Configuring and Troubleshooting DNS

8/12/2019 Configuring and Troubleshooting DNS

http://slidepdf.com/reader/full/configuring-and-troubleshooting-dns 1/41

Module 2: Configuring and

Troubleshooting DNS



Module Overview

• Installing the DNS Server Role

• Configuring the DNS Server Role

• Configuring DNS Zones

• Configuring DNS Zone Transfers

•

Managing and Troubleshooting DNS



Lesson 1: Installing the DNS Server Role

• Overview of the Domain Name System Role

• Overview of the DNS Namespace

• DNS Improvements for Windows Server 2008

• Demonstration: Installing the DNS Server Role

•

Considerations for Deploying the DNS Server Role



Overview of the Domain Name System Role

Domain Name System is a hierarchical distributed database

• DNS is the foundation of the Internet naming scheme

• DNS supports accessing resources by usingalphanumeric names

• InterNIC is responsible for managing thedomain namespace

• DNS was created to support the Internet’s growingnumber of hosts



Overview of the DNS Namespace

Root Domain

Subdomain

Second-Level

Domain

Top-LevelDomain

FQDN:SERVER1.sales.south.nwtraders.com

south

nwtraders

com

sales

west east

orgnet

Host: SERVER1



DNS Improvements for Windows Server 2008

New or enhanced features in the Windows Server 2008version of DNS include:

• Background zone loading

•IP version 6 support

• Support for read-only domain controllers

• Global single names



Demonstration: Installing the DNS Server Role

In this demonstration, you will see how to install the

DNS Server role



Considerations for Deploying theDNS Server Role

The user account must be a member of the localadministrators group or equivalent

Manually configuring the server to use a static IP addressis recommended

Manually editing the server and boot files is notrecommended

Use the DNS console or dnscmd

Active Directory-integrated DNS zones cannot beadministered using a text editor



Lesson 2: Configuring the DNS Server Role

• What Are the Components of a DNS Solution?

• DNS Resource Records

• What Are Root Hints?

• What Is a DNS Query?

• What Are Recursive Queries?

• What Are Iterative Queries?

• What Is a Forwarder?

• What Is Conditional Forwarding?

• How DNS Server Caching Works

• Demonstration: Configuring the DNS Server Role



What Are the Components of a DNS Solution?

DNS Servers on the InternetDNS ServersDNS Clients

Root “.”

.com

.eduResourceRecord

ResourceRecord



DNS resource records include:

• SOA: Start of Authority

• A: Host Record

• CNAME: Alias Record

• MX: Mail Exchange Record

• SRV: Service Resources

• NS: Name Servers

• AAAA: IPv6 DNS Record

DNS Resource RecordsDNS Resource Records



What Are Root Hints?

Root hints contain the IP addresses for DNS root servers

microsoft

DNS Servers

DNS Server

Root (.) Servers

com

Client

Root Hints



What Is a DNS Query?

• Queries are recursive or iterative

• DNS clients and DNS servers both initiate queries

• DNS servers are authoritative or nonauthoritative fora namespace

• An authoritative DNS server for the namespace will either:

• Return the requested IP address

• Return an authoritative “No”

• A nonauthoritative DNS server for the namespace will either:

• Check its cache

• Use forwarders

• Use root hints

A query is a request for name resolution and is directed to aDNS server



What Are Recursive Queries?

DNS Client

mail1.contoso.msft

172.16.64.11

A recursive query is sent to a DNS server and requires acomplete answer

Database

Local DNS Server



What Are Iterative Queries?

An iterative query directed to a DNS server may be

answered with a referral to another DNS server

Client Server

Local DNS ServerRoot Hint (.)

.com

Iterative Query

Ask .com

Nwtraders.com



What Is a Forwarder?

A forwarder is a DNS server designated to resolve

external or offsite DNS domain names

Nwtraders.com

Root Hint (.)

.com

Iterative Query

Ask .comForwarder

Local DNS Server Client Server



ISP DNS

All other DNS domains

Local DNS

Contoso.msft DNS

Conditional forwarding forwards requests using a domain

name condition

Client Computer

What Is Conditional Forwarding?



Where’sServerA?

ServerA is at192.168.8.44

Where’sServerA?

ServerA is at192.168.8.44

How DNS Server Caching Works

Client1

Client2

ServerA

DNS server cacheHost name IP address TTL

ServerA.contoso.msft 192.168.8.44 28 seconds



Demonstration: Configuring the DNS Server Role

In this demonstration, you will see how to:

• Update root hints on a DNS server

• Configure a DNS server to use a forwarder

• Clear the DNS server cache by using the DNS console

• Clear the DNS server cache by using the DNSCmdcommand



Lesson 3: Configuring DNS Zones

• What Is a DNS Zone?

• What Are the DNS Zone Types?

• What Are Forward and Reverse Lookup Zones?

• What are Stub Zones?

• Demonstration: Creating Forward and Reverse LookupZones

• DNS Zone Delegation





What Are the DNS Zone Types?

Zones Description

Primary Read/write copy of a DNS database

Secondary Read-only copy of a DNS database

StubCopy of a zone that contains onlyrecords used to locate name servers

ActiveDirectory

integrated

Zone data is stored in Active

Directory rather than in zone files



DNS Client2

DNS Client3

What Are Forward and Reverse Lookup Zones?

Namespace: training.nwtraders.msft

DNS Client1

DNS Server Authorizedfor training

Forwardzone

Training

DNS Client1 192.168.2.45

DNS Client2 192.168.2.46

DNS Client3 192.168.2.47

Reversezone 1.168.192.in-addr.arpa

192.168.2.45 DNS Client1

192.168.2.46 DNS Client2

192.168.2.47 DNS Client3

DNS Client2 = ?

192.168.2.46 = ?



With a stub zone defined, the location of thena.fabrikam.com zone is known without querying multiple

DNS servers

Contoso.com

(Root domain)

na.contoso.com sa.contoso.com

ny.na.contoso.com rio.sa.contoso.com

DNS server

DNS server

DNS server

DNS server

DNS server

fabrikam.com

DNS server

DNS server

na.fabrikam.com

Without stub zones, the ny.na.contoso.com server mustquery several servers to find the server that hosts the

na.fabrikam.com zone

Contoso.com

(Root domain)

na.contoso.com sa.contoso.com

ny.na.contoso.com rio.sa.contoso.com

DNS server

DNS server

DNS server

DNS server

DNS server

fabrikam.com

DNS server

DNS server

na.fabrikam.com

What Are Stub Zones?

Demonstration: Creating Forward and Reverse



Demonstration: Creating Forward and ReverseLookup Zones


• Create a forward lookup zone

• Create a reverse lookup zone



DNS Zone Delegation

Training.contoso.msft Sales.contoso.msft

Contoso.msft





What Is a DNS Zone Transfer?

A DNS zone transfer is the synchronization ofauthoritative DNS zone data between DNS servers

SOA query for a zone

SOA query answered

IXFR or AXFR query for a zone

IXFR or AXFR query answered

(zone transferred)

1

2

3

4

Secondary server Primary andMaster server



How DNS Notify Works

Secondary Server Primary andMaster Server

DNS notify

Zone transfer

A DNS notify is an update to the original DNSprotocol specification that permits notification tosecondary servers when zone changes occur

Source ServerDestination Server

1

2

3

4

Resource recordis updated

SOA serial numberis updated



Securing Zone Transfers

Primary Zone Secondary Zone

• Encrypt zone transfer traffic

• Consider using Active Directory-integrated zones

• Restrict zone transfer to specified servers



Demonstration: Configuring DNS Zone Transfers


• Configure DNS zone transfers

• Configure a secondary zone



Lesson 5: Managing and Troubleshooting DNS

• What Is Time to Live, Aging, and Scavenging?

• Demonstration: Managing DNS Records

• Testing the DNS Server Configuration

• Tools That Identify Problems With DNS

• Demonstration: Testing the DNS Server Configuration

• Monitoring DNS Using the DNS Event Log and DebugLogging



What Is Time to Live, Aging, and Scavenging?

Feature Description

Time to Live(TTL)

Indicates how long a DNS record willremain valid

Aging Occurs when records that have beeninserted into the DNS server reachtheir expiration and are removed

ScavengingPerforms DNS server resource recordgrooming for old records in DNS



Demonstration: Managing DNS Records


• Configure TTL

• Enable Scavenging

• Configure Aging



Testing the DNS Server Configuration

You can test the DNS server configuration by using:

• A simple query to ensure that the DNS serviceis answering

• A recursive query to ensure that the DNS servercan communicate with the upstream DNS service



Tools That Identify Problems With DNS

Tool Used to:

Nslookup Troubleshoot DNS problems

Dnscmd Edit the DNS configuration

Dnslint Diagnose common DNS issues

Demonstration: Testing the DNS Server



Demonstration: Testing the DNS ServerConfiguration

In this demonstration, you will see how to test the

DNS server configuration by using:

• Simple queries

• Recursive queries

• Nslookup

• Dnscmd

• Dnslint

Monitoring DNS Using the DNS Event Log and



Monitoring DNS Using the DNS Event Log andDebug Logging

• Monitor DNS events in the event log to:

• Monitor zone transfer information

• Monitor computer events

• Enable DNS debug logging to view granularverbose information about DNS activities



Lab: Configuring and Verifying a DNS Solution

• Exercise 1: Configuring a DNS Infrastructure

• Exercise 2: Monitoring and Troubleshooting DNS

Logon information

Virtual machines NYC-DC1, NYC-SVR1

User name Administrator

Password Pa$$w0rd

Estimated time: 60 minutes



Lab Review

• When you added a DNS zone on NYC-DC1, why were youable to choose Active Directory-integrated zones?

• What type of DNS zone transfer would take place betweenNYC-SRV1 and NYC-DC1?

• When using NS lookup, what record type would you use tofind a mail server? How would you configure NS lookup to

request this record type?• When using Dnslint to verify name server records, you ranthe DNSLint command to generate a DNSLint report forthe nwtraders.msft domain and used the /s switch. Whywas it important to use this switch?



Module Review and Takeaways

• Review Questions

• Common Issues and Troubleshooting Tips

• Real-world Issues and Scenarios

• Best Practices

• The DNS Console

• Command-line Tools

• Monitoring Tools

Date post:	03-Jun-2018
Category:	Documents
Upload:	maina111
View:	229 times
Download:	7 times

Configuring and Troubleshooting DNS

Documents