Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Chapter 4

advertisement 
Configuring and Managing the DNS Server Role
DNS overview
 Main Name Resolution technique used in TCP/IP
networks
 Translates hostnames to IP addresses
 HOSTS file was precursor to DNS
 Needed to be updated manually and pushed out to
clients
 Size of file could get large
 Inability to distribute workload
DNS Namespaces
 Hierarchical structure
 Starts with root domain “.”
 Under root are top-level domains

3 types of top-level domains
 Generic – .aero .biz .com. .coop .edu .gov .info .net .org
 Country code - .uk .jp .us
 Infrastructure domain - .arpa – Internet’s infrastructure domain
 Second-level domains
 Registered to individuals or ogranizations
 Microsoft.com google.com matt.com
 A benefit of the hierarchal structure is that it is possible
to have two hosts with the same host name in different
locations.
Deploying DNS Servers
 DNS servers are determined by the type of zones they
host
 A DNS server is authoritative for a particular zone if
it hosts a primary or secondary zone for a domain.
 Primary name server
 Hosts a primary zone
 Secondary name server
 Hosts a secondary zone
 Caching – only server
 Hosts no zones and is not authoritative
Introducing DNS Zones
 Two types of Zones
 Standard or a file-backed zone
 Active Directory-integrated zone
 Forward Lookup zone – names to IP’s
 Reverse Lookup zone –IP’s to names
 A forward or Reverse lookup zone can be one of 3
types
 Primary
 Secondary
 Stub Zone
 Many combinations are possible. Can host multiple.
Standard Primary Zones
 Hosts a read/write copy of the DNS zone in which
resource records are created and managed
 Only 1 server can host and load the master copy of the
zone – no additional primary servers for that zone are
permitted.
 Typically the Primary server is located where it will be
accessible for administering the zone file.
Standard Secondary Zones
 Read-only copy of the standard primary zone
 Provides fault tolerance and load balancing
 Gets information from Primary Zone via a zone transfer
 Transfer can be Full (AXFR) or incremental (IXFR)
 Must specify IP address of the master server when
creating a secondary zone.
Reverse lookup Zone
 Used to resolve IP’s to domain names
 in-addr-arpa domain
 The reverse zone for the 192.168.100 network would be
100.168.192.in.addr.arpa
Stub Zone
 Only available to Windows 2003 and 2008 systems.
 Contains only the resource records to identify the
authoritative server for that zone.
 A pointer to the authoritative DNS server used to
maintain or improve DNS resolution efficiency
 Can point in the right direction instead of having to do
a query to the internet or internal root servers.
Active Directory-Integrated Zone
 Microsoft proprietary
 Has many benefits over traditional zones
 Fault Tolerance – zone info stored on multiple servers
 Security – can set up DACL and secure dynamic updates
 Zones are Multimaster – zones can be updated in more
than one location.
 Efficient Replication – compresses replication data
 Maintains use of secondary zones – used the same way
standard zones are.
DNS Zone Delegation
 When subdomains are added you need to choose who
will manage that zone
 It can be managed by the parent domain or it can be
delegated away
example.mircrosoft.com
and ftp.microsoft.com
are delegated away
DNS Zone Transfers
 Transfers some or all data to the secondary DNS server
 Events that trigger zone transfers
 Manually intiated
 Zone refresh interval expires
 DNS server service is started at the secondary server
 Master server notifies secondary of changes
 SOA resource record is used to control and initiate the
transfer. Page 68.
DNS Transfers contd.
 When the refresh interval expires (900 seconds by
default) the secondary server will initiate the transfer.
 If the serial number in the SOA of the primary master
is higher the secondary server will transfer the zone
file.
 If the serial number in the SOA is lower there will be
no zone transfer.
 To save disk space DNS servers save only the latest
update.
DNS Notify
 Triggers a notification message to secondary servers
notifying them that a change has been made.
 When a secondary server receives this notification it
will initiate the zone transfer
 The process improves consistency of zone data
DNS Resource Records
 SOA – Start of authority – every zone contains one.
 Indicates the starting point or original point of authority
 Contains all zone specific information for the DNS
server to use when maintaining the zone.
 Used in zone transfers.




Serial Number
Refresh Interval
Refresh
Expire
DNS Resource Records
 Name Server (NS) Record
 Identifies a DNS server that is authoritative for a zone
 Delegation and Glue Records
 Used with subdomains
 Host (A & AAAA) Records – Maps to FQDN to IP.
 PTR Records – Reverse function of A records, Maps IP
to FQDN.
 Canonical Name (CNAME) – creates an alia for a
specified FQDN.
DNS Resource Records
 Mail Exchanger (MX) Records – Identifies the server
that is configured to deliver and send email.
 Service Locator (SRV) – specifies the location of
servers that provide a specific network service over a
specific protocol and in a specific domain. Active
Directory is an example
DNS Dynamic Updates
 Allows DNS and DHCP to work with each other.
 Allows clients to dynamically update their DNS
records.
 If an IP address changes the client can change their A
records to reflect this change.
 Active Directory integrated zones are the only ones
that allow secure dynamic updates.
Aging and Scavenging
 With dynamic updates records can become stale,
especially those of mobile users.
 When aging and scavenging is enable a timestamp is
placed on dynamically updated records
 The time allowed is 14 days
 If not updated in 14 days the record will be removed.
Introducing Name Resolution Process
 4 types of answers we can get back from DNS server
 Authoritative answer – A positive answer from a server
with direct authority (primary or secondary server)
 Positive answer – Contain the record queried for, but
may not be authoritative.
 Referral answer – refers the client to another DNS server
that might be able to help.
 Negative answer – the queried name does not exist
Using Root Hints
 Used to resolve queries for names that it is not
authoritative for or which it contains no delegations.
 Uses the root hints file called cache.dns
 Designed to enable any DNS server to locate servers
that are authoritative for any DNS domain name.
 Points to the 13 root servers that are maintained
throughout the world
Iterative and Recursive Queries
 An iterative query is sent to a DNS server and expects
to get the best answer it can provide using its own
information and without seeking further assistance
from other DNS servers.
 Recursive queries – client sends a query asking the
DNS server to provide a definitive answer to the query,
even if the serve has to contact other servers to provide
the answer.
 Typically used by clients.
Configuring Forwarders
 Forwarder – a DNS server on a network used to
forward DNS queries for external DNS names.
 Conditional forwarder – forwards queries on the basis of
domain name.
 DNS servers will send to forwarder if they are unable
to resolve the query
 If the forwarder can not answer the request Root Hints
will be used
 Typically used to forward information to your ISP’s
DNS server
Troubleshooting DNS
 DNS is key to all Microsoft Server Networks
 If DNS is down clients can lose connectivity to:
 Internet
 Other clients
 Active Directory
 Other services/applications reliant on DNS
 There are several tools that you can use to
troubleshoot DNS
Troubleshooting
 DNS MMC – main tool to configure DNS but can be
used to check settings
 Nslookup – next slide
 Logging – Check your DNS event logs
 Dnscmd – command line you can use to perform most
of the tasks you can using the DNS MMC console.
NSlookup
 Command line utility to test DNS.
 Can be run once or in interactive mode
 Example: C:\nslookup www.microsoft.com
C:\nslookup www.microsoft.com 192.18.3.1
 By default Nslookup only return host A records

Set type=MX - would look for mail exchanger records
You Learned

The DNS namespace is hierarchical and based on a
unique root that can have any number of subdomains. An FQDN is the name of a DNS host in this
namespace indicating the host’s location relative to
the root of the DNS domain tree. An example of an
FQDN is host1.subdomain.microsoft.com.
Lesson 4
You Learned (cont.)

A DNS zone is a contiguous portion of a namespace for
which a server is authoritative. A server can be
authoritative for one or more zones, and a zone can
contain one or more contiguous domains. A DNS server
is authoritative for a zone if it hosts the zone, either as a
primary or secondary DNS server. Each DNS zone
contains the resource records it needs to answer queries
for its portion of the DNS namespace.
Lesson 4
You Learned (cont.)

There are several types of DNS servers: primary,
secondary, master name, and caching-only.
Lesson 4
You Learned (cont.)

A DNS server that hosts a primary DNS zone is
said to act as a primary DNS server. Primary
DNS servers store original source data for
zones. With Windows Server 2003, you can
implement primary zones in one of two ways: as
standard primary zones (zone data is stored in a
text file) or as an Active Directory–integrated
zone (zone data is stored in the Active Directory
database).
Lesson 4
You Learned (cont.)

A DNS server that hosts a secondary DNS server
is said to act as a secondary DNS server.
Secondary DNS servers are authoritative backup
servers for the primary server. The servers from
which secondary servers acquire zone
information are called masters.

A caching-only server forwards requests to other
DNS servers and hosts no zones, but builds a
cache of frequently requested records.
Lesson 4
You Learned (cont.)

Recursion is one of the two process types for
DNS name resolution. A DNS client will request
that a DNS server provide a complete answer to
a query that does not include pointers to other
DNS servers, effectively shifting the workload of
resolving the query from the client to the DNS
server.
Lesson 4
You Learned (cont.)

For the DNS server to perform recursion
properly, the server needs to know where to
begin searching for names in the DNS
namespace. This information is provided by the
root hints file, cache.dns, which is stored on the
server computer.
Lesson 4
You Learned (cont.)

A DNS server on a network is designated as a forwarder
by having the other DNS servers in the network forward
the queries they cannot resolve locally to that DNS server.
Conditional forwarding enables a DNS server to forward
queries to other DNS servers based on the DNS domain
names in the queries.
Lesson 4
Related documents
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Assignment-2_old Paper
Assignment-2_old Paper
Matching game to review for Exam II
Matching game to review for Exam II
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
Download
advertisement