Administering DNS - PowerPoint PPT Presentation

1 / 51

About This Presentation

Title:

Administering DNS

Description:

Understand the fundamentals of the Domain Name System (DNS) ... Domain Name System (DNS) Used by Windows Server 2003 for. Resolving host and domain names to IP ... – PowerPoint PPT presentation

Number of Views:51

Avg rating:3.0/5.0

Slides: 52

Provided by: zz91

Category:

more less

Transcript and Presenter's Notes

Title: Administering DNS

1
Chapter 9

Administering DNS

2
Objectives

Understand the fundamentals of the Domain Name
System (DNS)
Install the DNS service on Windows Server 2003
Create and configure both standard and Active
Directoryintegrated DNS zones
Understand the purpose of name resolution files
in Windows Server 2003
Troubleshoot name resolution problems in Windows
Server 2003

3
DNS Fundamentals

Domain Name System (DNS)
Used by Windows Server 2003 for
Resolving host and domain names to IP addresses
Locating network services in an Active Directory
environment

4
Basics of DNS

DNS
Uses a hierarchical structure
Enables users to access servers using a
user-friendly name, such as www.microsoft.com
Main components
Domain namespace
The DNS hierarchical structure of domains
DNS zones
One or more DNS domains grouped together for
administrative purposes
Name servers
A DNS server that holds all of the host records
for a specific zone

5
Basics of DNS (Continued)

The root domain
Located at the top of the DNS hierarchical
structure
Often represented by a period, or .
First-level domains
Located below the root domain
Examples .com, .org, .mn
Second-level domains
Located below the first-level domains
Usually represent an organizations name
Examples Microsoft, Dovercorp

6
Basics of DNS (Continued)

Host
A computer that is a member of a specific DNS
domain within the network structure
Referred to by its fully qualified domain name
(FQDN)
Example www.marketing.Dovercorp.net

7
The DNS namespace
8
Basics of DNS (Continued)

DNS zones
One or more domains that are grouped together for
administrative purposes
Types of zones
Forward lookup zones
Used to find the IP address associated with a
host name
Reverse lookup zones
Used for find the FQDN or host name associated
with a known IP address

9
Basics of DNS (Continued)

Primary DNS server
Contains all of the records for a specific DNS
zone
Authoritative for a zone
Secondary DNS server
Contains zone information that is copied from a
primary DNS server or other secondary servers
Used to provide
Backup
Load-balancing
Zone transfer
Copying DNS database information between primary
and secondary name servers

10
The Name Resolution Process

When a client needs to communicate with a
computer on a local network or the Internet, the
host name or FQDN is usually supplied
Each client is configured to contact a specific
DNS name server whenever it needs to resolve an
FQDN to an IP address
A specific process is followed when a client
attempts to contact a computer using a FQDN

11
Installing DNS

DNS service
Not installed by default during the Windows
Server 2003 installation process
Can be added either
Automatically as part of promoting a server to be
an Active Directory domain controller
As a separate service
Caching-only server
A DNS server with no zone files configured that
only caches information
A number of properties can be configured for a
new DNS server

12
DNS server properties
13
Creating and Configuring DNS Zones

To create and configure a forward or reverse
lookup zone
Must be a member of the local Administrators
group
If the server is a domain controller
Must be a member of at least one of the following
global groups
Domain Admins
Enterprise Admins
DNS Admins

14
Creating and Configuring DNS Zones (Continued)

Windows Server 2003 supports two main types of
DNS zones
Standard zones
Active Directoryintegrated zones

15
Standard DNS Zones

Standard DNS zone
The traditional zone type used by most
implementations of DNS
Places DNS zone information into a text file
stored in the systemroot\system32\dns folder on
the server

16
Standard DNS Zones (Continued)

Files used by a standard DNS zone
CACHE.DNS
Contains records for all 13 Internet root servers
dns.log
Gathers DNS information when DNS Debug Logging is
explicitly enabled in the DNS console
domainname.dns
Acts as the storage location for a given zone and
holds all applicable resource records

17
Standard DNS Zones (Continued)

Main types of standard DNS zones
Standard primary zone
Authoritative for one or more domains
Represents the only writable copy of the zone
file
Standard secondary zone
Used for load balancing and redundancy of DNS

18
Active Directory-Integrated DNS Zones

Active Directoryintegrated DNS zones
Store zone information within the Active
Directory database
Advantages
DNS zone information is automatically replicated
to all domain controllers specified in the Active
Directory environment
Provides an additional layer of security if
dynamic DNS updates are enabled through the
secure dynamic updates feature

19
DNS Resource Records

Once a new DNS zone is created and defined,
resource records must be added to the server for
it to respond to DNS client requests
Two resource records are created by default and
added to a new zone once created
Start of Authority (SOA) record
Designates server as authoritative for a zone
Stores additional information, such as
Zone file serial number
Time-to-live (TTL) intervals
Name Server (NS) record
Specifies the FQDN of a name server that is
authoritative for the zone

20
DNS resource record types
21
DNS Resource Records (Continued)

Zone transfer methods supported by Windows Server
2003
Full zone transfer (AXFR)
Transfers the entire contents of the DNS zone
database from a standard primary server to a
standard secondary server
Incremental zone transfer (IXFR)
Transfers only changes to the zone database file
not currently present in the secondary servers
version of the DNS zone database

22
DNS Resource Records (Continued)

Scenarios under which a zone transfer occurs
The refresh interval for the zone has expired
The primary server notifies the secondary servers
that changes to the zone file exist
The DNS service is restarted on the secondary
server
The zone transfer process is manually initiated
from the DNS console of the secondary server

23
DNS Resource Records (Continued)

DNS Notify feature
Allows a primary DNS server to notify any
secondary servers of when changes to the DNS zone
database have occurred
To use the feature
Configure the Notify properties of a DNS zone
with the IP addresses of all standard primary
servers

24
Configuring the notify properties for a primary
zone
25
DNS Forwarders

A DNS forwarder
A server to which unresolved DNS queries can be
forwarded by other DNS servers
Advantage
Speeds up the name resolution process

26
Configuring Dynamic DNS Updates

Windows Server 2003 DNS supports the dynamic
updating of resource records
Advantage
An administrator does not have to manually update
the resource records in a zone file

27
Configuring Dynamic DNS Updates (Continued)

Dynamic updates are configured on a zone-by-zone
basis
Options available for configuring dynamic updates
No
Yes
Only secure updates

28
Configuring DNS Client Settings

The DNS tab of the Advanced properties of a
clients TCP/IP settings
First section
Allows you
To add or remove the IP addresses of DNS servers
that the client will use
Control the order in which the servers are
contacted

29
Configuring DNS Client Settings (Continued)

The DNS tab (Continued)
Middle section
Allows you to control how the client will handle
name resolution requests that are not fully
qualified
Options for handling this situation
Append primary and connection specific DNS
suffixes
Append parent suffixes of the primary DNS suffix
Append these DNS suffixes (in order)

30
Configuring DNS Client Settings (Continued)

The DNS tab (Continued)
Last section
Allows you to configure DNS settings specific to
a particular network connection
Settings in this section
DNS suffix for this connection
Register this connections addresses in DNS
Use this connections DNS suffix in DNS
registration

31
Client DNS settings in the Advanced TCP/IP
Settings dialog box
32
Testing the DNS Server

Utilities that can be used to test the server to
ensure that lookup queries and resource records
are properly configured
DNS Monitor
Found on the Monitoring tab of a DNS servers
properties dialog box
Allows you to perform both simple and recursive
DNS queries
Nslookup
A command-line utility
Can be used to view resource records and perform
queries on any DNS server

33
(No Transcript)
34
Testing a DNS server via the Monitoring tab
35
Name Resolution Files

Static text files which can be used by Windows
Server 2003 for resolving names to IP addresses
HOSTS file
Used for resolving host names and FQDNs to IP
addresses
LMHOSTS file
Used for mapping NetBIOS names to IP addresses

36
The HOSTS File

Stored in the systemroot\system32\drivers\etc
directory
By default, consists of a single host name to IP
address mapping
The localhost entry, with an IP address of
127.0.0.1
Commonly used for testing purposes, especially in
cases where host name or FQDN resolution is
required, but DNS has yet to be configured

37
Default configuration of the HOSTS file
38
The LMHOSTS File

Exists in the systemroot\system32\drivers\etc
directory
File extension
By default, includes the extension .SAM
Once configured and saved, should not include a
file extension
Exists for the purpose of mapping NetBIOS names
to IP addresses
A Windows Server 2003 system can be configured to
disable LMHOSTS processing if required

39
Sample LMHOSTS file
40
Troubleshooting Name Resolution Problems

Both host names and NetBIOS names must be
considered during name resolution
Windows Internet Name Service (WINS)
Used to resolve NetBIOS names to IP addresses
Assists pre-Windows 2000 clients in finding
network resources, such as domain controllers
Can be installed via the Add or Remove Programs
applet in Control Panel

41
Troubleshooting Name Resolution Problems
(Continued)

To troubleshoot name resolution problems on the
network, you must be familiar with
The NetBIOS name resolution process
A specific process followed when a client
attempts to communicate with another computer
using a NetBIOS utility
The host name resolution process
A specific process followed when a client
attempts to contact another computer using its
host name or FQDN

42
DNS Troubleshooting Utilities

Dnscmd.exe
A command-line tool that can be used
As a troubleshooting tool
To add, delete, view, and configure DNS settings

43
DNS Troubleshooting Utilities (Continued)

DNS Events log file
Can be accessed via
The Event Viewer MMC
The DNS MMC
Stores the following kinds of events which are
related to the DNS server service
Information events
Error events
Warning events

44
DNS Events log even IDs
45
DNS Events log
46
DNS Troubleshooting Utilities (Continued)

Utilities that are not exclusively for
troubleshooting DNS
Netdiag.exe
Provides the ability to test DNS connectivity
when used with the /testDNS switch
Netsh.exe
Allows you to perform tests on a wide variety of
network services, including DNS

47
DNS Troubleshooting Utilities (Continued)

Utilities that are not exclusively for
troubleshooting DNS (Continued)
Netstat.exe
Allows you to view the status on TCP and UDR
ports on the local computer when used with the
-an switch
Portqry.exe
Allows you to query a particular port on a
network server to find out its status

48
Summary

DNS is a Windows Server 2003 service used to
Resolve host names and FQDNs to IP addresses
Locate network services
Types of DNS zones
Standard primary
Standard secondary
Active Directory-integrated
Forward and reverse lookup zones files
A forward lookup zone file
Used to map host names to IP addresses
A reverse lookup zone file
Used to map IP addresses to host names

49
Summary (Continued)

A DNS caching-only server
A DNS server that is not configured with any
zone-related information
DNS client configuration settings impact the way
in which a client will
Be registered in DNS
Query a DNS server
When configuring a DNS server, you can choose
Whether or not to allow dynamic updates
To only allow those computers with accounts in
Active Directory to perform updates

50
Summary (Continued)