1 / 34

Chapter 4

Chapter 4. Configuring and Managing the DNS Server Role. DNS overview. Main Name Resolution technique used in TCP/IP networks Translates hostnames to IP addresses HOSTS file was precursor to DNS Needed to be updated manually and pushed out to clients Size of file could get large

keith-callahan
Download Presentation

Chapter 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 Configuring and Managing the DNS Server Role

  2. DNS overview • Main Name Resolution technique used in TCP/IP networks • Translates hostnames to IP addresses • HOSTS file was precursor to DNS • Needed to be updated manually and pushed out to clients • Size of file could get large • Inability to distribute workload

  3. DNS Namespaces • Hierarchical structure • Starts with root domain “.” • Under root are top-level domains • 3 types of top-level domains • Generic – .aero .biz .com. .coop .edu .gov .info .net .org • Country code - .uk .jp .us • Infrastructure domain - .arpa – Internet’s infrastructure domain • Second-level domains • Registered to individuals or ogranizations • Microsoft.com google.com matt.com • A benefit of the hierarchal structure is that it is possible to have two hosts with the same host name in different locations.

  4. Deploying DNS Servers • DNS servers are determined by the type of zones they host • A DNS server is authoritative for a particular zone if it hosts a primary or secondary zone for a domain. • Primary name server • Hosts a primary zone • Secondary name server • Hosts a secondary zone • Caching – only server • Hosts no zones and is not authoritative

  5. Introducing DNS Zones • Two types of Zones • Standard or a file-backed zone • Active Directory-integrated zone • Forward Lookup zone – names to IP’s • Reverse Lookup zone –IP’s to names • A forward or Reverse lookup zone can be one of 3 types • Primary • Secondary • Stub Zone • Many combinations are possible. Can host multiple.

  6. Standard Primary Zones • Hosts a read/write copy of the DNS zone in which resource records are created and managed • Only 1 server can host and load the master copy of the zone – no additional primary servers for that zone are permitted. • Typically the Primary server is located where it will be accessible for administering the zone file.

  7. Standard Secondary Zones • Read-only copy of the standard primary zone • Provides fault tolerance and load balancing • Gets information from Primary Zone via a zone transfer • Transfer can be Full (AXFR) or incremental (IXFR) • Must specify IP address of the master server when creating a secondary zone.

  8. Reverse lookup Zone • Used to resolve IP’s to domain names • in-addr-arpa domain • The reverse zone for the 192.168.100 network would be 100.168.192.in.addr.arpa

  9. Stub Zone • Only available to Windows 2003 and 2008 systems. • Contains only the resource records to identify the authoritative server for that zone. • A pointer to the authoritative DNS server used to maintain or improve DNS resolution efficiency • Can point in the right direction instead of having to do a query to the internet or internal root servers.

  10. Active Directory-Integrated Zone • Microsoft proprietary • Has many benefits over traditional zones • Fault Tolerance – zone info stored on multiple servers • Security – can set up DACL and secure dynamic updates • Zones are Multimaster – zones can be updated in more than one location. • Efficient Replication – compresses replication data • Maintains use of secondary zones – used the same way standard zones are.

  11. DNS Zone Delegation • When subdomains are added you need to choose who will manage that zone • It can be managed by the parent domain or it can be delegated away example.mircrosoft.comand ftp.microsoft.comare delegated away

  12. DNS Zone Transfers • Transfers some or all data to the secondary DNS server • Events that trigger zone transfers • Manually intiated • Zone refresh interval expires • DNS server service is started at the secondary server • Master server notifies secondary of changes • SOA resource record is used to control and initiate the transfer. Page 68.

  13. DNS Transfers contd. • When the refresh interval expires (900 seconds by default) the secondary server will initiate the transfer. • If the serial number in the SOA of the primary master is higher the secondary server will transfer the zone file. • If the serial number in the SOA is lower there will be no zone transfer. • To save disk space DNS servers save only the latest update.

  14. DNS Notify • Triggers a notification message to secondary servers notifying them that a change has been made. • When a secondary server receives this notification it will initiate the zone transfer • The process improves consistency of zone data

  15. DNS Resource Records • SOA – Start of authority – every zone contains one. • Indicates the starting point or original point of authority • Contains all zone specific information for the DNS server to use when maintaining the zone. • Used in zone transfers. • Serial Number • Refresh Interval • Refresh • Expire

  16. DNS Resource Records • Name Server (NS) Record • Identifies a DNS server that is authoritative for a zone • Delegation and Glue Records • Used with subdomains • Host (A & AAAA) Records – Maps to FQDN to IP. • PTR Records – Reverse function of A records, Maps IP to FQDN. • Canonical Name (CNAME) – creates an alia for a specified FQDN.

  17. DNS Resource Records • Mail Exchanger (MX) Records – Identifies the server that is configured to deliver and send email. • Service Locator (SRV) – specifies the location of servers that provide a specific network service over a specific protocol and in a specific domain. Active Directory is an example

  18. DNS Dynamic Updates • Allows DNS and DHCP to work with each other. • Allows clients to dynamically update their DNS records. • If an IP address changes the client can change their A records to reflect this change. • Active Directory integrated zones are the only ones that allow secure dynamic updates.

  19. Aging and Scavenging • With dynamic updates records can become stale, especially those of mobile users. • When aging and scavenging is enable a timestamp is placed on dynamically updated records • The time allowed is 14 days • If not updated in 14 days the record will be removed.

  20. Introducing Name Resolution Process • 4 types of answers we can get back from DNS server • Authoritative answer – A positive answer from a server with direct authority (primary or secondary server) • Positive answer – Contain the record queried for, but may not be authoritative. • Referral answer – refers the client to another DNS server that might be able to help. • Negative answer – the queried name does not exist

  21. Using Root Hints • Used to resolve queries for names that it is not authoritative for or which it contains no delegations. • Uses the root hints file called cache.dns • Designed to enable any DNS server to locate servers that are authoritative for any DNS domain name. • Points to the 13 root servers that are maintained throughout the world

  22. Iterative and Recursive Queries • An iterative query is sent to a DNS server and expects to get the best answer it can provide using its own information and without seeking further assistance from other DNS servers. • Recursive queries – client sends a query asking the DNS server to provide a definitive answer to the query, even if the serve has to contact other servers to provide the answer. • Typically used by clients.

  23. Configuring Forwarders • Forwarder – a DNS server on a network used to forward DNS queries for external DNS names. • Conditional forwarder – forwards queries on the basis of domain name. • DNS servers will send to forwarder if they are unable to resolve the query • If the forwarder can not answer the request Root Hints will be used • Typically used to forward information to your ISP’s DNS server

  24. Troubleshooting DNS • DNS is key to all Microsoft Server Networks • If DNS is down clients can lose connectivity to: • Internet • Other clients • Active Directory • Other services/applications reliant on DNS • There are several tools that you can use to troubleshoot DNS

  25. Troubleshooting • DNS MMC – main tool to configure DNS but can be used to check settings • Nslookup – next slide • Logging – Check your DNS event logs • Dnscmd – command line you can use to perform most of the tasks you can using the DNS MMC console.

  26. NSlookup • Command line utility to test DNS. • Can be run once or in interactive mode • Example: C:\nslookup www.microsoft.com C:\nslookup www.microsoft.com 192.18.3.1 • By default Nslookup only return host A records • Set type=MX - would look for mail exchanger records

  27. You Learned • The DNS namespace is hierarchical and based on a unique root that can have any number of subdo-mains. An FQDN is the name of a DNS host in this namespace indicating the host’s location relative to the root of the DNS domain tree. An example of an FQDN is host1.subdomain.microsoft.com. Lesson 4

  28. You Learned (cont.) • A DNS zone is a contiguous portion of a namespace for which a server is authoritative. A server can be authoritative for one or more zones, and a zone can contain one or more contiguous domains. A DNS server is authoritative for a zone if it hosts the zone, either as a primary or secondary DNS server. Each DNS zone contains the resource records it needs to answer queries for its portion of the DNS namespace. Lesson 4

  29. You Learned (cont.) • There are several types of DNS servers: primary, secondary, master name, and caching-only. Lesson 4

  30. You Learned (cont.) • A DNS server that hosts a primary DNS zone is said to act as a primary DNS server. Primary DNS servers store original source data for zones. With Windows Server 2003, you can implement primary zones in one of two ways: as standard primary zones (zone data is stored in a text file) or as an Active Directory–integrated zone (zone data is stored in the Active Directory database). Lesson 4

  31. You Learned (cont.) • A DNS server that hosts a secondary DNS server is said to act as a secondary DNS server. Secondary DNS servers are authoritative backup servers for the primary server. The servers from which secondary servers acquire zone information are called masters. • A caching-only server forwards requests to other DNS servers and hosts no zones, but builds a cache of frequently requested records. Lesson 4

  32. You Learned (cont.) • Recursion is one of the two process types for DNS name resolution. A DNS client will request that a DNS server provide a complete answer to a query that does not include pointers to other DNS servers, effectively shifting the workload of resolving the query from the client to the DNS server. Lesson 4

  33. You Learned (cont.) • For the DNS server to perform recursion properly, the server needs to know where to begin searching for names in the DNS namespace. This information is provided by the root hints file, cache.dns, which is stored on the server computer. Lesson 4

  34. You Learned (cont.) • A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. Conditional forwarding enables a DNS server to forward queries to other DNS servers based on the DNS domain names in the queries. Lesson 4

More Related