Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | samee-chougule |
View: | 217 times |
Download: | 0 times |
of 97
8/3/2019 DNS Tech - Faq
1/97
Installing and Configuring DNS
Understanding Host Name Resolution
Understanding DNS Zones
Understanding DNS
Understanding DNS Queries and Lookups
Securing DNS Servers
Securing DNS
Renaming Domains
Planning DNS Zones Replication
Planning and Implementing a DNS Namespace
Monitoring and Troubleshooting DNS
DNS Server Roles
DNS and Active Directory Integration
Integrating the DNS Server with DHCP and WINS
Configuring DNS Clients
Start Here
Installing and Configuring DNS
Installing the DNS Server Service
There are a number of methods which you can use to install the DNS server service on your Windows 2000 or Windows
Server 2003 computer:
Install the DNS server service on a stand-alone computer using the Add or Remove Program applet of
Control Panel. Install DNS when you install the first domain controller for an Active Directory domain.
Install DNS on an existing domain controller in an Active Directory domain.
Before installing the DNS server service, it is recommended that you perform the following administrative tasks:
Configure a static IP addressfor the computer Configure a static domain name for the computer.
How to configure a static domain name for the computer
1
http://www.tech-faq.com/microsoft-dns/glossary-1/c/control-panel-345http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/c/control-panel-345http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-688/3/2019 DNS Tech - Faq
2/97
1. Click Start, Control Panel, and then click Network Connections.2. Select Local Area Connection and then click Properties.
3. In the Local Area Connections dialog box, select Internet Protocol(TCP/ IP), and then click
Properties.
4. When the Internet Protocol (TCP/IP) dialog box opens, click Advanced.5. The Advanced TCP/IP Settings dialog box opens.
6. Click the DNS tab.7. Ensure that this server's address, for which DNS is to be installed, is displayed first in the DNS Server
Addresses: In Order Of Use: list.
8. In the DNS Suffix For This Connection: box, enter the primary DNS domain name.9. Click OK.
How to install the DNS server service on a stand-alone computer
1. Open Control Panel
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. The Windows Components Wizard starts.
4. Click Networking Services, and then click Details.
5. In the Networking Services dialog box, select the checkbox for Domain Name System (DNS) in the list.6. Click OK. Click Next. Click Finish.
How to create a forward lookup zone
If you want the DNS server to be authoritative for a zone, you have to create and configure a forward lookup zone. A
forward lookup zone contains DNS domain zones that are hosted on the DNS server. The DNS server will then be able to
resolve a host name to an IP address.
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then click New Zone from the shortcut menu.
3. On the Welcome to the New Zone Wizard, click Next.4. On the Zone Type page, select the default option, Primary Zone, for the zone type and then click Next.
5. On the Forward Or Reverse Lookup Zone page, select the Forward lookup zone option, and click Next.6. Enter a zone name for the new zone on the Zone Name page. Click Next.
7. On the Zone File page, accept the default setting: Create A New File With This File Name, and thenclick Next.
8. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option.Click Next.
9. Click Finish to add the new forward lookup zone to the DNS server.
How to add DNS resource records to a DNS zone
The DNS database contains resource records (entries) that are used to resolve name resolutionqueries sent to the
DNS server. Each DNS server contains the resource records (RRs) it needs to respond to name resolution queries for theportion of the DNS namespace for which it is authoritative. While resource records can be configured to be dynamically
registered with the DNS server, you can also manually add DNS resource records.
There are various resource records that contain different information or data. The standard DNS record types are:
Host (A) resource record: The host (A) resource ties the domain names of computers (FQDNs) or hostsnames to their associated IP addresses. The methods which are used to add host (A) resource records
to zones are:o Manually add these records, using the DNS management console.
2
http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-1088/3/2019 DNS Tech - Faq
3/97
8/3/2019 DNS Tech - Faq
4/97
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then click New Zone from the shortcut menu.
3. On the Welcome to the New Zone Wizard, click Next.4. On the Zone Type page, select the default option, Primary Zone, for the zone type and then click Next.
5. On the Forward Or Reverse Lookup Zone page, select the Reverse lookup zone option, and click Next.6. Enter the IP network for the domain name in the Network ID field and then click Next.
7. On the Zone File page, accept the default setting: Create A New File With This File Name, and thenclick Next.
8. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option.
Click Next.
9. Click Finish to create the new reverse lookup zone.
Configuring a DNS Server
When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a
caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any DNS
domain. The information stored by caching-only DNS servers is the name resolution data that the server has collected
through resolving name resolution queries.
The DNS console is the management tool used to configure properties for DNS servers and DNS zones. To access the
DNS console; click Start, click Administrative Tools, and then click DNS. If you installed DNS on a stand-one computerthrough the Add or Remove Program applet of Control Panel, the DNS console contains only the following folders in the
console tree:
Event Viewer; contains the shortcut to the DNS Event Viewer log that is automatically installed when
you install DNS. The DNS Event Viewer log contains DNS specific events:o Errors
o Warning
Forward Lookup Zones; contains the forward lookup domain zones that are configured on this DNS
server. Reverse Lookup Zones; contains the reverse lookup domain zones that are configured on this DNS
server.
After creating the DNS zones and adding resource records to these zones, the following task you need to perform is to
configure the DNS server's properties. You configure the DNS server by configuring two separate configuration settings:
DNS Server configuration settings: These settings impact each zone hosted on a specific DNS server. DNS Zone configuration settings: These settings are only relevant for the specific zone which you are
configuring.
Configuring DNS Server Properties
You can configure a number of settings for the DNS server through its properties dialog box. To access the Properties of
a DNS server;
1. Click Start, Administrative Tools, and then click DNS.2. In the console tree, right-click the DNS server that you want to configure, and then select Properties to
open the DNS Server's Properties dialog box.3. The DNS Server's Properties contains a number of tabs that you can use to configure settings for all
zones hosted on the DNS server.
4
8/3/2019 DNS Tech - Faq
5/97
Interfaces tab
The Interfaces tab is the location where you to specify what Network Interface Cards ( NIC) and associated IP
addresses, the DNS server should listen to for DNS queries. The DNS server by default listens for DNS requests on the
IP addresses that are associated with the local computer.
If you want to limit the number of IP addresses that the DNS server listens to for DNS queries, click the Only the following
IP addresses option, and specify the IP addresses the DNS server should listen to in the IP Address field. Click the Add
button.
Forwarders tab
DNS forwarders are the DNS servers used to forward queries for different DNS namespace to those DNS servers who
can answer the query. A DNS server is configured as a DNS forwarder when you configure the other DNS servers to
direct any unresolved queries to a specific DNS server. Creating DNS forwarders can improve name resolution efficiency.
Windows Server 2003 DNS introduces a new feature, called conditional forwarding. With conditional forwarding, you
create conditional forwarders within your environment that will forward DNS queries based on the specific domain names
being requested in the query.
DNS forwarders are configured on the Forwarders tab. You can configure one or multiple DNS forwarders. When multiple
DNS forwarders are configured, the DNS forwarders are queried from the top of the list to the bottom of the list. You can
also specify the time that the local DNS server should wait between querying different DNS forwarders. If you do not want
the DNS server to use others means of name resolution, select the Do not use recursion for this domain checkbox.
Advanced tab
The Advanced tab enables you to configure a number ofserver options for your DNS server. The various server
options which you can configure, and their default settings are:
Disable recursion (also disables forwarders) - off: The default setting of this option is off, which means
that the DNS server uses recursion to resolve a client's query. If you enable this server option, the DNSserver no longer performs recursion to resolve client queries. Instead, it provides the client with
referrals BIND secondaries - on: When enabled, the DNS server uses the slow uncompressed transfer format to
transfer zone data to secondary DNS servers. This option allows for zone transfer compatibility withversions of BIND previous to 4.9.4. You can disable this option if you do not need to support versions of
BIND previous to 4.9.4. When disabled, the fast transfer format is used to transfer zone data. Fail to load if bad zone data - off: When this option is disabled, a DNS server will load all zones, even
when a particular zone's database file contains errors. If you do not want the DNS server to load a zonethat has errors in its zone data, enable this option.
Enable round robin - on: When this option is enabled; for DNS entries where multiple IP addresses
exist for the same host name, the DNS servers can rotate the order of matching A resource recordswhen clients query the particular host name. This server option is typically used to enable load
balancing between multiple servers. Enable netmask ordering - on: When a computer name is queried that has multiple matching host (A)
resource records, this server option results in the DNS server first returning an IP address to the clientwhich is in the subnet of the client.
Secure cacheagainst pollution - on: When enabled, the DNS server is protected from any referrals
that might pollute the DNS cache with the incorrect information. If the Secure cache against pollutionoption is enabled, the DNS server will only cache responses that have a name which ties to the domain
that was initially queried. If the option is disabled, the DNS server will cache all responses to queries.
The Name Checking drop-down list boxon the Advanced tab contains the name checking formats which you can
configure the DNS server service to use and enforce. While there are four name checking methods which you can choose
5
http://www.tech-faq.com/microsoft-dns/glossary-1/n/nic-556http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/n/nic-556http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-198/3/2019 DNS Tech - Faq
6/97
between, it is recommended to leave the default setting, Multibyte (UTF8), unchanged. The name checking formats in the
Name Checking drop-down list box are:
Strict RFC ( ANSI); this method uses strict checking of names as specified by RFC compliant namingrules. All names that do not comply are regarded as being errors.
Non RFC (ANSI); this method allows names that are not RFC compliant. Multibyte (UTF8); this is the default name checking method used. The method allows names that use
the Unicode 8-bit translation encoding. All names: All naming formats are allowed.
The Load zone data on startup option on the Advanced tab is used to inform the DNS server service of the location
from which zone data should be loaded. The options available in the Load zone data on startup drop-down list box are:
From Active Directory and registry; this is the default setting that loads zone data from Active Directory.
From registry; loads zone data from the Windows registry. From File; loads zone data from a flat file.
The Enable automatic scavenging of stale records checkbox is not selected by default. If you want the DNS
server to automatically delete stale resource records from a zone at the interval set under the Scavenging period, select
the Enable Automatic Scavenging Of Stale Records checkbox.
RootHints tab
By default, the Root Hints tab contains a copy of the information stored in the Cache.dns file. If your DNS servers are
used to resolve Internet names, you do not need to modify the information on this tab. If however, you want to create your
own custom root hints, then you have to delete the Internet root servers and add the correct information for your
environment.
Debug Logging tab
If you need to troubleshoot the DNS server, you can use this tab to enable debug logging. You can specify a number of
settings on this tab which limits the number of packets which are logged, based on the following:
Packet direction
Transport protocol Packet content
Packet type Filter packets by IP address.
Event Logging tab
If you want to limit the events which are written to the DNS Events log, you would need to use the Event Logging tab. The
options which you can select to limit DNS event logging are:
No events Errors only Errors and warnings
All events
The Event Viewer folder in the DNS console is the shortcut to the DNS Event Viewer log that is automatically installed
when you install DNS.
Monitoring tab
This tab allows you to test querying of the DNS server. You can choose to perform a simple query test, a recursive query
6
http://www.tech-faq.com/microsoft-dns/glossary-1/a/ansi-283http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/a/ansi-283http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-2578/3/2019 DNS Tech - Faq
7/97
test, or you can specify that the DNS server automatically performs testing at an interval that you set. The type of test you
want to perform can be selected from the Select A Test Type area of the Monitoring tab. After selecting the test, simply
click the Test Now button. The Test Results area of the tab displays the results of the test.
Configuring DNS Zone Properties
DNS zone settings are configured through the Properties dialog box of a specific zone. The properties dialog box of a
standard primary DNS zone and a standard secondary DNS zone has the following five tabs:
General tab Start Of Authority (SOA) tab
Name Servers tab WINS tab Zone Transfers tab.
Theproperties dialog box of an Active Directory-integrated zone has an additional tab, called the
Security tab. This is the tab where you set access permissions for the specific zone:
Configure who can modify the properties of a specific zone
Configure who add dynamic updates to records for a specific zone.
To access the properties dialog box of a DNS zone,
1. Click Start, Administrative Tools, and then click DNS.
2. In the console tree, expand the DNS server node.
3. Expand the Forward Lookup Zones folder.
4. Locate and right-click the particular zone that you want to configure zone properties for, and then selectProperties from the shortcut menu.
5. The DNS Zone Properties sheet contains a number of tabs that you can use to configure settings forthe specific DNS zone.
General tab
The main zone configuration settings which you can configure on the General tab are:
Zone type
Zone file name Dynamic updates settings Aging settings
The buttons and fields which are used to configuration settings on the General tab are:
Zone status indicator and Pause button: The zone status indicator displays the status of the zone with
regard to answering name resolution queries. You can use the associated Pause button to pause DNSname resolution. Clicking the Pause button does not however pause the DNS Server service.
Zone type indicator and Change button: The zone type indicator displays the zone type configured for
the specific zone. When you click the Change button, the Change Zone Type dialog box opens.Through the Change Zone Type dialog box, you can change the zone type of an existing zone. The
settings on the Change Zone Type dialog box are:o Primary Zone option: This zone type contains the configuration settings and zone data for the
specific zone.o Secondary Zone option: This zone type contains a read-only copy of zone data, and cannot be
directly edited.
7
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-2598/3/2019 DNS Tech - Faq
8/97
8/3/2019 DNS Tech - Faq
9/97
3. When the Server Aging/Scavenging Properties dialog box opens, select the Scavenge Stale
Resource Records checkbox.4. Click OK.
After aging is enabled at the DNS server properties level, you can configure aging settings at the zone
properties level. Click the Aging button to open the Zone Aging/Scavenging Properties dialog box. Thesettings which can be configured are:
o No-refresh interval: The default setting is seven days. The no-refresh interval stops the DNS
server from performing unnecessary refreshes.o Refresh interval: This is the time after the No-refresh interval when timestamp refreshes are
allowed. Records are not scavenged. The default setting is also seven days.
Start Of Authority (SOA) tab
The Start Of Authority (SOA) tab is the location on the Zone Properties dialog box where you can configure options or
settings that are specific for the SOA resource record for the zone. The configuration settings on the Start Of Authority
(SOA) tab are:
Serial Number field: This field displays the version of the SOA record for the DNS server. If you want to
manually change the version number click the Increment button. The Serial Number field is alsodynamically updated whenever a resource record in the particular zone is changed. The Serial Number
field enables secondary DNS servers to determine when changes are made to resource records withinthe zone. If the serial number of the master zone is the same as the local serial number, zone transfer
is not initiated by the secondary DNS servers. If the serial number of the master zone is the higher than
that of the local serial number, zone transfer is initiated by the secondary DNS server. Primary Server field: This field shows the computer name of the primary DNS server for this particular
zone. Responsible Person field: This field shows the administrator responsible for administering this specific
zone. Refresh Interval field: The field has a default setting of 15 minutes. The Refresh Interval field indicates
how frequently the secondary DNS servers for this zone query the configured master server for zoneupdates. The secondary DNS servers request a copy of the SOA resource record for the zone when
the interval expires. It then checks what the serial number of the master's SOA resource record is, andcompares this value to its own SOA resource record's serial number. A zone transfer is initiated when
the two values are different. Retry Interval field: The field has a default setting of 10 minutes. The value specified in the Retry
Interval field determines how long secondary DNS servers wait after a zone transfer failure before re-
attempting the failed zone transfer. Expires After field: The field has a default setting of 24 hours. The value of this field determines the time
duration after which a secondary DNS server that has no contact with its configured master serverdiscards zone data.
Minimum (Default) TTL field: The field has a default setting of one hour. The value of the Minimum(Default) TTL setting indicates the TTL for all resource records that are created in this particular zone.
TTL For This Record: The value of the TTL For This Record field indicates the TTL of this current SOA
resource record.
Name Servers tab
The Name Servers tab shows all the DNS name servers which are authoritative for the zone. The list of authoritative DNS
servers could include both primary DNS servers and secondary DNS servers. To change the authoritative DNS servers
for the zone, click the Add, Edit, and Remove buttons at the bottom of the Name Servers tab.
9
8/3/2019 DNS Tech - Faq
10/97
WINS tab
If you want to integrate Windows Internet Naming service (WINS) and DNS, then you would use the WINS tab to
configure WINS forward lookups for the zone when the DNS server cannot resolve name resolution queries.
Zone Transfers tab
The settings on the Zone Transfers tab determine whether the DNS server will accept zone transfers from the master
server. The configuration settings on the Zone Transfers tab are:
Allow Zone Transfers checkbox: Determines whether the zone transfers are allowed or disallowed. The
Allow Zone Transfers checkbox is disabled by default. To Any Server option: When selected, zone transfers are allowed to any server that requests a copy of
zone data.
Only To Servers Listed On The Name Servers Tab option: This setting only allows zone transfers tothose DNS servers that are listed the Name Servers tab for this particular zone.
Only To The Following Servers option: This is option allows administrators to specify which DNS
servers, based on IP addresses, can request zone transfers. Notify button: If you want to configure automatic zone transfer notification triggers to the secondary
DNS servers for the zone, click the Notify button at the bottom of the Zone Transfers tab. The Notifydialog box opens. This is where you configure the secondary DNS servers that should be notified when
zone updates occur. Enable the Automatically Notify checkbox, and choose one of the following
options:o Servers Listed On The Name Servers Tab option.
o The Following Servers option, and then specify the IP addresses of the DNS servers that you
want notification sent to.
How to configure a delegated DNS zone
1. Click Start, Administrative Tools, and then select DNS to open the DNS console.
2. Right-click the zone in the console tree, and then select New Delegation from the shortcut menu.3. The New Delegation Wizard initiates.
4. Click Next on the first page of the New Delegation Wizard.
5. When the Delegated Domain Name page opens, provide a delegated domain name, and then clickNext.
6. On the Name Servers page, click the Add button to add the name and IP address of the DNS serverthat should host the delegated zone.
7. On the Name Servers page, click Next. Click Finish
How to enable dynamic updates for a zone
1. Click Start, Administrative Tools, and the select DNS to open the DNS console.
2. Right-click the zone you want to work with in the console tree, and then select Properties from theshortcut menu.
3. When the Zone Properties dialog box opens, on the General tab, select Yes in the Allow Dynamic
Updates list box.4. Click OK.
How to restore DNS server default server options settings
1. Click Start, Administrative Tools, and then select DNS to open the DNS console.
2. Right-click the DNS server and then click Properties on the shortcut menu.3. When the Properties dialog box of the DNS server opens, click the Advanced tab.
4. Click the Reset To Default button.
10
http://www.tech-faq.com/wins.shtmlhttp://www.tech-faq.com/wins.shtml8/3/2019 DNS Tech - Faq
11/97
5. Click OK.
How to enable/disable fast transfer format for zone transfers
1. Click Start, Administrative Tools, and then select DNS to open the DNS console.
2. In the console tree, right-click the DNS server, and then select Properties from the shortcut menu.3. When the Properties dialog box of the DNS server opens, click the Advanced tab.
4. In the Server Options list, select or deselect the BIND Secondaries checkbox.5. Click OK.
How to disable local subnet prioritization for multihomed names
1. Click Start, Administrative Tools, and then select DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then select Properties from the shortcut menu.
3. When the Properties dialog box of the DNS server opens, click the Advanced tab.4. In the Server Options list, deselect the Enable Netmask Ordering checkbox.
5. Click OK.
Understanding Host Name Resolution
Understanding the Purpose of Host Names
In TCP/ IP based networks, the packets that are transmitted over the network contain the following IP addresses:
The IP address of the computer sending the packet
The IP address of the destination computer intended to receive the packet.
The IP address information is used to forward the packet to the destination computer. The IP addresses of computers
therefore have to be both unique and correct so that they can be forwarded to the correct destination.
IP addresses also contain the following important information:
Network address or ID
Host address or ID.
What is a host name then? A host name is assigned to a computer to identify a host in a TCP/IP network. The host name
can be described as being the alias that is assigned to a node, to identify it.
A few characteristics of host names are listed below:
Host names are assigned to computers by administrators.
The host name specified for a computer does not need to correspond to the Windows 2000 or Windows Server
2003 computer name or NetBIOS computer name.
More than one host name can be assigned to the same host.
11
http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-2598/3/2019 DNS Tech - Faq
12/97
The maximum length of a host name is 255 characters.
The host name can consist of both alphabetic characters and numeric characters.
A host name can be defined in a number of ways. The more common methods used are:
o A nickname: This is an alias to an IP address which individuals can assign and utilize.
o A domain name: This is a set structured name that adheres to Internet standards.
WinSock applications utilize the IP address of the host name for a connection to be established. Name resolutionis not
needed if the IP addresses are used to establish connections. However, because host names are simpler to remember
than IP an address, the host name is typically used instead of the IP addresses. This is especially evident with TCP/IP
applications.
When the host name is used, and not the IP address, the host name has to be resolved to an IP address for IP
communication to occur. This is known as host name resolution. A host name must match to an IP address that is located
in a DNS server database, or in a Hosts file.
Host Name Resolution in Windows
Each network needs a mechanism that can resolve host names to IP addresses. Name resolution has to occur whenever
the host name is used to connect to a computer and not the IP addresses. For instance, when a server name is used to
access a resource, the computer resolves that name to an IP address. Host name resolution resolves the host name to an
IP address. This has to occur so that the IP address can be resolved to the hardware address for TCP/IP based
communication to occur.
With the introduction of Windows 2000, came support for several different name resolution mechanisms:
LMHOSTS files
Network broadcasts
NetBIOS name cache
Windows Internet Naming Service (WINS)
Active Directory service
Network broadcasts and LMHOSTS files were generally utilized in the earlier versions of Windows NT. Windows Internet
Naming Service (WINS) is generally used in Windows NT 4. Prior to Windows 2000, NetBIOS names identified computers
on the network. With the introduction of Windows 2000, came the introduction of Active Directory. Active Directory uses
the Domain Name System (DNS) for name registration and name resolution.
With the introduction of Windows Server 2003, DNS name resolution is used over NetBIOS name resolution. The DNS
Client service handles name resolution. It first submits all name resolution tasks to DNS. If DNS name resolution cannot
occur, the DNS Client service submits the name to NetBIOS.
The common methods used to resolve host names are listed below:
12
http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.topbits.com/microsoft-wins/http://www.topbits.com/microsoft-wins/http://www.topbits.com/what-is-dns.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.topbits.com/microsoft-wins/http://www.topbits.com/microsoft-wins/http://www.topbits.com/what-is-dns.html8/3/2019 DNS Tech - Faq
13/97
NetBIOS name resolution: This is the process of mapping the NetBIOS name of the computer to an IP
address. With NetBIOS, communication occurs between NetBIOS hosts via name discovery, name registration,
and name release.
HOSTS file: This is a text file that includes the host names to IP addresses mappings. The HOSTS file is stored
locally.
DNS server: DNS resolves host names and fully qualified domain names (FQDNs) to IP addresses in TCP/IP
networks. The DNS server manages a database of host name to IP address mappings. This is the primary
method used for name resolution in Windows Server 2003.
For DNS name resolution, the mechanisms that can be used are:
The local DNS client cache can be used to perform a name lookup.
A DNS server query.
For NetBIOS name resolution, the mechanisms that can be used are:
The local NetBIOS name cache can be used to perform a name lookup.
WINS server query
NetBIOS broadcasts to query the local network.
The local LMHOSTS file can be used to perform a name lookup
The HOSTS File
This is a text based file which contains host names to IP addresses mappings. TCP/IP applications mainly use the
HOSTS file when a host name needs to be mapped to an IP address. The file can also be used resolve NetBIOS names.
The HOSTS file is stored locally on a system, and is located on each computer.
A few characteristics of the HOSTS file are:
Multiple host names can be assigned to the identical IP address.
Each entry in the HOSTS file has an IP address that is associated with one or multiple host names.
Host name localhost is an entry in the HOSTS file, by default.
All frequently used names should be located close to the start of the file.
The entries in the HOSTS file for Windows 2000 operating systems are not case-sensitive.
The entries in the HOSTS file for UNIXoperating systems are case-sensitive.
How host names are resolved with a HOSTS file
13
http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-209http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-209http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-2098/3/2019 DNS Tech - Faq
14/97
1. A user utilizes a host name to connect to a Winsock application.
2. The system checks whether the host name is the same as the local host name.
3. The name is resolved if the two names match.
4. The HOSTS file is parsed if the host name is not the same as the local host name.
5. The host name is resolved to its associated IP addresses if it is found in the HOSTS file.
6. The IP address of the destination host is then resolved to its hardware address.
7. If the destination host is located on the local network, either of the following methods is used to obtain the
hardware address:
o The hardware address is retrieved from the ARP cache
o The IP address of the host is broadcast for its hardware address
8. If the destination host is located on a remote network, the hardware address of a routeris obtained so that therequest can be routed.
In instances where the host name cannot be resolved to an IP address in the HOSTS file, and this is the only host name
resolution method that is configured, an error message is returned to the user that initiated the request.
How host names are resolved with a DNS server
1. When a user enters a host name or a fully qualified domain name (FQDN), host name resolution is initially
attempted through the HOSTS file.
2. If the host name could not be resolved to an IP address through the HOSTS file name resolution method, the
DNS server is used.
3. The request is transmitted to the DNS server to perform a lookup of the name in its database, to resolve it to an IP
address.
4. The DNS server resolves the host name to IP address.
5. The hardware address is obtained next.
6. If the destination host is located on the local network, the hardware address is obtained from the ARP cache, or
viabroadcasting of the IP address.
In instances where the DNS server does not respond to the initial request, the DNS server is tried again at 1, 2, 2, and 4
second intervals. If after all these attempts the DNS fails to responds, and no other name resolution mechanisms exist, an
error message is returned to the user that initiated the request.
The Recommended Method for Resolving Host Names to IP Addresses
14
http://www.tech-faq.com/microsoft-dns/glossary-1/l/local-host-507http://www.topbits.com/arp-cache.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/router-109http://www.tech-faq.com/microsoft-dns/glossary-1/l/local-host-507http://www.topbits.com/arp-cache.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/router-1098/3/2019 DNS Tech - Faq
15/97
You can configure a number of methods to resolve host names to IP addresses. You can specify the use of a DNS server
name resolution via the HOSTS file or with a DNS server, network broadcast, WINS server, and through LMHOSTS.
When you configure numerous mechanisms for host name resolution, you are essentially providing a backup strategy
for your name resolution process. When one method fails to resolve the host name to IP address, another method is
used.
Only after each of the configured name resolution mechanisms fail to yield a host name to IP address mapping, does the
specific IP address need to be provided to service the request.
The recommended process for resolving host names to IP addresses is illustrated below:
1. The user specifies a host name and not the associated IP address in the request.
2. Windows first determines whether the host name provided is the identical name as the local host name.
3. The name is resolved if the two names match.
4. The HOSTS file is parsed if the two names are not the same.
5. If the host name exists in the HOSTS file, it is resolved to its IP address.
6. When the host name does not exist in the HOSTS file, the request is sent to the DNS server for name resolution.
7. The host name is resolved if the DNS server contains the host name to IP address mapping in its database.
8. If the DNS server does not respond to the initial request for name resolution, the request is attempted again at 1,
2, 2, and 4 second intervals.
9. When the DNS server cannot resolve the host name into an IP address, the host next checks whether the host
name exists in its local NetBIOS name cache.
10. The host name is resolved to an IP address if it is located in the local NetBIOS name cache.
11. If the host name cannot be located in the NetBIOS name cache, the NetBIOS name server is contacted for name
resolution.
12. When the NetBIOS name server cannot resolve the host name to an IP address, the host then transmits three
broadcast messages on the local network.
13. Name resolution takes place if the host name exists on the local network.
14. When the host name cannot be resolved through broadcasting on the local network, the next check that occurs is
the parsing of the local LMHOSTS file.
15. The host name is resolved into an IP address if it is located in the local LMHOSTS file.
16. If the host name cannot resolved into an IP address after all the above methods have been attempted, the user
has to provide the IP address.
15
http://www.tech-faq.com/microsoft-dns/glossary-1/b/backup-299http://www.tech-faq.com/microsoft-dns/glossary-1/b/backup-2998/3/2019 DNS Tech - Faq
16/97
Understanding DNS Zones
DNS Zones Overview
A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority, or is
authoritative. A zone is a portion of a namespace . it is not a domain. A domain is a branch of the DNS namespace. A
DNS zone can contain one or more contiguous domains. A DNS server can be authoritative for multiple DNS zones. A
noncontiguous namespace cannot be a DNS zone.
A zone contains the resource records for all of the names within the particular zone. Zone files are used if DNS
data is not integrated with Active Directory. The zone files contain the DNS database resource records which define the
zone. If DNS and Active Directory are integrated, then DNS data is stored in Active Directory.
The different types of zones used in Windows Server 2003 DNS are listed below:
Primary zone
Secondary zone
Active Directory-integrated zone
Reverse lookup zone
Stub zone
Aprimary zone is the only zone type that can be edited or updated because the data in the zone is the
original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server
that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary
zone.
A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.
In fact, a secondary zone can only be updated through zone transfer.
AnActive Directory-integrated zone is a zone that stores its data in Active Directory. DNS zone files are
not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is
replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security
features of Active Directory.
A reverse lookup zone is an authoritative DNS zone. These zones are mainly used to resolve IP addresses to
resource names on the network. A reverse lookup zone can be either of the following zones:
Primary zone
Secondary zone
Active Directory-integrated zone
16
http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-4698/3/2019 DNS Tech - Faq
17/97
A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to
identify the authoritative DNS servers for the master zone. Stub zones therefore contain only a copy of a zone, and are
used to resolve recursive queries and iterative queries:
Iterative queries: The DNS server provides the best answer it can. This can be:
o The resolved name
o A referral to a different DNS server
Recursive queries: The DNS server has to reply with the requested information, or with an error. The DNS
server cannot provide a referral to a different DNS server
Stub zones contain the following information:
Start of Authority (SOA) resource records of the zone.
Resource records that list the authoritative DNS servers of the zone
Glue address (A) resource records that are necessary for contacting the authoritative servers of the zone.
Zone delegation occurs when you assign authority over portions of the DNS namespace to subdomains of the DNS
namespace. You should delegate a zone under the following circumstances:
You want to delegate administration of a DNS domain to a department or branch of your organization.
You want to improve performance and fault tolerance of your DNS environment . you can distribute DNS
database
management and maintenance between several DNS servers.
Understanding DNS Zone Transfer
A zone transfer can be defined as the process that occurs to copy the resource records of a zone on the primary DNS
server to secondary DNS servers. Zone transfer enables a secondary DNS server to continue handling queries if the
primary DNS server fails. A secondary DNS server can also transfer it zone data to other secondary DNS servers, who
are beneath it in the DNS hierarchy. In this case, the secondary DNS server is regarded as the master DNS server to the
other secondary servers.
The zone transfer methods are:
Full transfer: When you configure a secondary DNS server for a zone, and start the secondary DNS server, thesecondary DNS server requests a full copy of the zone from the primary DNS server. A full transfer is performed
of all
the zone information. Full zone transfers tend to be resource intensive. This disadvantage of full transfers has
ledto
the development of incremental zone transfers.
Incremental zone transfer: With an incremental zone transfer, only those resource records that have since
changed in a zone are transferred to the secondary DNS servers. During zone transfer, the DNS databases on
17
http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-5028/3/2019 DNS Tech - Faq
18/97
the primary
DNS server and the secondary DNS server are compared to determine whether there are differences in the DNS
data. If the
DNS data of the primary and secondary DNS servers are the same, zone transfer does not take place. If the DNS
data of
the two servers are different, transfer of the delta resource records starts. This occurs when the serial number on
the
primary DNS server database is higher than that of secondary DNS server.s serial number. For incremental zone
transfer
to occur, the primary DNS server has to record incremental changes to its DNS database. Incremental zone
transfers
require less bandwidth than full zone transfers.
Active Directory transfers: These zone transfers occur when Active Directory-integrated zones are replicated
to the domain controllers in a domain. Replication occurs through Active Directory replication.
DNS Notifyis a mechanism that enables a primary DNS server to inform secondary DNS servers when its
database has been updated. DNS Notify informs the secondary DNS servers when they need to initiate a zone
transfer so
that the updates of the primary DNS server can be replicated to them. When a secondary DNS server receives
the
notification from the primary DNS server, it can start an incremental zone transfer or a full zone transfer to pull
zone changes from the primary DNS servers.
Understanding DNS Resource Records (RRs)
The DNS database contains resource records (entries) that are used to resolve name resolutionqueries sent to the
DNS server. Each DNS server contains the resource records (RRs) it needs to respond to name resolution queries for the
portion of the DNS namespace for which it is authoritative. There are different types of resource records.
A few of the commonly used resource records (RR) and their associated functions are described in the Table.
Resource Records Type Name Function
A Host recordContains the IP address of a specific host, and ma
addresses.
AAAA IPv6 address record Ties a FQDN to an IPv6 128-bit address.
AFSDB Andrews files systemAssociates a DNS domain name to a server subtype:
volume or an authenticated name server using DCE/N
ATMA Asynchronous Transfer Mode addressAssociates a DNS domain name to the ATM addre
atm_address field.
CNAME Canonical Name / Alias name Ties an alias to its associated domain name.
18
http://www.tech-faq.com/microsoft-dns/glossary-1/b/bandwidth-8http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/a/atm-291http://www.tech-faq.com/microsoft-dns/glossary-1/b/bandwidth-8http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/a/atm-2918/3/2019 DNS Tech - Faq
19/97
HINFO Host info record Indicates the CPU and OS type for a particular hos
ISDN ISDN info record Ties a FQDN to an associated ISDN telephone numb
KEY Public key resource recordContains the public key for zones that can use DNS S
Extensions (DNSSEC).
MB Mailbox name recordMaps the domain mail server name to the mail server
name
MG Mail group record Ties th domain mailing group to mailbox resource rec
MINFO Mailbox info record Associates a mailbox for an individual that maintains
MR Mailbox renamed record Maps an older mailbox name to its new mailbox name
MX Mail exchange recordProvides routing for messages to mail servers and
servers.
NS Name server recordProvides a list of the authoritative servers for a domai
the authoritative DNS server for delegated subdomain
NXT Next resource recordIndicates those resource record types that exist for a
the resource record in the zone.
OPT Option resource record A pseudo-resource record which provides extended Dfunctionality.
PTR Pointer resource recordPoints to a different resource record, and is used for r
lookups to point to A type resource records.
RT Route through recordProvides routing information for hosts that do not hav
address.
SIG Signature resource record Stores the digital signature for an RR set.
SOA Start of Authority resource record
This resource record contains zone information for
determining the name of the primary DNS server for t
such as version information.
SRV Service locator recordUsed by Active directory to locate domain controllers,
and global catalog servers.
19
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cpu-349http://www.tech-faq.com/microsoft-dns/glossary-1/c/cpu-3498/3/2019 DNS Tech - Faq
20/97
TXT Text record Maps a DNS name to descriptive text.
X25 X.25 info recordMaps a DNS address to the public switched data netw
number.
While there are various resource records that contain different information or data, there are a few required fields
that each particular resource record has to contain:
Owner; the DNS domain that contains the resource record
TTL (Time to Live); indicates the time duration that DNS servers can cache resource record information,
prior to discarding the information. This is however an optional resource records field.
Class; is another optional resource records field. Class types were used in earlier implementations of the
DNS naming system, and are no longer used these days.
Type; indicates the type of information contained by the resource record.
Record-Specific Data; a variable length field that further defines the function of the resource. The format
of the field is determined by Class and Type.
Delegation records and glue records can also be added to a zone. These records are used to delegate a subdomain into
a separate zone.
Delegation records: These are Name Space (NS) resource records in a parent zone. The delegation record
specifies the parent zone as being authoritative for the delegated zones.
Glue records: These are A type resource records for the DNS server who is authoritative for delegated
zone.
The more important resource records are discussed now. This includes the following:
Start of Authority (SOA), Name Server (NS), Host (A), Alias (CNAME), Mail exchanger (MX), Pointer (PTR),
Service
location (SRV)
Start of Authority (SOA) Resource Record
This is the first record in the DNS database file. The SOA record includes information on the zone property
information, such as of the primary DNS server for the zone, and version information.
The fields located within the SOA record are listed below:
Source host; the host for who the DNS database file is maintained
Contact e-mail; e-mail address for the individual who is responsible for the database file.
Serial number; the version number of the database.
20
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-198/3/2019 DNS Tech - Faq
21/97
Refresh time; the time that a secondary DNS server waits, while determining whether database updates have
been made, that have to be replicated via zone transfer.
Retry time; the time for which a secondary DNS server waits before attempting a failed zone transfer
again.
Expiration time; the time for which a secondary DNS server will continue to attempt to download zone
information. Old zone information is discarded when this limit is reached.
Time to live; the time that the particular DNS server can cache resource records from the DNS database
file.
Name Server (NS) Resource Record
The Name Server (NS) resource record provides a list of the authoritative DNS servers for a domain, as well
authoritative DNS server for any delegated subdomains. Each zone must have one (or more) NS resource records at the
zone root. The NS resource record indicates the primary and secondary DNS servers for the zone defined in the SOA
resource record. This in turn enables other DNS servers to look up names in the domain.
Host (A) Resource Record
The host (A) resource record contains the IP address of a specific host, and maps the FQDN to this 32-bit IPv4
addresses. Host (A) resource records basically associates the domain names of computers (FQDNs) or hosts names to
their
associated IP addresses. Because a host (A) resource record statically associates a host name to a specific IP address,
you can manually add these records to zones if you have machines who have statically assigned IP addresses.
The methods which are used to add host (A) resource records to zones are:
Manually add these records, using the DNS management console.
You can use the Dnscmd tool at the command line to add host (A) resource records.
TCP/IP client computers running Windows 2000, Windows XP or Windows Server 2003 use the DHCPClient
service to both
register their names, and update their host (A) resource records.
Alias (CNAME) Resource Record
Alias (CNAME) resource records ties an alias name to its associated domain name. Alias (CNAME) resource records are
referred to as canonical names. By using canonical names, you can hide network information from the clients who
connect to your network. Alias (CNAME) resource records should be used when you have to rename a host that is
defined
in a host (A) resource record in the identical zone.
Mail exchanger (MX) Resource Record
21
http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-372http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-372http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-3728/3/2019 DNS Tech - Faq
22/97
The mail exchanger (MX) resource record provides routing for messages to mail servers and backup servers. The mail
MX resource record provides information on which mail servers processes e-mail for the particular domain name. E-mail
applications therefore mostly utilize MX resource records.
A mail exchanger (MX) resource record has the following parameters:
Priority
Mail server
The mail exchanger (MX) resource record enables your DNS server to work with e-mail addresses where no specific mail
server is defined. A DNS domain can have multiple MX records. MX resource records can therefore also be used to
provide
failover to different mail servers when the primary server specified is unavailable. In this case, a server preference
value is added to indicate the priority of a server in the list. Lower server preference values specify higher
preference.
Pointer (PTR) Resource Record
The pointer (PTR) resource record points to a different resource record, and is used for reverse lookups to point to
A resource records. Reverse lookups resolve IP addresses to host names or FQDNs.
You can add PTR resource records to zones through the following methods:
Manually add these records, using the DNS management console.
You can use the Dnscmd tool at the command line to add PTR resource records.
Service (SRV) Resource Records
Service (SRV) resource records are typically used by Active directory to locate domain controllers, LDAP servers,
and global catalog servers. The SRV records define the location of specific services in a domain. They associate the
location of a service such as a domain controller or global catalog server; with details on how the particular service
can be contacted.
The fields of the service (SRV) resource record are explained below:
Service name
The protocol used
The domain name associated with the SRV records.
The port number for the particular service
The Time to Live value
The class
22
http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-2488/3/2019 DNS Tech - Faq
23/97
The priority and weight.
The target specifying the FQDN of the particular host supporting the service
The Zone Database Files
If you are not using Active Directory-integrated zones, the specific zone database files that are used for zone data
are:
Domain Name file: When new A type resource records are added to the domain, they are stored in this file.
When a zone is created, the Domain Name file contains the following:
o A SOA resource record for the domain
o A NS resource record that indicates the name of the DNS server that was created.
Reverse Lookup file: This database file contains information on a reverse lookup zone.
Cache file: This file contains a listing of the names and addresses of root name servers that are needed for
resolving names which are external to the authoritative domains.
Boot file: This file controls the startup behavior of the DNS server. The boot file supports the commands
listed below:
o Directory command; this command defines the location of the other files specified in the Boot file.
o Primary command; defines the domain for which this particular DNS server has authority.
o Secondary; specifies a domain as being a secondary domain.
o Cache command; this command defines the list of root hints used for contacting DNS servers for the root
domain
Planning DNS Zone Implementations
When you divide the up the DNS namespace, DNS zones are created. Breaking up the namespace into zones enables
DNS to
more efficiently manage available bandwidth usage, which in turn improves DNS performance.
When determining how to break up the DNS zones, a few considerations you should include are listed below:
DNS traffic patterns: You can use the System Monitortool to examine DNS performance counters, and to
obtain DNS
server statistics.
Network link speed: The types of network links that exist between your DNS servers should be determined when
you
plan the zones for your environment.
23
http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-533http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-533http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-5338/3/2019 DNS Tech - Faq
24/97
Whether full DNS servers or caching-only DNS servers are being used also affects how you break up DNS zones
The main zone types used in Windows Server 2003 DNS environments are primary zones and Active Directory-integrated
zones. The question on whether to implement primary zones or Active Directory-integrated zones; would be determined
by
the DNS design requirements of your environment.
Both primary zones and secondary zones are standard DNS zones that use zone files. The main difference between
primary zones and secondary zones is that primary zones can be updated. Secondary zones contain read-only copies of
zone data. A secondary DNS zone can only be updated through DNS zone transfer. Secondary DNS zones are usually
implemented to provide fault tolerance for your DNS server environment.
An Active Directory-integrated zone can be defined as an improved version of a primary DNS zone because it can use
multi-master replication and the security features of Active Directory. The zone data of Active Directory-integrated
zones are stored in Active Directory. Active Directory-integrated zones are authoritative primary zones.
A few advantages that Active Directory-integrated zone implementations have oer standard primary zone
implementations are:
Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far
less.
The Active Directory replication topology is used for Active Directory replication, and for Active
Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active
Directory are
integrated.
Active Directory-integrated zones can enjoy the security features of Active Directory.
The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This
in
turn reduces administrative overhead.
When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored
on
any new domain controllers automatically. Synchronization takes place automatically when new domain
controllers are
deployed.
The mechanism that DNS utilizes to forward a query that one DNS server cannot resolve, to another DNS server is
called DNS forwarding. DNS forwarders are the DNS servers used to forward DNS queries for different DNS
namespace to those DNS servers who can answer the query. A DNS server is configured as a DNS forwarder when you
configure the other DNS servers to direct any unresolved queries to a specific DNS server. Creating DNS forwarders can
improve name resolution efficiency.
Windows Server 2003 DNS introduces a new feature, called conditional forwarding. With conditional forwarding,
you create conditional forwarders within your environment that will forward DNS queries based on the specific
24
8/3/2019 DNS Tech - Faq
25/97
domain names being requested in the query. This differs from DNS forwarders where the standard DNS resolution path to
the root was used to resolve the query. A conditional forwarder can only forward queries for domains that are defined
in the particular conditional forwarders list. The query is passed to the default DNS forwarder if there are no entries
in the forwarders list for the specific domain queried.
When conditional forwarders are configured, the process to resolve domain names is illustrated below:
1. A client sends a query to the DNS server for name resolution.
2. The DNS server checks its DNS database file to determine whether it can resolve the query with its zone data.
3. The DNS server also checks its DNS server cache to resolve the request.
4. If the DNS server is not configured to use forwarding, the server uses recursion to attempt to resolve the
query.
5. If the DNS server is configured to forward the query for a specific domain name to a DNS forwarder, the DNS
server
then forwards the query to the IP address of its configured DNS forwarder.
A few considerations for configuring forwarders for your DNS environmentare:
You should only implement the DNS forwarders that are necessary for your environment. You should refrain from
creating loads of forwarders for your internal DNS servers.
You should avoid chaining your DNS servers together in a forwarding configuration.
To avoid the DNS forwarder turning into a bottleneck, do not configure one external DNS forwarder for all your
internal DNS servers.
How to create a new zone
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. Expand the Forward Lookup Zones folder
3. Select the Forward Lookup Zones folder.
4. From the Action menu, select New Zone.
5. The New Zone Wizard initiates.
6. On the initial page of the Wizard, click Next.
7. On the Zone Type page, ensure that the Primary Zone. Creates A Copy Of A Zone That Can Be Updated Directly
On This
Server option is selected. This option is by default selected.
25
8/3/2019 DNS Tech - Faq
26/97
8. Uncheck the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) checkbox.
Click Next.
9. On the Zone Name page, enter the correct name for the zone in he Zone Name textbox. Click Next.
10. On the Zone File page, ensure that the default option, Create A New File With This File Name is selected. Click
Next.
11. On the Dynamic Update page, ensure that the Do Not Allow Dynamic Updates. Dynamic Updates Of Resource
Records Are
Not Accepted By This Zone. You Must Update These Records Manually option is selected. Click Next.
12. The Completing The New Zone Wizard page is displayed next.
13. Click Finish to create the new zone.
How to create subdomains
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. In the console tree, select the appropriate zone.
3. From the Action menu, select New Domain.
4. The DNS Domain dialog box opens.
5. Enter the name for new subdomain.
6. Click OK to create the new subdomain.
How to create a reverse lookup zone
1. Click Start, Administrative Tools, and the select DNS to open the DNS console.
2. Select the appropriate DNS server in the console tree.
3. Right-click the DNS server, and then select New Zone from the shortcut menu.
4. The New Zone Wizard starts.
5. Click Next on the first page of the New Zone Wizard.
6. On the Zone Type page, ensure that the Primary Zone option is selected. Click Next.
7. On the following page, select the Reverse lookup zone option. Click Next.
8. Enter the IP network in the Network ID box, for the domain name that you are creating this new reverse lookup
zone
for. Click Next.
26
8/3/2019 DNS Tech - Faq
27/97
9. Accept the default zone file name. Click Next.
10. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option, and then
click
Next.
11. .The Completing The New Zone Wizard page is displayed next.
12. Click Finish to create the new reverse lookup zone.
How to create a stub zone
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. Expand the Forward Lookup Zones folder
3. Select the Forward Lookup Zones folder.
4. From the Action menu, select New Zone.
5. The New Zone Wizard initiates.
6. On the initial page of the Wizard, click Next.
7. On the Zone Type page, select the Stub Zone option.
8. Uncheck the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) checkbox.
Click Next.
9. On the Zone Name page, enter the name for the new stub zone in the Zone Name textbox, and then click Next.
10. Accept the default setting on the Zone file page. Click Next.
11. On the Master DNS Servers page, enter the IP address of the master server in the Address text box. Click Next.
12. On the Completing The New Zone Wizard page, click Finish.
How to add resource records to zones
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. In the console tree, select the zone that you want to add resource records to.
3. From the Action menu, select the resource record type that you want to add to the zone. The options are:
o New Host (A)
o New Alias (CNAME)
27
8/3/2019 DNS Tech - Faq
28/97
o New Mail Exchanger (MX)
o Other New Records
4. Select the New Host (A) option.
5. The New Host dialog box opens.
6. In the Name (Use Parent Domain Name If Blank) textbox, enter the name of the new host.
7. When you specify the name of the new host, the resulting FQDN is displayed in the Fully qualified domain name
(FQDN) textbox.
8. In the IP Address box, enter the address for the new host.
9. If you want to create an associated pointer (PTR) record, enable the checkbox.
10. Click the Add Host button.
11. The new host (A) resource record is added to the particular zone.
12. A message box is displayed, verifying that the new host (A) resource record was successfully created for the
zone.
13. Click OK.
14. Click Done to close the New Host dialog box./li>
How to create a zone delegation
1. Click Start, Administrative Tools, and then select DNS to open the DNS console.
2. Right-click your subdomain in the console tree, and then select New Delegation from the shortcut menu.
3. The New Delegation Wizard initiates.
4. Click Next on the first page of the New Delegation Wizard.
5. When the Delegated Domain Name page opens, provide a delegated domain name, and then click Next.
6. On the Name Servers page, click the Add button to provide the names and the IP addresses of your DNS serversthat
should host the delegation
7. On the Name Servers page, click Next.
8. Click Finish.
How to enable dynamic updates for a zone
28
8/3/2019 DNS Tech - Faq
29/97
1. Click Start, Administrative Tools, and the select DNS to open the DNS console.
2. Right-click the zone you want to work with in the console tree, and then select Properties from the shortcut
menu.
3. When the Zone Properties dialog box opens, on the General tab, select Yes in the Allow Dynamic Updates list
box.
4. Click OK.
How to configure a zone to use WINS for name resolution
You can configure your forward lookup zone to use WINS for name resolution in instances where the queried name is
not found in the DNS namespace.
1. Click Start, Administrative Tools, and the select DNS to open the DNS console.
2. In the console tree, proceed to expand your DNS server node, and then expand the Forward Lookup Zones
folder.
3. Locate and right-click the zone which you want to configure and then select Properties from the shortcut menu.
4. When the Zone Properties dialog box opens, click the WINS tab.
5. Enable the Use WINS Forward Lookup checkbox.
6. Type the WINS server IP address. Click Add, and then click OK.
7. On the General tab, select Yes in the Allow Dynamic Updates list box.
8. Click OK.
Understanding DNS
Domain Name Service (DNS) Overview
Domain Name Service (DNS) enables applications and users to connect to hosts in TCP/ IP based networks by
specifying
a name. DNS is a hierarchically distributed database that creates hierarchical names that can be resolved to IP
addresses. The IP addresses are then resolved to MACaddresses. DNS therefore provides the means for naming IPhosts,
and for locating IP hosts when they are queried for by name.
The protocols and standards of DNS provide the following key components:
The method for updating address information in a DNS database.
The method for querying address information in a DNS database.
29
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-513http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-513http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-5138/3/2019 DNS Tech - Faq
30/97
he schema of the DNS database.
The ability of replicating address information between DNS servers in the DNS topology.
The HOSTS files were used to resolve host names to IP addresses before DNS was in existence. The HOSTS files were
manually maintained by administrators. The HOSTS file was located on a centrally administered server on the Internet.
Each site or location that needed to resolve host names to IP addresses had to at regular intervals download a new copy
of the HOSTS file. The size of the HOSTS file grew as the Internet grew. The traffic that was generated from
downloading a new copy of the HOSTS file also grew. This ledto the design and implementation of Domain Name
Service
(DNS) in 1984, the hierarchically distributed database that can resolve host names to IP addresses.
The main design requirement of DNS provides the following key features over the HOST file.
A hierarchical name space
Hostnames in the DNS database can be distributed between multiple servers
The database has an unlimited size.
Extensible data types
Together with supporting host name to IP addressmappings, different data types are supported as well.
No degrade in performance as more servers are added . the database is scalable.
Distribution of administration . naming can be managed individually for each partition.
From the days of Windows NT Server 4.0, DNS has been included with the operating system. DNS is the primary name
registration and resolution service in Windows 2000 and Windows Server 2003, and provides the following features and
services:
A hierarchically distributed and scalable database.
Provides name registration, name resolution and service location for Windows 2000 and Windows Server 2003
clients.
Locates domain controllers for logon.
The Differences between the NetBIOS Naming System and DNS
Before discussing the differences between the NetBIOS naming system and DNS, lets first look at the different name
types used in Windows operating systems:
Computer name: This is the name which an administrator assigns to a computer. To verify the computer name
of
a computer:
30
http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/o/operating-system-572http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/o/operating-system-572http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-1088/3/2019 DNS Tech - Faq
31/97
1. Right-click My Computer, and select Properties from the shortcut menu.
2. Click the Computer Name tab to verify the computer.s name.
NetBIOS name: A unique name used to identify a NetBIOS resource on the network. The NetBIOS name is
resolved
to an IP address for communication to occur.
Host name: A host name is assigned to a computer to identify a host in a TCP/IP network. The host name can
be described as being the alias that is assigned to a node, to identify it. When the host name is used and not
the IP
address, the host name has to be resolved to an IP address for IP communication to occur. The HOSTS file is a
text file
that contains host names to IP addresses mappings. The HOSTS file is stored locally.
Fully qualified domain name (FQDN): This is the DNS name that is used to identify a computer on the
network.
FQDNs have to be unique. The FQDN usually consists of the following:
1. Host name
2. Primary DNS suffix
3. Period
DNS Name: A DNS name is name that can include a number of labels that are segregated by a dot. When a
DNS
name displays the entire path, it is known as the Fully Qualified Domain Name (FQDN).
Alias: This is name used instead of another name. The Canonical Name (CNAME) is an alias name in DNS.
Nickname: This is another name used for a host. It is usually an abbreviated version of the FQDN. A nickname
has to be unique for each node if you want to map it the FQDN.
Primary DNS suffix: Computers running in a Windows Server 2003 network are assigned primary DNS
suffixes for
name registration and name resolution purposes. The primary DNS suffix is also referred to as the primary
domain name,
or domain name.
Connection-specific DNS suffix: This is a DNS suffix which is assigned to an adapter. The
connection-specific DNS suffix is called the adapter DNS suffix.
The name differences between the NetBIOS naming system and DNS namespace are noted below:
A NetBIOS name cannot be greater than 16 characters.
With DNS, up to 255 characters can be used for names.
31
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-2598/3/2019 DNS Tech - Faq
32/97
The NetBIOS naming system is a flat naming system.
The namespace used by DNS is a hierarchical space, or hierarchical system. The DNS naming system is called
the
domain namespacef. If you decide to use a private domain namespace, and there is no interaction with the
Internet, it does not have to be unique.
Understanding the DNS namespace
The naming system used by DNS is a hierarchical namespace, called the DNS namespace. The DNS namespace has
a
unique root. The root can contain numerous subdomains. Each subdomain also can contain multiple subdomains. The
DNS
namespace uses a logical tree structure wherein an entity is subordinate to the entity which resides over it. Each node
in the DNS domain tree has a name, which is called a label. The label can be up to 63 characters. Nodes that are
located on the same branch within the DNS domain tree must have different names. Nodes that reside on separate
branches
in the DNS hierarchy can have the same name.
Each node in the DNS domain tree or DNS hierarchy is identified by a FQDN. This is a DNS domain name that specifies
the node.s location in relation to the DNS domain tree/hierarchy. A domain name can be defined as the list of labels
along the path from the root of the DNS domain tree/hierarchy to a particular node. The FQDN is the entire list of
labels for a specific node.
Each domain registered in DNS is connected to a DNS name server. The DNS server of a domain provides authoritative
replies to queries for that particular domain.
Internet Corporation for Assigned Names and Numbers (ICANN) manages the DNS rootof the Internet domain
namespace. ICANN manages the assignment of globally unique identifiers which are key to the operation of Internet. This
includes the following components:
Internet domain names
IP addresses
Port numbers
Protocol parameters
Below the root DNS domain are the top-level domains. These top-level domains are also managed by ICANN. The
top-level domains managed by ICANN are:
Organizational domains: Organizational domains have the following characteristics:
o Organizational domains can be used globally.
o They are named via a three-character code.
32
http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-2488/3/2019 DNS Tech - Faq
33/97
o The code defines the main function of the organizations of the DNS domain.
Geographical domains: Geographical domains have the following characteristics:
o Geographical domains are usually used by organizations not residing in the United States.
o They are named via a two-character country and region codes.
o The codes were established by the International Organization for Standardization (ISO) 3166.
o The codes identify a country, such as .uk for the United Kingdom
Reverse domains: These domains are used for IP address to name mappings. This is called reverse
lookups.
The additional top-level domains defined by ICANN in late 2000 are:
.aero; for the air transportation industry
.biz; for businesses
.coop; for cooperatives
.info; for information
.museum; for museums
.name; for individual names
.pro; for credentialed professions such as attorneys.
The common top-level domain names used are:
.com; commercial organizations
.edu; for educational institutes.
.gov; for government.
.int; for international organizations.
.mil; for military organizations
.net; for Internet providers, and networking organizations
.org; non-commercial organizations
.uk; United Kingdom
33
http://www.expatintelligence.com/expat-unitd-kingdom.shtmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/com-152http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.expatintelligence.com/expat-unitd-kingdom.shtmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/com-152http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-5548/3/2019 DNS Tech - Faq
34/97
.us; United States
.ca; Canada
.jp; Japan
Understanding DNS Components and Terminology
The components which DNS is dependant on and the terminology used when discussing and managing DNS are listed
below:
DNS server: This is a computer running the DNS Server service, or BIND; that provides domain name services.
The DNS server manages the DNS database that is located on it. The DNS server program, whether it is the DNS
Server
service or BIND; manages and maintains the DNS database located on the DNS server. The information in the
DNS database
of a DNS server pertains to a portion of the DNS domain tree structure or namespace. This information is used to
provide responses to client requests for name resolution.
When a DNS server is queried it can do one of the following:
o Respond to the request directly by providing the requested information.
o Provide a pointer (referral) to another DNS server that can assist in resolving the query
o Respond that the information is unavailable
o Respond that the information does not exist
A DNS server is authoritative for the contiguous portion of the DNS namespace over which it resides.
The following types of DNS servers exist:
o Primary DNS server: This DNS server owns the zones defined in its DNS database, and can make
changes to
these zones.
o Secondary DNS server: This DNS server obtains a read-only copy of zones via DNS zone transfers.
A secondary
DNS server cannot make any changes to the information contained in its read-only copy. A secondary
DNS server can
however resolve queries for name resolution. Secondary DNS servers are usually implemented for the
following reasons:
Provide redundancy: It is recommended to install one primary DNS server, and one
secondary DNS server for
each DNS zone (minimum requirement). Install the DNS servers on different subnets so that if
34
8/3/2019 DNS Tech - Faq
35/97
one DNS server fails, the
other DNS server can continue to resolve queries.
Distribution of DNS processing load: Implementing secondary DNS servers assist in
reducing the load of the
primary DNS server.
Provide fast access for clients in remote locations: Secondary DNS servers can also
assist in preventing
clients from transversing slow links for name resolution requests.
DNS zones: A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server
has
authority, or is authoritative. A zone is a portion of a namespace . it is not a domain. A domain is a branch of the
DNS namespace. A DNS zone can contain one or more contiguous domains. A DNS server can be authoritative
for multiple
DNS zones.
Zone files store resource records for the zones over which a DNS server has authority.
DNS client: This is a machine that queries the DNS server for name resolution. To issue DNS requests to the
DNS server, DNS resolvers are used.
Queries:The types of DNS queries which can be sent to a DNS server are:
o Recursive queries
o Iterative queries
DNS resolvers: These are programs that use DNS queries to request information from the DNS servers. In
Windows Server 2003, the DNS Client service performs the function of the DNS resolver. A DNS resolver can
communicate and issue name queries to remote DNS servers, or to the DNS server running locally. When a DNS
resolver
receives a response from a DNS server, the resolver caches the information locally. The local cacheis then
used if the
same information is requested.
Resource records: The DNS database contains resource records (entries) that are used to resolve name
resolution queries sent to the DNS server. Each DNS server contains the resource records it needs to respond to
name
resolution queries for the portion of the DNS namespace for which it is authoritative.
Root servers: A root server performs the following functions when a query cannot be resolved from the local
zone files:
o Returns an authoritative answer for a particular domain.
o Returns a referral to another DNS server that can provide an authoritative answer
35
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-198/3/2019 DNS Tech - Faq
36/97
How DNS Resolves Queries
A DNS client queries a DNS server to resolve a name. The query contains the following important information:
The DNS domain name in the FQDN format.
The query type
The class for the DNS domain name
A DNS client uses one ofthree query types to query a DNS server:
Iterative queries: The DNS server provides the best answer it can. This can be:
o The resolved name
o A referral to a different DNS server
Recursive queries: The DNS server has to reply with the requested information, or with an error. The DNS
server cannot provide a referral to a different DNS server.
Inverse queries: The query sent to the DNS server is to resolve the host name associated with a known IP
address. All the domains have to be queried to provide a correct answer to the query.
If a DNS server cannot find a match for a queried name in its zone information, or in its cache; the DNS server
performs recursion to resolve the name. This is the default configuration for DNS servers. Recursion is the
process whereby which the DNS server queries other DNS servers for the client. By the initial DNS server querying the
other DNS servers, recursion actually ends up making the initia