Domain Name System

1
Domain Name System
2
Domain Name System

• DNS is a client/server protocol which provides
  Name to IP Address Resolution.

3
DNS Terms And Concepts

• Domain Name Space
• Fully Qualified Domain Name (FQDN)
• DNS Server
• DNS Client (Resolver)
• Query
• Recursive
• Iterative
• DNS Zone Types
• DNS Record Types
• DNS Forwarder
• Client Configuration

4
DNS Name Space

• A DNS Namespace is a hierarchical tree in which
  each node represents a named domain
• Each level of the domain namespace is separated
  by a period
• The first level of the tree is where youll find
  the top-level domains which form the base of the
  DNS namespace.

5
DNS Name Space
6
SRV01.SALES.SOUTH.CONTOSO.COM.
7
DC01.Sales.South.Contoso.com
FQDN DC01.Sales.South.Consoso.COM.
8
Server

• DNS Server
• A computer running the Domain Naming System (DNS)
  Service
• Hosts a namespace or portion of a namespace
  (Domain)
• Is authoritative for a namespace or Domain
• Resolves name resolution requests submitted by
  DNS Clients (DNS ClientResolver)

9
Query fs1.domain1.com
owns contoso.com name space and therefore
is authoritative to that space.
10
Mail2.
Authoritative NO. I own this space and there
is no record
Query fs1.domain1.com
owns contoso.com name space and therefore
is authoritative to that space.
11
owns microsoft.com namespace not
authoritative to contoso.com therefore sends
query to another DNS server
12
Recursive Query

• Client Side
• The DNS Client typically issues a Recursive Query
  to its configured name server
• This says, in effect, dont return until you
  have an answer or have failed to find an answer
  to the query.

• Server Side
• When the Server receives a Recursive Query,
  unless Recursion is disabled, server goes to
  work for the client.
• Queries other name servers until it resolves
  clients query, or fails to do so.
• Responds to client with resolved address or
  failure message.

13
Iterative Query

• Asks for Final Answer or Closer Server
• Typically used between servers during resolution
  of client requests
• Lower-level server will issue Iterative queries
  to top-level servers
• Reduces workload on top-level servers

• Response to an Iterative Query
• Requested address
• Authoritative No
• A Referral, if server recognizes the domain name
  being queried and knows a server address for that
  domain.

14
DNS Zone Terminology

• Zone
• A collection of name/address mappings for hosts
  within a contiguous portion of the DNS namespace
• Zone Data is maintained on a DNS Server
• Flat zone file containing lists of mappings
• Stored in Active Directory database
• A server is authoritative for a zone if it can
  resolve names and addresses requested by clients
• In most cases a zone corresponds to a domain,
  subdomain, or contiguous series of domains and
  subdomains

15
DNS Zone Types

• Forward Lookup Zone
• Resolves Names to IP Address
• A (Host) Record
• SRV
• CNAME
• Etc.
• Reverse Lookup Zone
• Resolves IP Addresses to Host Names
• PTR (Pointer) Records

16
The Root or dot (.) Zone
This DNS server that is authoritative for the
Root Zone owns the entire namespace. It is the
top of the hierarchy and does not refer to or
forward queries to any other server. This would
be a zone defined within a root hint DNS server
in the top-level domains
17
Record Types

• Record Types
• A (Host)
• PTR (Pointer)
• NS (NameServer)
• SOA (Start of Authority)
• SRV (Service Record)
• CNAME (Alias)
• MX (Mail Exchanger)
• Etc.

18
Record Types Defined

• A (Host)
• Primary entry for any computer or device on the
  network
• Resolves host name to IP address
• PTR (Pointer)
• Reverse lookup entry, resolves IP Address to host
  name
• NS (Name Server)
• Identifies a named host as a DNS Server for a
  zone
• SOA (Start of Authority)
• Identifies primary DNS name server with
  authority to resolve names for a given zone

19
Additional Record Types Defined

• SRV (Service Record)
• Indicates availability of a given service on a
  given host
• Example
• Windows Domain Controllers register SRV Records
  which are used to direct client logon requests
• CNAME (Alias)
• Typically relates a well known common name to a
  specific host name.
• Example
• WWW is commonly registered as a CNAME record
  for Web servers
• MX (Mail Exchanger)
• Identifies E-Mail Servers
• Example MS Exchange registers an MX record

20
DNS Forwarder

• DNS Servers can be configured to forward queries
  to designated Forwarders
• Forwarders
• Handle all non-local queries
• Enabling forwarders allocates burden of resolving
  unknown names to designated server(s)

21
DNS Client Configuration

• Client Configuration is Critical
• Server Addresses
• DNS Suffix Configuration
• Dynamic updates
• Windows clients rely on DNS Name Resolution to
  perform key functions
• Locate/Connect to DCs for authentication
• Locate/Connect to Servers
• Locate/Connect to WebServers

22
Client Configuration DNS Server Addresses

• Server Addresses
• Preferred DNS Server Address
• Alternate DNS Server Address(es)
• Sends query to Preferred DNS server
• Alternate DNS Server used ONLY if Preferred is
  not available.

23
Preferred DNS Server Configuration
The Preferred DNS Server is the one the client
tries first
If Preferred Server is not available, the client
tries the Alternate DNS Server (if so configured)
24
Alternate DNS Server Configuration
The Preferred and Alternate Servers specified on
the previous Properties page automatically appear
at the top of this list, and Preferred and
Alternates are queried in order listed
Optionally, you can enter a whole list of
Alternate DNS Servers
25
Name Query Resolution

• When a host name is submitted to DNS
• Resolver first checks the cache (if caching
  enabled)
• If the name is in the cache, the data is returned
  to the user
• If name is not in cache, resolver queries DNS
  servers listed in the TCP/IP properties.

26
Client Configuration - DNS Suffixes

• If the query cannot be resolved as is, then
  suffixes are systematically appended to the name
  in the query
• Primary DNS Suffix
• Connection-specific DNS Suffix
• Domain Suffix Search List
• Client is configured to use either Primary and
  Connection Specific
• or
• Suffix Search List

27
Configuring Domain Suffixes
Primary DNS Suffix System Properties gt Computer
Name gtChange gt More
28
Configuring Domain Suffixes
Suffix Selection Option
Domain Suffix Search List
Client uses either Primary and Connection-specific
or Suffix Search List, not both!
Connection-specific Suffix
29
Nitpicking DNS Naming Terminology

• Fully Qualified Domain Name
• Srv1.Sales.Contoso.Com.
• Terminating period makes it Fully Qualified!
• Unqualified Multi-label Name
• Srv1.Sales.Contoso.Com
• No Period!
• Single-label Unqualified Name
• Srv1
• No domain suffix!
• No info to qualify name or indicate where in
  the namespace to look for this host

30
How Suffixes are Applied

• If client submits FQDN (including period)
• Resolver uses FQDN Submitted
• If client submits multi-label unqualified name
  (no period)
• Resolver adds terminating period and uses that
  name
• If multi-label name submitted with period fails
  to resolve, or if client submits single-label
  unqualified name (no suffix)
• Resolver appends specified Suffixes, adds period,
  and keeps trying! The suffixes it appends
  depends on how the DNS Suffix property is
  configured

31
Example Primary Connection-specific setting

• Resolver appends Primary and Connection-specific
  suffixes
• Resolver appends Primary Domain Name from System
  Properties gt Computer Name gt Change gt more
• Resolver devolves domain name from left to
  right
• Tries Parent of specified domain
• If that fails, tries Parent of Parent