Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Module 07 slides

advertisement 
Microsoft Official Course
®
Module 7
Implementing DNS
Module Overview
• Name Resolution for Windows Clients and Servers
• Installing a DNS Server
• Managing DNS Zones
Lesson 1: Name Resolution for Windows Clients and Servers
• What Are the Computer Names Assigned to
Computers?
• What Is DNS?
• DNS Zones and Records
• How Internet DNS Names Are Resolved
• What Is Split DNS?
• What Is Link-local Multicast Name Resolution?
• How a Client Resolves a Name
• Troubleshooting Name Resolution
• Demonstration: Troubleshooting Name Resolution
What Are the Computer Names Assigned to Computers?
A hostname is a computer name that is added to a domain name
and top level to make a fully qualified domain name (FQDN)
Hostname
Domain
Top level
AcctDirPC
adatum
com
Fully qualified domain name = AcctDirPC.adatum.com
NetBIOS names are rarely used and are being deprecated in
Windows operating systems
What Is DNS?
DNS can be used to:
• Resolve
host names to IP addresses
• Locate domain controllers and global catalog
servers
• Resolve IP addresses to host names
• Locate mail servers during email delivery
DNS Zones and Records
A DNS zone is a specific portion of DNS namespace
that contains DNS records
Zone types:
• Forward lookup zone
• Reverse lookup zone
Resource records in forward lookup zones
include:
• A, MX, SRV, NS, SOA, and CNAME
Resource records in reverse lookup zones include:
• PTR
How Internet DNS Names Are Resolved
.root DNS
What is the IP address of
www.microsoft.com?
2
3
1
Workstation
.com DNS
Local DNS Server
4
The IP address is
207.46.230.219
5
Microsoft.com DNS
What Is Split DNS?
• External ADI DNS servers host only records that are
resolved from the outside: mail and web server
• Internal DNS servers host domain computer records,
plus mail and web server in a perimeter subnet
Internal
domain
servers and
computers
1
Internal
Active Directoryintegrated-DNS
server
2
External
DNS Server,
mail server, and
web server
3
What Is Link-local Multicast Name Resolution?
LLMNR is an additional method for name
resolution that does not use DNS or WINS
• LLMNR is designed for IPv6
• Works only on Windows Vista, Windows Server
2008, and all newer Windows operating systems
• Network Discovery must be enabled
• Can be controlled via Group Policy
How a Client Resolves a Name
LMHosts File
8
Broadcast
1
7
Local Host
Name
2
6
DNS Resolver
Cache/Hosts file
content
3
WINS Server
5
NetBIOS Name
Cache
4
LLMNR
DNS Server
Troubleshooting Name Resolution
A new Windows PowerShell DNS module with numerous
cmdlets was introduced with Windows Server 2012
• More cmdlets were added with Windows Server 2012 R2
Command-line tools to troubleshoot configuration issues:
• Nslookup
• DNSCmd
• Dnslint
• Ipconfig
The troubleshooting process:
1. Identify client DNS server with nslookup or
Resolve-DnsName
2. Communicate via ping
3. Use nslookup to verify records
Demonstration: Troubleshooting Name Resolution
In this demonstration, you will see how to:
• Use Windows PowerShell cmdlets to
troubleshoot DNS
• Use command-line tools to troubleshoot DNS
Lesson 2: Installing a DNS Server
• What Are the Components of a DNS Solution?
• What Are Root Hints?
• What Are DNS Queries?
• What Is Forwarding?
• How DNS Server Caching Works
• How to Install the DNS Server Role
• Demonstration: Installing the DNS Server Role
What Are the Components of a DNS Solution?
Resource Record
Root “.”
.com
Resource Record
DNS Resolvers
DNS Servers
.edu
DNS Servers on the Internet
What Are Root Hints?
Root hints contain the IP addresses for
DNS root servers
Root (.) Servers
DNS Servers
Root
Hints
com
DNS
Server
Client
microsoft
What Are DNS Queries?
• Queries are recursive or iterative
• DNS clients and DNS servers initiate queries
• DNS servers are authoritative or non-authoritative for a
namespace
• An authoritative DNS server for the namespace either:
 Returns
the requested IP address
 Returns an authoritative “No, that name does not exist”
• A non-authoritative DNS server for the namespace either:
 Checks
its cache
 Uses forwarders
 Uses root hints
What Are DNS Queries?
A recursive query is sent to a DNS server and
requires a complete answer
mail1.contoso.com
172.16.64.11
DNS client
Local DNS server
What Are DNS Queries?
Client
Recursive query
mail1.contoso.com
172.16.64.11
Iterative query
Ask .com
Iterative query
Ask contoso.com
Local
DNS server
Root hint (.)
Iterative query
Authoritative response
.com
contoso.com
What Is Forwarding?
A forwarder is a DNS server designated to resolve
external or offsite DNS domain names
Client
Recursive query
mail1.contoso.com
131.107.0.11
Iterative query
Root hint (.)
Ask .com
Recursive query
Iterative query
Ask contoso.com
131.107.0.11
Local
DNS server
Iterative query
Authoritative response
Forwarder
.com
contoso.com
What Is Forwarding?
Conditional forwarding forwards requests using a
domain name condition
All Other DNS Domains
Query for
www.contoso.com
Local
DNS server
ISP DNS
contoso.com
Client
contoso.com
DNS
How DNS Server Caching Works
DNS server cache
Host name
IP address
TTL
ServerA.contoso.com
131.107.0.44
28 seconds
Where isis at
ServerA
ServerA?
131.107.0.44
Client1
ServerA
Where isis at
131.107.0.44
ServerA?
Client2
ServerA
How to Install the DNS Server Role
DNS server installation methods:
• Server Manager
• Active Directory Domain Services Installation
Wizard
Tools available to manage DNS Server:
• DNS Manager snap-in
• Server Manager
• DNS Manager console (dnsmgmt.msc)
• DNSCmd command-line tool
• Windows Powershell
• Remote Server Administrative Tools
Demonstration: Installing the DNS Server Role
In this demonstration, you will see how to:
• Install
a second DNS server
• Create
a forward lookup zone by using
Windows PowerShell
• Configure
forwarding
Lesson 3: Managing DNS Zones
• What Are DNS Zone Types?
• What Are Dynamic Updates?
• What Are Active Directory–Integrated Zones?
• Demonstration: Creating an Active Directory–
Integrated Zone
What Are DNS Zone Types?
Zones
Description
Primary
Read/write copy of a DNS database
Secondary
Read-only copy of a DNS database
Stub
Copy of a zone that contains only
records used to locate name servers
Active Directoryintegrated
Zone data is stored in AD DS rather
than in zone files
What Are Dynamic Updates?
1. The client sends an SOA query
2. The DNS server returns an SOA
resource record
3. The client sends dynamic update
request(s) to identify the primary
DNS server
5. The DNS server responds that it
can perform an update
6. The client sends unsecured
update to the DNS server
7. If the zone permits only secure
updates, the update is refused
8. The client sends a secured
update to the DNS server
Client
1
2
3
DNS
Server
4
5
6
7
Resource
Records
What Are Active Directory–Integrated Zones?
Benefits of an Active Directory–integrated zone:
• Allows multimaster writes to zone
• Replicates DNS zone information by using AD DS
replication
• Leverages efficient replication topology
• Uses efficient incremental updates for Active Directory
replication processes
• Enables secure dynamic updates
• Delegates zones, domains, resource records for increased
security
Examples of contoso.com zones include:
• hqdc01
• filesvr01
• desktop101
Demonstration: Creating an Active Directory–
Integrated Zone
In this demonstration, you will see how to:
• Promote
a server as a domain controller
• Create
an Active Directory–integrated zone
• Create
a record
• Verify
replication to a second DNS server
Lab: Implementing DNS
• Exercise 1: Installing and Configuring DNS
• Exercise 2: Creating Host Records in DNS
• Exercise 3: Managing the DNS Server Cache
Logon Information
Virtual machines
User name
Password
20410D-LON-DC1
20410D-LON-SVR1
20410D-LON-CL1
Adatum\Administrator
Pa$$w0rd
Estimated Time: 60 minutes
Lab Scenario
Your manager has asked you to configure the
domain controller in the branch office as a DNS
server.
You have also been asked to create some new
host records to support a new app that is being
installed.
Finally, you need to configure forwarding on the
DNS server in the branch office to support
Internet name resolution.
Lab Review
• Can you install the DNS server role on a server
that is not a domain controller? If yes, are there
any limitations?
• What is the most common way to carry out
Internet name resolution on a local DNS?
• How can you browse the content of the DNS
resolver cache on a DNS server?
Module Review and Takeaways
• Review Questions
• Best Practices
• Common Issues and Troubleshooting Tips
• Tools
Related documents
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Assignment-2_old Paper
Assignment-2_old Paper
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Matching game to review for Exam II
Matching game to review for Exam II
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
Name Services
Name Services
Download
advertisement