbroadcaster.com
Address: 192.168.10.201
To query the DNS server, enter the Fully Qualified Domain Name of the host name you
want to resolve
> sysdir01.avidwg.bigbroadcaster.com
Server: mm.avidwg.bigbroadcaster.com
Address: 192.168.10.201
Name: sysdir1.avidwg.bigbroadcaster.com
Addresses: 192.168.10.211, 192.168.20.211
If there are more than one IP address for a system name listed in DNS, all the IP
addresses will returned. The first IP address in the list would be the one the client
typically uses.
If round robin is being used and resolution based on local subnet does not apply (e.g.
Zone 3 client), the entry that is first in the list will change every time the query is made.
Note: using nslookup will not populate the client’s DNS cache.
ipconfig /displaydns
The client caches DNS data. Once a client makes a successful resolution for a name, it
remembers the name and will not make a request to the DNS server for a while (until the
entry times out, the cache is flushed, or the system is rebooted).
To see what name to IP address mappings the client is caching, use the ipconfig
/displaydns command. This will show the current status of the DNS cache.
ipconfig /flushdns
To clear the contents of the DNS cache use the ipconfig /flushdns command. This will
force the client to make fresh queries for any needed name resolution. This is useful if the
information in the client’s DNS cache does not match the current state of the information
on the DNS server.
DNS Logs
The DNS server has a rich logging functionality. If you are having problems and want to
get detailed logging information to use in trouble-shooting, turn on logging.
To turn on logging:
In computer management, right Click on the DNS server name and choose
properties
106754151
13 of 14
Click the “Logging” tab
Check the logging options desired and click “OK”
The log should be in the following location: c:\WINNT\system32\dns\dns.log
Interpreting the logs is not in the scope of this document.
11 NOTES
Host files: Typically the hosts file is checked before DNS. If there is an entry in the hosts
file that matches the name of the system being lookup up, the hosts file entry will be used
and the DNS server will not be queried.
106754151
14 of 14
Related documents
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
Matching game to review for Exam II
Matching game to review for Exam II
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
Name Services
Name Services
Final Exam Part 1
Final Exam Part 1
Download
advertisement