Scribd
Upload
236 views

Domain Name System

DNS

Uploaded by

Jerome Balibat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
236 views

Domain Name System

DNS

Uploaded by

Jerome Balibat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 50

MCSA Guide to Installing and

Configuring Windows Server


2012/R2, Exam 70-410

Chapter 10
Configuring DNS
Objectives

• Describe the structure of Domain Name System


• Install and configure DNS
• Configure DNS zones
• Configure advanced DNS server settings
• Monitor and troubleshoot DNS

MCSA Guide to Installing and Configuring Windows Server 2012/R2, 2


© Cengage Learning 2015
Exam 70-410
Introduction to Domain Name System

• Domain Name System (DNS) is a distributed


hierarchical database composed mainly of
computer name and IP address pairs
• Distributed means no single database contains all
data and hierarchical means there’s no structure to
how information is stored and accessed in the
database
• In order to resolve a name to an address, a DNS
lookup will often require multiple queries to a
hierarchy of DNS servers

MCSA Guide to Installing and Configuring Windows Server 3


© Cengage Learning 2015
2012/R2, Exam 70-410
The Structure of DNS

• DNS can be described as an inverted tree structure


• The entire DNS tree is called the DNS namespace
• Each domain has one or more servers that are
authoritative for the domain
• Root servers keep a database of addresses of
other DNS servers managing top-level domain
names, called top-level domain (TLD) servers

MCSA Guide to Installing and Configuring Windows Server 4


© Cengage Learning 2015
2012/R2, Exam 70-410
Figure 10-1 A partial view of the DNS naming hierarchy

MCSA Guide to Installing and Configuring 5


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
The DNS Database

• A zone is a grouping of DNS information that


represents one or more domains and possibly sub-
domains
• Zones contain a variety of record types called
resource records, which contain information about
network resources
• DNS records can be added and changed by:
– Static updates - administrator enters DNS record
information manually
– Dynamic updates - referred to as Dynamic DNS
(DDNS)
MCSA Guide to Installing and Configuring Windows Server 6
© Cengage Learning 2015
2012/R2, Exam 70-410
The DNS Lookup Process
• Two types of DNS lookup can be performed:
– Iterative Query - a DNS server will respond with the
best information it has to satisfy the query, or it may
give a referral response
– Recursive Query - a DNS server processes the
query until it responds with an address that satisfies
the query or with an “I don’t know message”
• A typical DNS lookup made by a DNS client can
involve both recursive and iterative queries
• DNS clients maintain a text file that can contain
static DNS entries and the file is stored in
%systemroot%\System32\drivers\etc
MCSA Guide to Installing and Configuring Windows Server 7
© Cengage Learning 2015
2012/R2, Exam 70-410
Figure 10-2 A DNS hierarchical lookup

MCSA Guide to Installing and Configuring 8


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
DNS Server Roles
• DNS Servers can perform one or more of the
following roles for a zone:
– Authoritative server - holds a complete copy of a
zone’s resource records
– Forwarder - a DNS server to which other DNS
servers send requests they can’t resolve themselves
– Conditional forwarder - a DNS Server to which other
DNS servers send requests targeted for a specific
domain
– Caching-only server - does not have zones and it’s
job is to field DNS queries, do recursive lookups to
root servers or send requests to forwarders, and
then cache the results
MCSA Guide to Installing and Configuring Windows Server 9
© Cengage Learning 2015
2012/R2, Exam 70-410
Installing and Configuring DNS

• A correctly configured and efficiently functioning


DNS service is essential for a well-functioning
network
• When domain controllers replicate with one another
and when trusts are created between domains in
different forests, DNS is required to resolve names
and services to IP addresses

MCSA Guide to Installing and Configuring Windows Server 10


© Cengage Learning 2015
2012/R2, Exam 70-410
Installing DNS

• DNS installation begins by installing the DNS


Server role with Server Manager or PowerShell
• If the DNS server is intended to manage domain
name services for Active Directory, DNS Server
role should be installed on a domain controller
• Windows automatically detects whether or not the
server is configured as a domain controller, then
integrates DNS zones with Active Directory

MCSA Guide to Installing and Configuring Windows Server 11


© Cengage Learning 2015
2012/R2, Exam 70-410
Creating DNS Zones

• You may need to create a zone manually in DNS


Manager if you:
– Don’t install DNS at the time you install Active
Directory
– Install DNS on a server that’s not a domain controller
– Create a stub zone
– Create a secondary zone for a primary zone
– Create a primary or secondary zone for an Internet
domain

MCSA Guide to Installing and Configuring Windows Server 12


© Cengage Learning 2015
2012/R2, Exam 70-410
Forward and Reverse Lookup Zones

• Before creating a zone, you must decide whether


it’s a forward lookup zone or a reverse lookup
zone:
– Forward lookup zone (FLZ) – contains records that
translate names to IP addresses, such as A, AAAA,
and MX records
– Reverse lookup zone (RLZ) – contains PTR records
that map IP addresses to names and is named after
the IP network address (IPv4 or IPv6) of the
computers whose records it contains

MCSA Guide to Installing and Configuring Windows Server 13


© Cengage Learning 2015
2012/R2, Exam 70-410
Zone Type

• Three different types of zones:


– Primary zone - contains a read/write master copy of
all resource records for the zone; it is considered
authoritative for the zone
– Secondary zone - contains a read-only copy of all
resource records for the zone; it is considered
authoritative for the zone
– Stub zone - contains a read-only copy of only the
SOA and NS records for a zone and the necessary A
records to resolve NS records; not authoritative

MCSA Guide to Installing and Configuring Windows Server 14


© Cengage Learning 2015
2012/R2, Exam 70-410
Active Directory-Integrated Zones

• Active Directory-Integrated zone - not a new zone


type but it is a primary or stub zone with the DNS
database stored in an Active Directory partition
– The only valid zone type options are primary and
stub zones
• If you select a secondary zone, the option to store
the zone in Active Directory is disabled

MCSA Guide to Installing and Configuring Windows Server 15


© Cengage Learning 2015
2012/R2, Exam 70-410
Standard Zones

• Standard zone - a primary, secondary, or stub


zone that isn’t Active Directory-integrated
• Standard zones are stored in a text file called zone-
name.dns, which is located in the
%systemroot%\system32\dns folder
• Mostly installed on stand-alone servers that need
to provide name resolution services for network
resources outside the domain
– Or in networks that don’t use Active Directory, such
as Linux or UNIX-based networks

MCSA Guide to Installing and Configuring Windows Server 16


© Cengage Learning 2015
2012/R2, Exam 70-410
Zone Replication

• Zone replication - the transfer of zone changes


from one DNS server to another
• For a standard zone, zone replication is called
“zone transfer”
• Active Directory-integrated zones have the
following advantages over a standard zone:
– Automatic zone replication
– Multimaster replication and update
– Secure updates
– Efficient replication

MCSA Guide to Installing and Configuring Windows Server 17


© Cengage Learning 2015
2012/R2, Exam 70-410
Active Directory Zone Replication
Scope
• After selecting the zone type and specifying the
zone is to be stored in Active directory, you are
asked to select the zone replication scope with one
of these options:
– To all DNS servers in this forest
– To all DNS servers running on domain controllers in
this domain
– To all domain controllers in this domain (for
Windows 2000 compatibility)
– To all domain controllers specified in the scope of
this directory partition
MCSA Guide to Installing and Configuring Windows Server 18
© Cengage Learning 2015
2012/R2, Exam 70-410
Figure 10-6 Selecting a zone replication scope

MCSA Guide to Installing and Configuring 19


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
Zone Name

• The next step is to give the zone a name


• For an FLZ, it’s the FQDN
• For an RLZ, specify whether it’s an IPv4 or IPv6
zone
– Then, enter the network ID portion of the zone
– The zone name is created automatically by using the
network ID’s octets in reverse order and appending
“in-addr.arpa” to the name

MCSA Guide to Installing and Configuring Windows Server 20


© Cengage Learning 2015
2012/R2, Exam 70-410
Dynamic Updates

• The final step allows you to choose whether and


how to use dynamic updates, which can be
configured in one of three ways:
– Allow only secure dynamic updates
– Allow both nonsecure and secure dynamic updates
– Do not allow dynamic updates
• Dynamic updates enable DNS client computers to
register and dynamically update their resource
records with a DNS server whenever changes
occur

MCSA Guide to Installing and Configuring Windows Server 21


© Cengage Learning 2015
2012/R2, Exam 70-410
Creating Resource Records in Zones

• Resource records can be created dynamically or as


static records
• Dynamic records are created by the resource or
with a DHCP server
• Static records are created manually by an
administrator or automatically by Windows

MCSA Guide to Installing and Configuring Windows Server 22


© Cengage Learning 2015
2012/R2, Exam 70-410
Creating Dynamic DNS Records

• Dynamic DNS records are created and updated by


the resource or by the DHCP server when an IP
address is leased or renewed
• Each time a dynamic record is created or updated,
a time-to-live (TTL) value and timestamp are added
to the record
– The TTL specifies how long the record should
remain in the DNS database
– If the record expires, it’s deleted from the database

MCSA Guide to Installing and Configuring Windows Server 23


© Cengage Learning 2015
2012/R2, Exam 70-410
Creating Static DNS Records

• Static DNS records do not expire and are created


manually by an administrator
• To create a static record in DNS Manager:
– Right-click the zone and select the record type
– In an FLZ, the most common type of record is a New
Host record
– Enter a name to create the FQDN automatically
– If you select the “Create associated pointer (PTR)
record” check box, a PTR record is created if a
suitable RLZ exists for the IP address entered

MCSA Guide to Installing and Configuring Windows Server 24


© Cengage Learning 2015
2012/R2, Exam 70-410
Configuring DNS Zones

• Zones can be viewed and changed in DNS


Manager
• DNS Manager provides the following options:
– Status
– Type
– Replication
– Dynamic updates
– Aging

MCSA Guide to Installing and Configuring Windows Server 25


© Cengage Learning 2015
2012/R2, Exam 70-410
Start of Authority Records
• SOA records are found in every zone and contain
information that identifies the server primarily
responsible for the zone as well as some operation
properties for the zone
• The SOA record contains the following information:
– Serial number
– Primary server
– Responsible person
– Refresh interval
– Retry interval
– Expires after
– Minimum (default) TTL
MCSA Guide to Installing and Configuring Windows Server 26
© Cengage Learning 2015
2012/R2, Exam 70-410
Name Server Records
• NS records specify FQDNs and IP addresses of
authoritative servers for a zone
• NS records are also used to refer DNS queries to a
name server that has been delegated authority for
a subdomain
• Glue A records are A records containing a name
server’s IP address, and are used to resolve NS
record information
• On Windows DNS servers, glue records are
created automatically by a DNS lookup on the NS
record’s FQDN
MCSA Guide to Installing and Configuring Windows Server 27
© Cengage Learning 2015
2012/R2, Exam 70-410
Using Stub Zones

• Stub zones are a special type of zone that contain


only an SOA record, one or more NS records, and
the necessary glue A records to resolve NS
records
• Reasons for using stub zones:
– Maintenance of zone delegation information
– In lieu of conditional forwarders
– Faster recursive queries
– Distribution of zone information

MCSA Guide to Installing and Configuring Windows Server 28


© Cengage Learning 2015
2012/R2, Exam 70-410
Zone Transfers
• A zone transfer copies all or part of a zone from one DNS
server to another and occurs as a result of a second
server requesting the transfer from another server
• Zone transfers can be initiated in two ways:
– Refresh interval
– DNS notify
• Zone transfers are configured in the Zone Transfers tab of
a zone’s Properties dialog box, which has the following
options:
– Allow zone transfers
• To any server
• Only to servers listed on the Name Servers tab
• Only to the following servers
– Notify
MCSA Guide to Installing and Configuring Windows Server 29
© Cengage Learning 2015
2012/R2, Exam 70-410
Incremental Zone Transfers

• Two types of zone transfer:


– Full zone transfers
– Incremental zone transfers
• Both master and slave DNS servers must support
incremental zone transfers to use them
• During the initiation of an incremental zone
transfer, the serial number decides whether the
slave or the master determines the differences
between its current zone data and the zone data on
the other server

MCSA Guide to Installing and Configuring Windows Server 30


© Cengage Learning 2015
2012/R2, Exam 70-410
Using the GlobalNames Zone
• GlobalNames zone (GNZ) allows administrators to
add single-label names to DNS, giving client
computers the ability to resolve these names
without including a DNS suffix in the query

• Entries must be made manually

• Can assist mobile users by dropping the need for


remembering a resource’s FQDN

MCSA Guide to Installing and Configuring Windows Server 31


© Cengage Learning 2015
2012/R2, Exam 70-410
Advanced DNS Server Settings

• DNS server settings to configure an optimal DNS


environment:
– Forwarders
– Root hints
– Round Robin
– Recursion
– Debug logging

MCSA Guide to Installing and Configuring Windows Server 32


© Cengage Learning 2015
2012/R2, Exam 70-410
DNS Forwarders
• Referring a DNS query to a forwarder can be more
efficient under some situations:
– When the DNS server address for the target domain is
known
– When only one DNS server in a network should make
external queries
– When a forest trust is created
– When the target domain is external to the network and an
external DNS server’s address is known
• Conditional forwarding allows queries for particular
domains to particular name servers and all other
unresolved queries to a different server
MCSA Guide to Installing and Configuring Windows Server 33
© Cengage Learning 2015
2012/R2, Exam 70-410
Configuring Traditional Forwarders

• To configure a traditional forwarder, right click the


server node in DNS Manager, click Properties, and
click the Forwarders tab
• If more than one server is specified, they are
queried in the order in which they’re listed
• Additional servers are only queried if the first server
provides no response
• No response from any forwarders triggers a normal
recursive lookup process, starting with a root
server

MCSA Guide to Installing and Configuring Windows Server 34


© Cengage Learning 2015
2012/R2, Exam 70-410
Figure 10-15 Configuring traditional forwarders

MCSA Guide to Installing and Configuring 35


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
Configuring Conditional Forwarders
• Conditional forwarders are configured in the
Conditional Forwarders node in DNS Manager
• With forwarders and/or conditional forwarders
configured, the DNS server attempts to resolve
DNS queries in this order:
– 1. From locally stored zone resource records
– 2. From the DNS cache
– 3. From conditional forwarders
– 4. From traditional forwarders
– 5. Recursively by using root hints

MCSA Guide to Installing and Configuring Windows Server 36


© Cengage Learning 2015
2012/R2, Exam 70-410
Root Hints
• Root hints consist of a list of name servers
preconfigured on Windows DNS servers that point
to Internet root servers
• These servers contain lists of name servers that
are responsible for top-level domains
• Root hints data comes from the Cache.dns file
located in the %systemroot%\System32\DNS folder
• Internal DNS servers can be configured as root
servers if the network is isolated from the public
Internet

MCSA Guide to Installing and Configuring Windows Server 37


© Cengage Learning 2015
2012/R2, Exam 70-410
Round Robin
• Load sharing can be configured among servers
running mirrored services
• Accomplished by creating multiple A records with
the server’s name in the records, but with each
entry configured with a different IP address
• DNS will then respond to queries by sending all
addresses associated with the server’s name, but
will also vary their order
• This process is called round robin because each
IP address is placed first in the list an equal
number of times

MCSA Guide to Installing and Configuring Windows Server 38


© Cengage Learning 2015
2012/R2, Exam 70-410
Recursive Queries

• Recursion is enabled on Windows DNS servers


by default, but there are two ways to change
this setting
– First involves configuring forwarders
– Second is the “Disable recursion (also disables
forwarders)” option in the Advanced tab of the DNS
server’s Properties dialog box
• You might want to disable recursion when you
have a public DNS server containing resource
records for your publicly available servers
MCSA Guide to Installing and Configuring Windows Server 39
© Cengage Learning 2015
2012/R2, Exam 70-410
Event and Debug Logging

• When DNS is installed, a new event log is created


to record informational, error, and warning events
generated by the DNS server
• Common events include zone serial number
changes, zone transfer requests, and DNS server
startup and shutdown events
• Debug logging can be enabled in the server’s
Properties dialog box
• Debug logging records selected packets coming
from and going to the DNS server in a text file

MCSA Guide to Installing and Configuring Windows Server 40


© Cengage Learning 2015
2012/R2, Exam 70-410
Figure 10-17 The Event Logging tab

MCSA Guide to Installing and Configuring 41


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
Table 10-3 PowerShell cmdlets for DNS server settings

MCSA Guide to Installing and Configuring 42


© Cengage Learning 2015
Windows Server 2012/R2, Exam 70-410
Monitoring and Troubleshooting DNS

• To troubleshoot a DNS problem, you need to know


that DNS is actually used for name resolution
• After determining that DNS is part of the process,
you can begin monitoring DNS
– If the problem is performance related
– Or, you can troubleshoot DNS queries and zone
activities when there are query failures

MCSA Guide to Installing and Configuring Windows Server 43


© Cengage Learning 2015
2012/R2, Exam 70-410
DNS Troubleshooting
• Windows has several tools to administer, monitor,
and troubleshoot DNS server operation, including:
– DNS Manager
– dcdiag /test:dns
– dnscmd.exe
– PowerShell
– Event Viewer
– dnslint
– nslookup
– ipconfig
– Performance Monitor
– Protocol analyzer
MCSA Guide to Installing and Configuring Windows Server 44
© Cengage Learning 2015
2012/R2, Exam 70-410
DNS Troubleshooting

• In order to troubleshoot DNS queries you need a


clear picture in your mind of the DNS lookup
process, which involves the following steps:
– 1. Check the local DNS cache
– 2. Query the DNS server with a recursive lookup
– 3. Check the local zone data
– 4. Check locally cached data
– 5. Query root server or configured forwarders

MCSA Guide to Installing and Configuring Windows Server 45


© Cengage Learning 2015
2012/R2, Exam 70-410
DNS Troubleshooting
• To verify DNS configuration, use these ipconfig
options:
– /all - displays IP addresses of the configured DNS
servers as well as the DNS suffix search list
– /displaydns - displays the local DNS cache
– /flushdns - deletes the local DNS cache
• After these steps, double-check the Hosts file to
make sure you didn’t miss something when you
displayed the local cache

MCSA Guide to Installing and Configuring Windows Server 46


© Cengage Learning 2015
2012/R2, Exam 70-410
DNS Troubleshooting

• If everything checks out on the client, you’ll need to


analyze the DNS server the client uses, including
the examining the following:
– Locally cached data
– DNS Server log
– Verify Active Directory replication
– Verify SRV records
– Verify zone transfers
– Verify zone delegations
– Ping
– Verify PTR records
MCSA Guide to Installing and Configuring Windows Server 47
© Cengage Learning 2015
2012/R2, Exam 70-410
Summary
• DNS is based on a hierarchical naming structure and
a distributed database
• DNS can be described as an inverted tree with the
root domain at the top, TLDs branch- ing off the root,
and domains and subdomains branching off TLDs
• The DNS database is composed of zones containing
resource records, such as Start of Authority (SOA),
Host (A), and Service (SRV) records
• DNS lookups involve iterative and recursive queries

MCSA Guide to Installing and Configuring Windows Server 2012/R2, 48


© Cengage Learning 2015
Exam 70-410
Summary
• DNS servers can perform one or more of the following
roles: authoritative server, for- warder, conditional
forwarder, and caching-only server
• A zone can be a forward lookup zone or a reverse
lookup zone
• DNS databases consist of the following types: primary
zone, secondary zone, and stub zone
• Active Directory–integrated zones have the
advantages of automatic replication, multimaster
replication and update, secure updates, and efficient
replication

MCSA Guide to Installing and Configuring Windows Server 2012/R2, 49


© Cengage Learning 2015
Exam 70-410
Summary
• Resource records can be dynamically created or
static records
• SOA records contain information about a zone,
including its serial number and a number of timers
used for zone transfers
• Advanced DNS settings include configuring
forwarders, root hints, round robin, recursive queries,
and logging
• Tools for monitoring and troubleshooting DNS include
dcdiag, dnscmd, dnslint, nslookup,
ipconfig, PowerShell cmdlets, Performance
Monitor, and protocol analyzers
MCSA Guide to Installing and Configuring Windows Server 2012/R2, 50
© Cengage Learning 2015
Exam 70-410

You might also like