Chapter Overview

1
Chapter Overview

• Understanding DNS
• Creating Zones
• Managing Resource Records
• Troubleshooting DNS

2
Understanding DNS

• Domain Name System (DNS) is a name resolution
  mechanism that Transmission Control
  Protocol/Internet Protocol (TCP/IP) computers use
  to resolve host names and domain names into
  Internet Protocol (IP) addresses.

3
Introduction to DNS

• DNS name resolution is different from Windows
  Internet Name Service (WINS).
• WINS resolves Network Basic Input/Output System
  (NetBIOS) names used on Microsoft Windows
  networks into IP addresses.
• DNS resolves host names used on all types of
  TCP/IP networks into IP addresses.
• Host names are user friendly, remain more
  constant than IP addresses, and let users connect
  to local servers by using the same naming
  convention that is used on the Internet.

4
Domain Namespace

• The domain namespace is the naming scheme that
  provides the hierarchical structure for the DNS
  database.
• The domain is the basic unit of the DNS
  namespace.
• A domain's name identifies its position in the
  DNS hierarchy.
• As you add domains to the hierarchy, the name of
  the parent domain is appended to its child domain
  (called a subdomain).
• The domain namespace consists of a root domain,
  top-level domains, second-level domains, and host
  names.

5
The Hierarchical Structure of the DNS Namespace
6
Root Domain

• The root domain is at the top of the DNS
  hierarchy.
• It is represented as a period (.).
• Although it is rarely written as such, every
  fully qualified domain name (FQDN) should end
  with a period, representing the root domain.
• For example sales.microsoft.com.

7
Top-Level Domains

• The seven original top-level domains and the
  resources they represent are
• com Commercial organizations
• edu Educational institutions in North America
• gov United States government institutions
• int Organizations established by international
  treaty
• mil United States military organizations
• net Networking organizations
• org Noncommercial organizations

8
Second-Level Domains

• Second-level domain names must be registered with
  an Internet registrar, such as Network Solutions,
  Inc.
• There are millions of second-level domains in use
  by individuals and organizations.
• A second-level domain can contain both hosts and
  subdomains.
• Once you register a second-level domain name, you
  can create as many subdomains and hosts as you
  want in that domain.

9
Host Names

• A host is a specific computer or other TCP/IP
  device on the Internet or a private network.
• A host name is the leftmost portion of an FQDN,
  which describes the exact position of a host
  within the domain hierarchy.
• For example, Computer1.sales.microsoft.com. is an
  FQDN, and Computer1 is the host name.
• DNS resolves an FQDN to its associated IP
  address.

10
Domain Naming Guidelines

• When you create subdomains and hosts within your
  own second-level domain, consider these
  guidelines
• Limit the number of domain levels.
• Use unique names.
• Use simple names.
• Avoid lengthy domain names.
• Use standard DNS characters.

11
Zones

• Represent discrete portions of the namespace
• Provide a way to partition the domain namespace
  into manageable sections
• Must encompass a contiguous area of the domain
  namespace
• Typically include a domain and one or more of its
  subdomains

12
Domain Namespace Divided Into Zones
13
Name-to-IP-Address Mappings

• The name-to-IP-address mappings for a zone are
  stored in the zone database file.
• Each zone
• Is anchored to a specific domain
• Contains all of the name-to-IP-address mappings
  for that domain, and for all subdomains in that
  zone
• If a new zone is created for a subdomain, all
  name-to-IP-address mappings for the subdomain are
  contained in the new zone, not in the zone that
  contains the parent domain.

14
Name Servers

• A DNS name server stores the zone database file.
• A name server can store data for one zone or
  multiple zones.
• There must be at least one name server for a
  zone, although a zone can have multiple servers.
• One of these servers contains the master zone
  database file, also called the primary zone
  database file.
• Any other servers associated with the zone
  contain a secondary zone database file.

15
Advantages of Multiple Name Servers

• There are several advantages of using multiple
  name servers for a zone
• Performing zone transfers
• Providing redundancy and fault tolerance
• Improving access speed for remote locations
• Reducing the load on the server containing the
  primary zone database file

16
Overview of the Name Resolution Process

• Name resolution converts host names or domain
  names to IP addresses.
• When you try to connect to a Web site, your Web
  browser contacts a DNS server to resolve the name
  of the Web site you entered to its associated IP
  address.
• The mapping of names to IP addresses is stored in
  the DNS distributed database.
• The database is said to be distributed because
  its information is stored in zones located on DNS
  name servers all over the Internet.

17
Overview of the Name Resolution Process (Cont.)

• DNS name servers resolve forward and reverse
  lookup queries.
• A forward lookup query resolves a name to an IP
  address.
• A reverse lookup query resolves an IP address to
  a name.
• A name server can resolve a query only for names
  in a zone for which it has authority.
• If a name server cannot resolve a query, it
  passes the query to other name servers that can
  resolve the query.

18
Forward Lookup Query

• The DNS service uses a client/server model for
  name resolution.
• To resolve a forward lookup query, a DNS client
  passes a query to a local name server.
• The local name server either resolves the query
  itself or transmits its own query to another name
  server for resolution.
• The local name server sends the IP address to the
  client, completing the process.

19
Resolving a Forward Lookup Query
20
Name Server Caching

• As a name server receives queries, it caches the
  query results.
• The query results are cached for the time
  specified in the Time to Live (TTL), which is
  specified by the zone that provided the query
  results.
• When the TTL expires, the name server deletes the
  query results from its cache.
• By caching query results, the name server can
  quickly resolve other queries to the same portion
  of the domain namespace.

21
Reverse Lookup Query

• A reverse lookup query maps an IP address to a
  name.
• Because the DNS distributed database is indexed
  by name and not by IP address, a special domain
  called in-addr.arpa was created.
• The in-addr.arpa domain follows the same naming
  scheme as the rest of the domain namespace,
  except that it is based on IP addresses, not
  domain names.

22
Installing the DNS Service

• There are three ways to install the DNS Server
  service on a computer running Microsoft Windows
  2000 Server
• Select it during operating system installation.
• Use Add/Remove Programs.
• Allow the Active Directory Installation Wizard to
  install and configure it.
• You should manually configure a DNS server with a
  static IP address, not one assigned by a Dynamic
  Host Configuration Protocol (DHCP) server.

23
The Windows Components Page in the Windows
Component Wizard
24
The DNS Server Service Installation Process

• After installing the DNS Server service, you
  should configure the DNS server to use itself as
  its DNS server.
• The DNS Server service installation process does
  the following
• Installs the DNS console, which you can use to
  manage DNS servers on your network
• Adds the following key to the registry
  HKEY_LOCAL_MACHINE\System \CurrentControlSet\Servi
  ces\DNS
• Creates the \systemroot\System32\DNS folder,
  which contains the DNS database files

25
Lesson Summary

• DNS name resolution is the process of resolving
  host and domain names to IP addresses.
• The DNS namespace consists of multiple levels of
  domains, each of which can contain subdomains and
  hosts.
• A DNS name server contains one or more zones,
  each of which is a segment of the DNS namespace
  consisting of one or more domains.
• DNS servers perform two types of name
  resolutions forward lookup queries and reverse
  lookup queries.

26
Creating Zones

• DNS servers let you divide the DNS namespace into
  zones that store name information about one or
  more DNS domains.
• The zone becomes the authoritative source for
  information about each DNS domain included in it.
• You create and configure zones by using the DNS.

27
Zone Planning

• When you install a DNS server for servicing a
  domain, you must create at least one zone.
• You can do either of the following
• Create one zone that contains the entire area of
  the DNS namespace for which you are the authority
• Divide your domain into subdomains and place them
  in different zones
• Reasons for dividing into zones include
  administrative delegation, performance
  enhancement, fault tolerance, and namespace
  expansion.

28
Creating a Zone

• Use the DNS console to create zones and manage
  the DNS servers on your network.
• The DNS console is installed during DNS
  installation.
• To access the console, click Start, point to
  Programs, point to Administrative Tools, and then
  click DNS.
• To run the DNS console on a computer running
  Windows 2000 computer that is not running the DNS
  Server service, you can install the Adminpak
  package.

29
Creating a Zone (Cont.)

• When you create a zone, you must select a zone
  type.

Zone Type Description
Active Directoryintegrated The master copy of a new zone The zone uses the Active Directory database to store and replicate the zone files.
Standard primary The master copy of a new zone stored in a standard text file You administer and maintain this zone on the computer where it was created.
Standard secondary A replica of an existing zone It is read-only and is stored in a standard text file.
30
The Master DNS Servers Page in the New Zone
Wizard
31
The Reverse Lookup Zone Page in the New Zone
Wizard
32
Creating Active DirectoryIntegrated Zones

• Strongly recommended for networks deploying DNS
  to support the Active Directory service
• Provide these benefits
• Multiple-master update and enhanced security are
  based on the capabilities of Active Directory.
• Zones are replicated and synchronized to new
  domain controllers automatically whenever a new
  zone is added.
• Planning and administration are simplified for
  both DNS and Active Directory.
• Directory replication is faster and more
  efficient than standard DNS replication.

33
Delegating Zones

• A zone starts as the storage database for a
  single DNS domain name.
• If you add a subdomain below the domain you used
  to create the zone, you can configure it to be
• Managed and included in the original zone
• Delegated to another zone created to support the
  subdomain

34
Delegating a New Subdomain to a New Zone
35
Delegating a Zone

• When you delegate a zone, you are creating a Name
  Server (NS) resource record in the DNS database
  that points to the authoritative DNS server for
  the delegated zone.
• This record transfers authority and provides
  correct referrals to other DNS servers and
  clients.
• Use the DNS console to create a zone delegation.

36
The Name Servers Page in the New Delegation
Wizard
37
The New Resource Record Dialog Box
38
Configuring Dynamic DNS

• The DNS Server service includes a dynamic update
  feature called Dynamic DNS (DDNS).
• With DDNS, name servers and clients on a network
  automatically update the zone database files.
• You can configure a list of authorized servers to
  initiate dynamic updates, including secondary
  name servers, domain controllers, DHCP servers,
  WINS servers, and so on.

39
Configuring Dynamic DNS (Cont.)

• DDNS interacts with the DHCP Server service to
  maintain synchronized name-to-IP-address mappings
  for network hosts.
• DHCP clients add their own Host (A) resource
  records to the zone.
• The DHCP Server service adds the Pointer (PTR)
  resource records to the zone.
• You use the DNS console to configure a zone for
  DDNS.

40
Lesson Summary

• DNS servers let you divide the DNS namespace into
  zones that store name information about one or
  more DNS domains.
• DNS servers can have forward lookup and reverse
  lookup zones.
• You can create three types of zones Active
  Directoryintegrated zones, standard primary
  zones, and standard secondary zones.
• When a new subdomain is added, it can be
  delegated to a new zone created to support the
  subdomain.
• DDNS enables computers on the network to
  automatically update their resource records.

41
Managing Resource Records

• The information in a DNS zone database file is
  stored in units called resource records.
• Resource records associate DNS domain names to
  related data, such as an IP address, for a
  particular resource.

42
Understanding Resource Record Types

• There are many different types of resource
  records

Type Function
Start of Authority (SOA) Identifies which name server is the authoritative source for data within the domain
Name Server (NS) Lists the name servers assigned to a particular domain
Host (A) Lists the host name-to-IP address mappings for a forward lookup zone
Alias (CNAME) Creates an alias, or alternate name, for the specified host name
43
Understanding Resource Record Types (Cont.)
Type Function
Host Information (HINFO) Identifies the CPU and operating system used by the host
Mail Exchanger (MX) Identifies which mail server to contact for a specified domain
Pointer (PTR) Points to another part of the domain namespace In a reverse lookup zone, a PTR record contains IP-address-to-name mappings.
Service (SRV) Identifies which servers host a particular service
44
Viewing Resource Records

• To view the information in a resource record
• 1. Open the DNS console.
  2. In the console tree, click
  the zone that contains the resource record you
  want to view. 3. In the details
  pane, right-click the record you want to view,
  and then click Properties.
  4. View the properties of the resource record,
  and then click OK.

45
The Properties Dialog Box for a Host (A) Record
46
The Properties Dialog Box for a Start of
Authority (SOA) Record
47
Creating Resource Records

• To use the DNS console to create a new resource
  record
• 1. Right-click the zone where you want the
  record to be located, and then select the
  appropriate command from the menu
  
  2. Enter information in the New
  Resource Record dialog box, and then click OK.

• New Domain
• New Delegation
• Other New Records

• New Host
• New Alias
• New Mail Exchanger

48
The Resource Record Type Dialog Box
49
The New Resource Record Dialog Box for a Host (A)
Record
50
Lesson Summary

• A DNS zone database file can contain many
  different types of resource records.
• A Start of Authority (SOA) record identifies the
  authoritative name server for the domain.
• An Alias (CNAME) record creates an alternate name
  for a host.
• Host (A) records contain basic name-to-IP-address
  mappings.
• Pointer (PTR) records contain IP-address-to-name
  mappings.
• Use the DNS console to view existing resource
  records and create new resource records.

51
Troubleshooting DNS

• System administrators should understand
• The monitoring options available for DNS servers
• The problems that might occur in using DNS with
  Active Directory service and some possible
  solutions to these problems

52
Monitoring DNS Servers

• Windows 2000 Server includes three options for
  monitoring DNS servers
• Submitting queries to the server
• Default logging of DNS server event messages to
  the DNS server log
• Optional debug options for trace logging to a
  text file on the DNS server computer

53
Querying the DNS Server

• To use the DNS console to monitor the DNS Server
  service
• 1. Select the name server, click the Action
  menu, and then select Properties.
  2. In the
  Properties dialog box, click the Monitoring
  tab.
• You can test the server by performing two types
  of queries
• Simple query a local test that uses the DNS
  client on this computer to query the name server
• Recursive query a more complex test that tests
  the name server by forwarding a query to another
  name server

54
DNS Server Event Logging

• You can use Event Viewer to view the DNS server
  log.
• The DNS server log contains basic events logged
  by the DNS Server service, such as when the
  service starts and stops.
• You can also use Event Viewer to view and monitor
  client-related DNS events.
• The DNS client service generates these events,
  which appear in the System log on computers
  running Microsoft Windows 2000.

55
Debug Options

• You can use the DNS console to set additional
  logging options to create a temporary trace log
  as a text-based file of DNS server activity for
  debugging purposes.
• To configure debug logging options
• 1. Right-click a DNS server in the DNS console,
  and then select Properties.
• 2. Click the Logging tab, and then select the
  check boxes next to the options you want.
• By default, all debug logging options are
  disabled.

56
The Logging Tab in a DNS Servers Properties
Dialog Box
57
DNS Troubleshooting Scenarios

• Problem A zone transfer may fail to occur.
• Possible causes
• The DNS Server service is stopped or the zone is
  paused.
• The DNS servers used during a transfer may have
  network connectivity or interoperability
  problems.
• The SOA serial number may be the same at both the
  source and destination servers. 
• The zone may have resource records or other data
  that the DNS server cannot interpret.
• The authoritative zone data might be incorrect.

58
DNS Troubleshooting Scenarios (Cont.)

• Problem A zone delegation does not function
  properly.
• Solution The most likely cause of the problem is
  an incorrectly configured zone delegation.
• Review how zone delegations are used and revise
  zone configurations as needed.

59
DNS Troubleshooting Scenarios (Cont.)

• Problem A client is not performing dynamic
  updates.
• Possible causes
• The client, or its DHCP server, may not support
  DDNS.
• The client may not have been able to register and
  update with the DNS server due to incomplete DNS
  configuration.
• The client may have attempted to update its
  information with the DNS server but failed
  because of a problem with the server.
• The DNS server may not support dynamic updates.
• The DNS server may support dynamic updates, but
  may not be configured to accept them.
• The zone database may not be available.

60
Lesson Summary

• The Monitoring tab in a DNS server's Properties
  dialog box lets you send simple and recursive
  queries to the server.
• Event Viewer contains a DNS server log on
  computers running Windows 2000 Server and the DNS
  Server.
• The Logging tab in a DNS server's Properties
  dialog box enables you to select specific server
  activities to monitor in a log file.
• Zone transfers can fail for many reasons,
  including network failures and unsupported data
  stored in the zone database.
• Dynamic updates often fail because not all of the
  computers involved support DNS.