DNS Tech - Faq

8/3/2019 DNS Tech - Faq

1/97

Installing and Configuring DNS

Understanding Host Name Resolution

Understanding DNS Zones

Understanding DNS

Understanding DNS Queries and Lookups

Securing DNS Servers

Securing DNS

Renaming Domains

Planning DNS Zones Replication

Planning and Implementing a DNS Namespace

Monitoring and Troubleshooting DNS

DNS Server Roles

DNS and Active Directory Integration

Integrating the DNS Server with DHCP and WINS

Configuring DNS Clients

Start Here

Installing and Configuring DNS

Installing the DNS Server Service

There are a number of methods which you can use to install the DNS server service on your Windows 2000 or Windows

Server 2003 computer:

Install the DNS server service on a stand-alone computer using the Add or Remove Program applet of

Control Panel. Install DNS when you install the first domain controller for an Active Directory domain.

Install DNS on an existing domain controller in an Active Directory domain.

Before installing the DNS server service, it is recommended that you perform the following administrative tasks:

Configure a static IP addressfor the computer Configure a static domain name for the computer.

How to configure a static domain name for the computer

1
http://www.tech-faq.com/microsoft-dns/glossary-1/c/control-panel-345http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/c/control-panel-345http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68


2/97

1. Click Start, Control Panel, and then click Network Connections.2. Select Local Area Connection and then click Properties.

3. In the Local Area Connections dialog box, select Internet Protocol(TCP/ IP), and then click

Properties.

4. When the Internet Protocol (TCP/IP) dialog box opens, click Advanced.5. The Advanced TCP/IP Settings dialog box opens.

6. Click the DNS tab.7. Ensure that this server's address, for which DNS is to be installed, is displayed first in the DNS Server

Addresses: In Order Of Use: list.

8. In the DNS Suffix For This Connection: box, enter the primary DNS domain name.9. Click OK.

How to install the DNS server service on a stand-alone computer

1. Open Control Panel

2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.

3. The Windows Components Wizard starts.

4. Click Networking Services, and then click Details.

5. In the Networking Services dialog box, select the checkbox for Domain Name System (DNS) in the list.6. Click OK. Click Next. Click Finish.

How to create a forward lookup zone

If you want the DNS server to be authoritative for a zone, you have to create and configure a forward lookup zone. A

forward lookup zone contains DNS domain zones that are hosted on the DNS server. The DNS server will then be able to

resolve a host name to an IP address.

1. Click Start, Administrative Tools, and then click DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then click New Zone from the shortcut menu.

3. On the Welcome to the New Zone Wizard, click Next.4. On the Zone Type page, select the default option, Primary Zone, for the zone type and then click Next.

5. On the Forward Or Reverse Lookup Zone page, select the Forward lookup zone option, and click Next.6. Enter a zone name for the new zone on the Zone Name page. Click Next.

7. On the Zone File page, accept the default setting: Create A New File With This File Name, and thenclick Next.

8. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option.Click Next.

9. Click Finish to add the new forward lookup zone to the DNS server.

How to add DNS resource records to a DNS zone

The DNS database contains resource records (entries) that are used to resolve name resolutionqueries sent to the

DNS server. Each DNS server contains the resource records (RRs) it needs to respond to name resolution queries for theportion of the DNS namespace for which it is authoritative. While resource records can be configured to be dynamically

registered with the DNS server, you can also manually add DNS resource records.

There are various resource records that contain different information or data. The standard DNS record types are:

Host (A) resource record: The host (A) resource ties the domain names of computers (FQDNs) or hostsnames to their associated IP addresses. The methods which are used to add host (A) resource records

to zones are:o Manually add these records, using the DNS management console.

2
http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108


3/97


4/97

1. Click Start, Administrative Tools, and then click DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then click New Zone from the shortcut menu.

3. On the Welcome to the New Zone Wizard, click Next.4. On the Zone Type page, select the default option, Primary Zone, for the zone type and then click Next.

5. On the Forward Or Reverse Lookup Zone page, select the Reverse lookup zone option, and click Next.6. Enter the IP network for the domain name in the Network ID field and then click Next.

7. On the Zone File page, accept the default setting: Create A New File With This File Name, and thenclick Next.

8. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option.

Click Next.

9. Click Finish to create the new reverse lookup zone.

Configuring a DNS Server

When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a

caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any DNS

domain. The information stored by caching-only DNS servers is the name resolution data that the server has collected

through resolving name resolution queries.

The DNS console is the management tool used to configure properties for DNS servers and DNS zones. To access the

DNS console; click Start, click Administrative Tools, and then click DNS. If you installed DNS on a stand-one computerthrough the Add or Remove Program applet of Control Panel, the DNS console contains only the following folders in the

console tree:

Event Viewer; contains the shortcut to the DNS Event Viewer log that is automatically installed when

you install DNS. The DNS Event Viewer log contains DNS specific events:o Errors

o Warning

Forward Lookup Zones; contains the forward lookup domain zones that are configured on this DNS

server. Reverse Lookup Zones; contains the reverse lookup domain zones that are configured on this DNS

server.

After creating the DNS zones and adding resource records to these zones, the following task you need to perform is to

configure the DNS server's properties. You configure the DNS server by configuring two separate configuration settings:

DNS Server configuration settings: These settings impact each zone hosted on a specific DNS server. DNS Zone configuration settings: These settings are only relevant for the specific zone which you are

configuring.

Configuring DNS Server Properties

You can configure a number of settings for the DNS server through its properties dialog box. To access the Properties of

a DNS server;

1. Click Start, Administrative Tools, and then click DNS.2. In the console tree, right-click the DNS server that you want to configure, and then select Properties to

open the DNS Server's Properties dialog box.3. The DNS Server's Properties contains a number of tabs that you can use to configure settings for all

zones hosted on the DNS server.

4


5/97

Interfaces tab

The Interfaces tab is the location where you to specify what Network Interface Cards ( NIC) and associated IP

addresses, the DNS server should listen to for DNS queries. The DNS server by default listens for DNS requests on the

IP addresses that are associated with the local computer.

If you want to limit the number of IP addresses that the DNS server listens to for DNS queries, click the Only the following

IP addresses option, and specify the IP addresses the DNS server should listen to in the IP Address field. Click the Add

button.

Forwarders tab

DNS forwarders are the DNS servers used to forward queries for different DNS namespace to those DNS servers who

can answer the query. A DNS server is configured as a DNS forwarder when you configure the other DNS servers to

direct any unresolved queries to a specific DNS server. Creating DNS forwarders can improve name resolution efficiency.

Windows Server 2003 DNS introduces a new feature, called conditional forwarding. With conditional forwarding, you

create conditional forwarders within your environment that will forward DNS queries based on the specific domain names

being requested in the query.

DNS forwarders are configured on the Forwarders tab. You can configure one or multiple DNS forwarders. When multiple

DNS forwarders are configured, the DNS forwarders are queried from the top of the list to the bottom of the list. You can

also specify the time that the local DNS server should wait between querying different DNS forwarders. If you do not want

the DNS server to use others means of name resolution, select the Do not use recursion for this domain checkbox.

Advanced tab

The Advanced tab enables you to configure a number ofserver options for your DNS server. The various server

options which you can configure, and their default settings are:

Disable recursion (also disables forwarders) - off: The default setting of this option is off, which means

that the DNS server uses recursion to resolve a client's query. If you enable this server option, the DNSserver no longer performs recursion to resolve client queries. Instead, it provides the client with

referrals BIND secondaries - on: When enabled, the DNS server uses the slow uncompressed transfer format to

transfer zone data to secondary DNS servers. This option allows for zone transfer compatibility withversions of BIND previous to 4.9.4. You can disable this option if you do not need to support versions of

BIND previous to 4.9.4. When disabled, the fast transfer format is used to transfer zone data. Fail to load if bad zone data - off: When this option is disabled, a DNS server will load all zones, even

when a particular zone's database file contains errors. If you do not want the DNS server to load a zonethat has errors in its zone data, enable this option.

Enable round robin - on: When this option is enabled; for DNS entries where multiple IP addresses

exist for the same host name, the DNS servers can rotate the order of matching A resource recordswhen clients query the particular host name. This server option is typically used to enable load

balancing between multiple servers. Enable netmask ordering - on: When a computer name is queried that has multiple matching host (A)

resource records, this server option results in the DNS server first returning an IP address to the clientwhich is in the subnet of the client.

Secure cacheagainst pollution - on: When enabled, the DNS server is protected from any referrals

that might pollute the DNS cache with the incorrect information. If the Secure cache against pollutionoption is enabled, the DNS server will only cache responses that have a name which ties to the domain

that was initially queried. If the option is disabled, the DNS server will cache all responses to queries.

The Name Checking drop-down list boxon the Advanced tab contains the name checking formats which you can

configure the DNS server service to use and enforce. While there are four name checking methods which you can choose

5
http://www.tech-faq.com/microsoft-dns/glossary-1/n/nic-556http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/n/nic-556http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19


6/97

between, it is recommended to leave the default setting, Multibyte (UTF8), unchanged. The name checking formats in the

Name Checking drop-down list box are:

Strict RFC ( ANSI); this method uses strict checking of names as specified by RFC compliant namingrules. All names that do not comply are regarded as being errors.

Non RFC (ANSI); this method allows names that are not RFC compliant. Multibyte (UTF8); this is the default name checking method used. The method allows names that use

the Unicode 8-bit translation encoding. All names: All naming formats are allowed.

The Load zone data on startup option on the Advanced tab is used to inform the DNS server service of the location

from which zone data should be loaded. The options available in the Load zone data on startup drop-down list box are:

From Active Directory and registry; this is the default setting that loads zone data from Active Directory.

From registry; loads zone data from the Windows registry. From File; loads zone data from a flat file.

The Enable automatic scavenging of stale records checkbox is not selected by default. If you want the DNS

server to automatically delete stale resource records from a zone at the interval set under the Scavenging period, select

the Enable Automatic Scavenging Of Stale Records checkbox.

RootHints tab

By default, the Root Hints tab contains a copy of the information stored in the Cache.dns file. If your DNS servers are

used to resolve Internet names, you do not need to modify the information on this tab. If however, you want to create your

own custom root hints, then you have to delete the Internet root servers and add the correct information for your

environment.

Debug Logging tab

If you need to troubleshoot the DNS server, you can use this tab to enable debug logging. You can specify a number of

settings on this tab which limits the number of packets which are logged, based on the following:

Packet direction

Transport protocol Packet content

Packet type Filter packets by IP address.

Event Logging tab

If you want to limit the events which are written to the DNS Events log, you would need to use the Event Logging tab. The

options which you can select to limit DNS event logging are:

No events Errors only Errors and warnings

All events

The Event Viewer folder in the DNS console is the shortcut to the DNS Event Viewer log that is automatically installed

when you install DNS.

Monitoring tab

This tab allows you to test querying of the DNS server. You can choose to perform a simple query test, a recursive query

6
http://www.tech-faq.com/microsoft-dns/glossary-1/a/ansi-283http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/a/ansi-283http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257


7/97

test, or you can specify that the DNS server automatically performs testing at an interval that you set. The type of test you

want to perform can be selected from the Select A Test Type area of the Monitoring tab. After selecting the test, simply

click the Test Now button. The Test Results area of the tab displays the results of the test.

Configuring DNS Zone Properties

DNS zone settings are configured through the Properties dialog box of a specific zone. The properties dialog box of a

standard primary DNS zone and a standard secondary DNS zone has the following five tabs:

General tab Start Of Authority (SOA) tab

Name Servers tab WINS tab Zone Transfers tab.

Theproperties dialog box of an Active Directory-integrated zone has an additional tab, called the

Security tab. This is the tab where you set access permissions for the specific zone:

Configure who can modify the properties of a specific zone

Configure who add dynamic updates to records for a specific zone.

To access the properties dialog box of a DNS zone,

1. Click Start, Administrative Tools, and then click DNS.

2. In the console tree, expand the DNS server node.

3. Expand the Forward Lookup Zones folder.

4. Locate and right-click the particular zone that you want to configure zone properties for, and then selectProperties from the shortcut menu.

5. The DNS Zone Properties sheet contains a number of tabs that you can use to configure settings forthe specific DNS zone.

General tab

The main zone configuration settings which you can configure on the General tab are:

Zone type

Zone file name Dynamic updates settings Aging settings

The buttons and fields which are used to configuration settings on the General tab are:

Zone status indicator and Pause button: The zone status indicator displays the status of the zone with

regard to answering name resolution queries. You can use the associated Pause button to pause DNSname resolution. Clicking the Pause button does not however pause the DNS Server service.

Zone type indicator and Change button: The zone type indicator displays the zone type configured for

the specific zone. When you click the Change button, the Change Zone Type dialog box opens.Through the Change Zone Type dialog box, you can change the zone type of an existing zone. The

settings on the Change Zone Type dialog box are:o Primary Zone option: This zone type contains the configuration settings and zone data for the

specific zone.o Secondary Zone option: This zone type contains a read-only copy of zone data, and cannot be

directly edited.

7
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259


8/97


9/97

3. When the Server Aging/Scavenging Properties dialog box opens, select the Scavenge Stale

Resource Records checkbox.4. Click OK.

After aging is enabled at the DNS server properties level, you can configure aging settings at the zone

properties level. Click the Aging button to open the Zone Aging/Scavenging Properties dialog box. Thesettings which can be configured are:

o No-refresh interval: The default setting is seven days. The no-refresh interval stops the DNS

server from performing unnecessary refreshes.o Refresh interval: This is the time after the No-refresh interval when timestamp refreshes are

allowed. Records are not scavenged. The default setting is also seven days.

Start Of Authority (SOA) tab

The Start Of Authority (SOA) tab is the location on the Zone Properties dialog box where you can configure options or

settings that are specific for the SOA resource record for the zone. The configuration settings on the Start Of Authority

(SOA) tab are:

Serial Number field: This field displays the version of the SOA record for the DNS server. If you want to

manually change the version number click the Increment button. The Serial Number field is alsodynamically updated whenever a resource record in the particular zone is changed. The Serial Number

field enables secondary DNS servers to determine when changes are made to resource records withinthe zone. If the serial number of the master zone is the same as the local serial number, zone transfer

is not initiated by the secondary DNS servers. If the serial number of the master zone is the higher than

that of the local serial number, zone transfer is initiated by the secondary DNS server. Primary Server field: This field shows the computer name of the primary DNS server for this particular

zone. Responsible Person field: This field shows the administrator responsible for administering this specific

zone. Refresh Interval field: The field has a default setting of 15 minutes. The Refresh Interval field indicates

how frequently the secondary DNS servers for this zone query the configured master server for zoneupdates. The secondary DNS servers request a copy of the SOA resource record for the zone when

the interval expires. It then checks what the serial number of the master's SOA resource record is, andcompares this value to its own SOA resource record's serial number. A zone transfer is initiated when

the two values are different. Retry Interval field: The field has a default setting of 10 minutes. The value specified in the Retry

Interval field determines how long secondary DNS servers wait after a zone transfer failure before re-

attempting the failed zone transfer. Expires After field: The field has a default setting of 24 hours. The value of this field determines the time

duration after which a secondary DNS server that has no contact with its configured master serverdiscards zone data.

Minimum (Default) TTL field: The field has a default setting of one hour. The value of the Minimum(Default) TTL setting indicates the TTL for all resource records that are created in this particular zone.

TTL For This Record: The value of the TTL For This Record field indicates the TTL of this current SOA

resource record.

Name Servers tab

The Name Servers tab shows all the DNS name servers which are authoritative for the zone. The list of authoritative DNS

servers could include both primary DNS servers and secondary DNS servers. To change the authoritative DNS servers

for the zone, click the Add, Edit, and Remove buttons at the bottom of the Name Servers tab.

9


10/97

WINS tab

If you want to integrate Windows Internet Naming service (WINS) and DNS, then you would use the WINS tab to

configure WINS forward lookups for the zone when the DNS server cannot resolve name resolution queries.

Zone Transfers tab

The settings on the Zone Transfers tab determine whether the DNS server will accept zone transfers from the master

server. The configuration settings on the Zone Transfers tab are:

Allow Zone Transfers checkbox: Determines whether the zone transfers are allowed or disallowed. The

Allow Zone Transfers checkbox is disabled by default. To Any Server option: When selected, zone transfers are allowed to any server that requests a copy of

zone data.

Only To Servers Listed On The Name Servers Tab option: This setting only allows zone transfers tothose DNS servers that are listed the Name Servers tab for this particular zone.

Only To The Following Servers option: This is option allows administrators to specify which DNS

servers, based on IP addresses, can request zone transfers. Notify button: If you want to configure automatic zone transfer notification triggers to the secondary

DNS servers for the zone, click the Notify button at the bottom of the Zone Transfers tab. The Notifydialog box opens. This is where you configure the secondary DNS servers that should be notified when

zone updates occur. Enable the Automatically Notify checkbox, and choose one of the following

options:o Servers Listed On The Name Servers Tab option.

o The Following Servers option, and then specify the IP addresses of the DNS servers that you

want notification sent to.

How to configure a delegated DNS zone

1. Click Start, Administrative Tools, and then select DNS to open the DNS console.

2. Right-click the zone in the console tree, and then select New Delegation from the shortcut menu.3. The New Delegation Wizard initiates.

4. Click Next on the first page of the New Delegation Wizard.

5. When the Delegated Domain Name page opens, provide a delegated domain name, and then clickNext.

6. On the Name Servers page, click the Add button to add the name and IP address of the DNS serverthat should host the delegated zone.

7. On the Name Servers page, click Next. Click Finish

How to enable dynamic updates for a zone

1. Click Start, Administrative Tools, and the select DNS to open the DNS console.

2. Right-click the zone you want to work with in the console tree, and then select Properties from theshortcut menu.

3. When the Zone Properties dialog box opens, on the General tab, select Yes in the Allow Dynamic

Updates list box.4. Click OK.

How to restore DNS server default server options settings


2. Right-click the DNS server and then click Properties on the shortcut menu.3. When the Properties dialog box of the DNS server opens, click the Advanced tab.

4. Click the Reset To Default button.

10
http://www.tech-faq.com/wins.shtmlhttp://www.tech-faq.com/wins.shtml


11/97

5. Click OK.

How to enable/disable fast transfer format for zone transfers


2. In the console tree, right-click the DNS server, and then select Properties from the shortcut menu.3. When the Properties dialog box of the DNS server opens, click the Advanced tab.

4. In the Server Options list, select or deselect the BIND Secondaries checkbox.5. Click OK.

How to disable local subnet prioritization for multihomed names

1. Click Start, Administrative Tools, and then select DNS to open the DNS console.2. In the console tree, right-click the DNS server, and then select Properties from the shortcut menu.

3. When the Properties dialog box of the DNS server opens, click the Advanced tab.4. In the Server Options list, deselect the Enable Netmask Ordering checkbox.

5. Click OK.

Understanding Host Name Resolution

Understanding the Purpose of Host Names

In TCP/ IP based networks, the packets that are transmitted over the network contain the following IP addresses:

The IP address of the computer sending the packet

The IP address of the destination computer intended to receive the packet.

The IP address information is used to forward the packet to the destination computer. The IP addresses of computers

therefore have to be both unique and correct so that they can be forwarded to the correct destination.

IP addresses also contain the following important information:

Network address or ID

Host address or ID.

What is a host name then? A host name is assigned to a computer to identify a host in a TCP/IP network. The host name

can be described as being the alias that is assigned to a node, to identify it.

A few characteristics of host names are listed below:

Host names are assigned to computers by administrators.

The host name specified for a computer does not need to correspond to the Windows 2000 or Windows Server

2003 computer name or NetBIOS computer name.

More than one host name can be assigned to the same host.

11
http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/p/packet-257http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259


12/97

The maximum length of a host name is 255 characters.

The host name can consist of both alphabetic characters and numeric characters.

A host name can be defined in a number of ways. The more common methods used are:

o A nickname: This is an alias to an IP address which individuals can assign and utilize.

o A domain name: This is a set structured name that adheres to Internet standards.

WinSock applications utilize the IP address of the host name for a connection to be established. Name resolutionis not

needed if the IP addresses are used to establish connections. However, because host names are simpler to remember

than IP an address, the host name is typically used instead of the IP addresses. This is especially evident with TCP/IP

applications.

When the host name is used, and not the IP address, the host name has to be resolved to an IP address for IP

communication to occur. This is known as host name resolution. A host name must match to an IP address that is located

in a DNS server database, or in a Hosts file.

Host Name Resolution in Windows

Each network needs a mechanism that can resolve host names to IP addresses. Name resolution has to occur whenever

the host name is used to connect to a computer and not the IP addresses. For instance, when a server name is used to

access a resource, the computer resolves that name to an IP address. Host name resolution resolves the host name to an

IP address. This has to occur so that the IP address can be resolved to the hardware address for TCP/IP based

communication to occur.

With the introduction of Windows 2000, came support for several different name resolution mechanisms:

LMHOSTS files

Network broadcasts

NetBIOS name cache

Windows Internet Naming Service (WINS)

Active Directory service

Network broadcasts and LMHOSTS files were generally utilized in the earlier versions of Windows NT. Windows Internet

Naming Service (WINS) is generally used in Windows NT 4. Prior to Windows 2000, NetBIOS names identified computers

on the network. With the introduction of Windows 2000, came the introduction of Active Directory. Active Directory uses

the Domain Name System (DNS) for name registration and name resolution.

With the introduction of Windows Server 2003, DNS name resolution is used over NetBIOS name resolution. The DNS

Client service handles name resolution. It first submits all name resolution tasks to DNS. If DNS name resolution cannot

occur, the DNS Client service submits the name to NetBIOS.

The common methods used to resolve host names are listed below:

12
http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.topbits.com/microsoft-wins/http://www.topbits.com/microsoft-wins/http://www.topbits.com/what-is-dns.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.topbits.com/microsoft-wins/http://www.topbits.com/microsoft-wins/http://www.topbits.com/what-is-dns.html


13/97

NetBIOS name resolution: This is the process of mapping the NetBIOS name of the computer to an IP

address. With NetBIOS, communication occurs between NetBIOS hosts via name discovery, name registration,

and name release.

HOSTS file: This is a text file that includes the host names to IP addresses mappings. The HOSTS file is stored

locally.

DNS server: DNS resolves host names and fully qualified domain names (FQDNs) to IP addresses in TCP/IP

networks. The DNS server manages a database of host name to IP address mappings. This is the primary

method used for name resolution in Windows Server 2003.

For DNS name resolution, the mechanisms that can be used are:

The local DNS client cache can be used to perform a name lookup.

A DNS server query.

For NetBIOS name resolution, the mechanisms that can be used are:

The local NetBIOS name cache can be used to perform a name lookup.

WINS server query

NetBIOS broadcasts to query the local network.

The local LMHOSTS file can be used to perform a name lookup

The HOSTS File

This is a text based file which contains host names to IP addresses mappings. TCP/IP applications mainly use the

HOSTS file when a host name needs to be mapped to an IP address. The file can also be used resolve NetBIOS names.

The HOSTS file is stored locally on a system, and is located on each computer.

A few characteristics of the HOSTS file are:

Multiple host names can be assigned to the identical IP address.

Each entry in the HOSTS file has an IP address that is associated with one or multiple host names.

Host name localhost is an entry in the HOSTS file, by default.

All frequently used names should be located close to the start of the file.

The entries in the HOSTS file for Windows 2000 operating systems are not case-sensitive.

The entries in the HOSTS file for UNIXoperating systems are case-sensitive.

How host names are resolved with a HOSTS file

13
http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-209http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-209http://www.tech-faq.com/microsoft-dns/glossary-1/u/unix-209


14/97

1. A user utilizes a host name to connect to a Winsock application.

2. The system checks whether the host name is the same as the local host name.

3. The name is resolved if the two names match.

4. The HOSTS file is parsed if the host name is not the same as the local host name.

5. The host name is resolved to its associated IP addresses if it is found in the HOSTS file.

6. The IP address of the destination host is then resolved to its hardware address.

7. If the destination host is located on the local network, either of the following methods is used to obtain the

hardware address:

o The hardware address is retrieved from the ARP cache

o The IP address of the host is broadcast for its hardware address

8. If the destination host is located on a remote network, the hardware address of a routeris obtained so that therequest can be routed.

In instances where the host name cannot be resolved to an IP address in the HOSTS file, and this is the only host name

resolution method that is configured, an error message is returned to the user that initiated the request.

How host names are resolved with a DNS server

1. When a user enters a host name or a fully qualified domain name (FQDN), host name resolution is initially

attempted through the HOSTS file.

2. If the host name could not be resolved to an IP address through the HOSTS file name resolution method, the

DNS server is used.

3. The request is transmitted to the DNS server to perform a lookup of the name in its database, to resolve it to an IP

address.

4. The DNS server resolves the host name to IP address.

5. The hardware address is obtained next.

6. If the destination host is located on the local network, the hardware address is obtained from the ARP cache, or

viabroadcasting of the IP address.

In instances where the DNS server does not respond to the initial request, the DNS server is tried again at 1, 2, 2, and 4

second intervals. If after all these attempts the DNS fails to responds, and no other name resolution mechanisms exist, an

error message is returned to the user that initiated the request.

The Recommended Method for Resolving Host Names to IP Addresses

14
http://www.tech-faq.com/microsoft-dns/glossary-1/l/local-host-507http://www.topbits.com/arp-cache.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/router-109http://www.tech-faq.com/microsoft-dns/glossary-1/l/local-host-507http://www.topbits.com/arp-cache.htmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/r/router-109


15/97

You can configure a number of methods to resolve host names to IP addresses. You can specify the use of a DNS server

name resolution via the HOSTS file or with a DNS server, network broadcast, WINS server, and through LMHOSTS.

When you configure numerous mechanisms for host name resolution, you are essentially providing a backup strategy

for your name resolution process. When one method fails to resolve the host name to IP address, another method is

used.

Only after each of the configured name resolution mechanisms fail to yield a host name to IP address mapping, does the

specific IP address need to be provided to service the request.

The recommended process for resolving host names to IP addresses is illustrated below:

1. The user specifies a host name and not the associated IP address in the request.

2. Windows first determines whether the host name provided is the identical name as the local host name.

3. The name is resolved if the two names match.

4. The HOSTS file is parsed if the two names are not the same.

5. If the host name exists in the HOSTS file, it is resolved to its IP address.

6. When the host name does not exist in the HOSTS file, the request is sent to the DNS server for name resolution.

7. The host name is resolved if the DNS server contains the host name to IP address mapping in its database.

8. If the DNS server does not respond to the initial request for name resolution, the request is attempted again at 1,

2, 2, and 4 second intervals.

9. When the DNS server cannot resolve the host name into an IP address, the host next checks whether the host

name exists in its local NetBIOS name cache.

10. The host name is resolved to an IP address if it is located in the local NetBIOS name cache.

11. If the host name cannot be located in the NetBIOS name cache, the NetBIOS name server is contacted for name

resolution.

12. When the NetBIOS name server cannot resolve the host name to an IP address, the host then transmits three

broadcast messages on the local network.

13. Name resolution takes place if the host name exists on the local network.

14. When the host name cannot be resolved through broadcasting on the local network, the next check that occurs is

the parsing of the local LMHOSTS file.

15. The host name is resolved into an IP address if it is located in the local LMHOSTS file.

16. If the host name cannot resolved into an IP address after all the above methods have been attempted, the user

has to provide the IP address.

15
http://www.tech-faq.com/microsoft-dns/glossary-1/b/backup-299http://www.tech-faq.com/microsoft-dns/glossary-1/b/backup-299


16/97

Understanding DNS Zones

DNS Zones Overview

A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority, or is

authoritative. A zone is a portion of a namespace . it is not a domain. A domain is a branch of the DNS namespace. A

DNS zone can contain one or more contiguous domains. A DNS server can be authoritative for multiple DNS zones. A

noncontiguous namespace cannot be a DNS zone.

A zone contains the resource records for all of the names within the particular zone. Zone files are used if DNS

data is not integrated with Active Directory. The zone files contain the DNS database resource records which define the

zone. If DNS and Active Directory are integrated, then DNS data is stored in Active Directory.

The different types of zones used in Windows Server 2003 DNS are listed below:

Primary zone

Secondary zone

Active Directory-integrated zone

Reverse lookup zone

Stub zone

Aprimary zone is the only zone type that can be edited or updated because the data in the zone is the

original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server

that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary

zone.

A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.

In fact, a secondary zone can only be updated through zone transfer.

AnActive Directory-integrated zone is a zone that stores its data in Active Directory. DNS zone files are

not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is

replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security

features of Active Directory.

A reverse lookup zone is an authoritative DNS zone. These zones are mainly used to resolve IP addresses to

resource names on the network. A reverse lookup zone can be either of the following zones:

Primary zone

Secondary zone

Active Directory-integrated zone

16
http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469


17/97

A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to

identify the authoritative DNS servers for the master zone. Stub zones therefore contain only a copy of a zone, and are

used to resolve recursive queries and iterative queries:

Iterative queries: The DNS server provides the best answer it can. This can be:

o The resolved name

o A referral to a different DNS server

Recursive queries: The DNS server has to reply with the requested information, or with an error. The DNS

server cannot provide a referral to a different DNS server

Stub zones contain the following information:

Start of Authority (SOA) resource records of the zone.

Resource records that list the authoritative DNS servers of the zone

Glue address (A) resource records that are necessary for contacting the authoritative servers of the zone.

Zone delegation occurs when you assign authority over portions of the DNS namespace to subdomains of the DNS

namespace. You should delegate a zone under the following circumstances:

You want to delegate administration of a DNS domain to a department or branch of your organization.

You want to improve performance and fault tolerance of your DNS environment . you can distribute DNS

database

management and maintenance between several DNS servers.

Understanding DNS Zone Transfer

A zone transfer can be defined as the process that occurs to copy the resource records of a zone on the primary DNS

server to secondary DNS servers. Zone transfer enables a secondary DNS server to continue handling queries if the

primary DNS server fails. A secondary DNS server can also transfer it zone data to other secondary DNS servers, who

are beneath it in the DNS hierarchy. In this case, the secondary DNS server is regarded as the master DNS server to the

other secondary servers.

The zone transfer methods are:

Full transfer: When you configure a secondary DNS server for a zone, and start the secondary DNS server, thesecondary DNS server requests a full copy of the zone from the primary DNS server. A full transfer is performed

of all

the zone information. Full zone transfers tend to be resource intensive. This disadvantage of full transfers has

ledto

the development of incremental zone transfers.

Incremental zone transfer: With an incremental zone transfer, only those resource records that have since

changed in a zone are transferred to the secondary DNS servers. During zone transfer, the DNS databases on

17
http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502


18/97

the primary

DNS server and the secondary DNS server are compared to determine whether there are differences in the DNS

data. If the

DNS data of the primary and secondary DNS servers are the same, zone transfer does not take place. If the DNS

data of

the two servers are different, transfer of the delta resource records starts. This occurs when the serial number on

the

primary DNS server database is higher than that of secondary DNS server.s serial number. For incremental zone

transfer

to occur, the primary DNS server has to record incremental changes to its DNS database. Incremental zone

transfers

require less bandwidth than full zone transfers.

Active Directory transfers: These zone transfers occur when Active Directory-integrated zones are replicated

to the domain controllers in a domain. Replication occurs through Active Directory replication.

DNS Notifyis a mechanism that enables a primary DNS server to inform secondary DNS servers when its

database has been updated. DNS Notify informs the secondary DNS servers when they need to initiate a zone

transfer so

that the updates of the primary DNS server can be replicated to them. When a secondary DNS server receives

the

notification from the primary DNS server, it can start an incremental zone transfer or a full zone transfer to pull

zone changes from the primary DNS servers.

Understanding DNS Resource Records (RRs)

The DNS database contains resource records (entries) that are used to resolve name resolutionqueries sent to the

DNS server. Each DNS server contains the resource records (RRs) it needs to respond to name resolution queries for the

portion of the DNS namespace for which it is authoritative. There are different types of resource records.

A few of the commonly used resource records (RR) and their associated functions are described in the Table.

Resource Records Type Name Function

A Host recordContains the IP address of a specific host, and ma

addresses.

AAAA IPv6 address record Ties a FQDN to an IPv6 128-bit address.

AFSDB Andrews files systemAssociates a DNS domain name to a server subtype:

volume or an authenticated name server using DCE/N

ATMA Asynchronous Transfer Mode addressAssociates a DNS domain name to the ATM addre

atm_address field.

CNAME Canonical Name / Alias name Ties an alias to its associated domain name.

18
http://www.tech-faq.com/microsoft-dns/glossary-1/b/bandwidth-8http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/a/atm-291http://www.tech-faq.com/microsoft-dns/glossary-1/b/bandwidth-8http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/a/atm-291


19/97

HINFO Host info record Indicates the CPU and OS type for a particular hos

ISDN ISDN info record Ties a FQDN to an associated ISDN telephone numb

KEY Public key resource recordContains the public key for zones that can use DNS S

Extensions (DNSSEC).

MB Mailbox name recordMaps the domain mail server name to the mail server

name

MG Mail group record Ties th domain mailing group to mailbox resource rec

MINFO Mailbox info record Associates a mailbox for an individual that maintains

MR Mailbox renamed record Maps an older mailbox name to its new mailbox name

MX Mail exchange recordProvides routing for messages to mail servers and

servers.

NS Name server recordProvides a list of the authoritative servers for a domai

the authoritative DNS server for delegated subdomain

NXT Next resource recordIndicates those resource record types that exist for a

the resource record in the zone.

OPT Option resource record A pseudo-resource record which provides extended Dfunctionality.

PTR Pointer resource recordPoints to a different resource record, and is used for r

lookups to point to A type resource records.

RT Route through recordProvides routing information for hosts that do not hav

address.

SIG Signature resource record Stores the digital signature for an RR set.

SOA Start of Authority resource record

This resource record contains zone information for

determining the name of the primary DNS server for t

such as version information.

SRV Service locator recordUsed by Active directory to locate domain controllers,

and global catalog servers.

19
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cpu-349http://www.tech-faq.com/microsoft-dns/glossary-1/c/cpu-349


20/97

TXT Text record Maps a DNS name to descriptive text.

X25 X.25 info recordMaps a DNS address to the public switched data netw

number.

While there are various resource records that contain different information or data, there are a few required fields

that each particular resource record has to contain:

Owner; the DNS domain that contains the resource record

TTL (Time to Live); indicates the time duration that DNS servers can cache resource record information,

prior to discarding the information. This is however an optional resource records field.

Class; is another optional resource records field. Class types were used in earlier implementations of the

DNS naming system, and are no longer used these days.

Type; indicates the type of information contained by the resource record.

Record-Specific Data; a variable length field that further defines the function of the resource. The format

of the field is determined by Class and Type.

Delegation records and glue records can also be added to a zone. These records are used to delegate a subdomain into

a separate zone.

Delegation records: These are Name Space (NS) resource records in a parent zone. The delegation record

specifies the parent zone as being authoritative for the delegated zones.

Glue records: These are A type resource records for the DNS server who is authoritative for delegated

zone.

The more important resource records are discussed now. This includes the following:

Start of Authority (SOA), Name Server (NS), Host (A), Alias (CNAME), Mail exchanger (MX), Pointer (PTR),

Service

location (SRV)

Start of Authority (SOA) Resource Record

This is the first record in the DNS database file. The SOA record includes information on the zone property

information, such as of the primary DNS server for the zone, and version information.

The fields located within the SOA record are listed below:

Source host; the host for who the DNS database file is maintained

Contact e-mail; e-mail address for the individual who is responsible for the database file.

Serial number; the version number of the database.

20
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19


21/97

Refresh time; the time that a secondary DNS server waits, while determining whether database updates have

been made, that have to be replicated via zone transfer.

Retry time; the time for which a secondary DNS server waits before attempting a failed zone transfer

again.

Expiration time; the time for which a secondary DNS server will continue to attempt to download zone

information. Old zone information is discarded when this limit is reached.

Time to live; the time that the particular DNS server can cache resource records from the DNS database

file.

Name Server (NS) Resource Record

The Name Server (NS) resource record provides a list of the authoritative DNS servers for a domain, as well

authoritative DNS server for any delegated subdomains. Each zone must have one (or more) NS resource records at the

zone root. The NS resource record indicates the primary and secondary DNS servers for the zone defined in the SOA

resource record. This in turn enables other DNS servers to look up names in the domain.

Host (A) Resource Record

The host (A) resource record contains the IP address of a specific host, and maps the FQDN to this 32-bit IPv4

addresses. Host (A) resource records basically associates the domain names of computers (FQDNs) or hosts names to

their

associated IP addresses. Because a host (A) resource record statically associates a host name to a specific IP address,

you can manually add these records to zones if you have machines who have statically assigned IP addresses.

The methods which are used to add host (A) resource records to zones are:

Manually add these records, using the DNS management console.

You can use the Dnscmd tool at the command line to add host (A) resource records.

TCP/IP client computers running Windows 2000, Windows XP or Windows Server 2003 use the DHCPClient

service to both

register their names, and update their host (A) resource records.

Alias (CNAME) Resource Record

Alias (CNAME) resource records ties an alias name to its associated domain name. Alias (CNAME) resource records are

referred to as canonical names. By using canonical names, you can hide network information from the clients who

connect to your network. Alias (CNAME) resource records should be used when you have to rename a host that is

defined

in a host (A) resource record in the identical zone.

Mail exchanger (MX) Resource Record

21
http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-372http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-372http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/d/dhcp-372


22/97

The mail exchanger (MX) resource record provides routing for messages to mail servers and backup servers. The mail

MX resource record provides information on which mail servers processes e-mail for the particular domain name. E-mail

applications therefore mostly utilize MX resource records.

A mail exchanger (MX) resource record has the following parameters:

Priority

Mail server

The mail exchanger (MX) resource record enables your DNS server to work with e-mail addresses where no specific mail

server is defined. A DNS domain can have multiple MX records. MX resource records can therefore also be used to

provide

failover to different mail servers when the primary server specified is unavailable. In this case, a server preference

value is added to indicate the priority of a server in the list. Lower server preference values specify higher

preference.

Pointer (PTR) Resource Record

The pointer (PTR) resource record points to a different resource record, and is used for reverse lookups to point to

A resource records. Reverse lookups resolve IP addresses to host names or FQDNs.

You can add PTR resource records to zones through the following methods:

Manually add these records, using the DNS management console.

You can use the Dnscmd tool at the command line to add PTR resource records.

Service (SRV) Resource Records

Service (SRV) resource records are typically used by Active directory to locate domain controllers, LDAP servers,

and global catalog servers. The SRV records define the location of specific services in a domain. They associate the

location of a service such as a domain controller or global catalog server; with details on how the particular service

can be contacted.

The fields of the service (SRV) resource record are explained below:

Service name

The protocol used

The domain name associated with the SRV records.

The port number for the particular service

The Time to Live value

The class

22
http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248


23/97

The priority and weight.

The target specifying the FQDN of the particular host supporting the service

The Zone Database Files

If you are not using Active Directory-integrated zones, the specific zone database files that are used for zone data

are:

Domain Name file: When new A type resource records are added to the domain, they are stored in this file.

When a zone is created, the Domain Name file contains the following:

o A SOA resource record for the domain

o A NS resource record that indicates the name of the DNS server that was created.

Reverse Lookup file: This database file contains information on a reverse lookup zone.

Cache file: This file contains a listing of the names and addresses of root name servers that are needed for

resolving names which are external to the authoritative domains.

Boot file: This file controls the startup behavior of the DNS server. The boot file supports the commands

listed below:

o Directory command; this command defines the location of the other files specified in the Boot file.

o Primary command; defines the domain for which this particular DNS server has authority.

o Secondary; specifies a domain as being a secondary domain.

o Cache command; this command defines the list of root hints used for contacting DNS servers for the root

domain

Planning DNS Zone Implementations

When you divide the up the DNS namespace, DNS zones are created. Breaking up the namespace into zones enables

DNS to

more efficiently manage available bandwidth usage, which in turn improves DNS performance.

When determining how to break up the DNS zones, a few considerations you should include are listed below:

DNS traffic patterns: You can use the System Monitortool to examine DNS performance counters, and to

obtain DNS

server statistics.

Network link speed: The types of network links that exist between your DNS servers should be determined when

you

plan the zones for your environment.

23
http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-533http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-533http://www.tech-faq.com/microsoft-dns/glossary-1/m/monitor-533


24/97

Whether full DNS servers or caching-only DNS servers are being used also affects how you break up DNS zones

The main zone types used in Windows Server 2003 DNS environments are primary zones and Active Directory-integrated

zones. The question on whether to implement primary zones or Active Directory-integrated zones; would be determined

by

the DNS design requirements of your environment.

Both primary zones and secondary zones are standard DNS zones that use zone files. The main difference between

primary zones and secondary zones is that primary zones can be updated. Secondary zones contain read-only copies of

zone data. A secondary DNS zone can only be updated through DNS zone transfer. Secondary DNS zones are usually

implemented to provide fault tolerance for your DNS server environment.

An Active Directory-integrated zone can be defined as an improved version of a primary DNS zone because it can use

multi-master replication and the security features of Active Directory. The zone data of Active Directory-integrated

zones are stored in Active Directory. Active Directory-integrated zones are authoritative primary zones.

A few advantages that Active Directory-integrated zone implementations have oer standard primary zone

implementations are:

Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far

less.

The Active Directory replication topology is used for Active Directory replication, and for Active

Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active

Directory are

integrated.

Active Directory-integrated zones can enjoy the security features of Active Directory.

The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This

in

turn reduces administrative overhead.

When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored

on

any new domain controllers automatically. Synchronization takes place automatically when new domain

controllers are

deployed.

The mechanism that DNS utilizes to forward a query that one DNS server cannot resolve, to another DNS server is

called DNS forwarding. DNS forwarders are the DNS servers used to forward DNS queries for different DNS

namespace to those DNS servers who can answer the query. A DNS server is configured as a DNS forwarder when you

configure the other DNS servers to direct any unresolved queries to a specific DNS server. Creating DNS forwarders can

improve name resolution efficiency.

Windows Server 2003 DNS introduces a new feature, called conditional forwarding. With conditional forwarding,

you create conditional forwarders within your environment that will forward DNS queries based on the specific

24


25/97

domain names being requested in the query. This differs from DNS forwarders where the standard DNS resolution path to

the root was used to resolve the query. A conditional forwarder can only forward queries for domains that are defined

in the particular conditional forwarders list. The query is passed to the default DNS forwarder if there are no entries

in the forwarders list for the specific domain queried.

When conditional forwarders are configured, the process to resolve domain names is illustrated below:

1. A client sends a query to the DNS server for name resolution.

2. The DNS server checks its DNS database file to determine whether it can resolve the query with its zone data.

3. The DNS server also checks its DNS server cache to resolve the request.

4. If the DNS server is not configured to use forwarding, the server uses recursion to attempt to resolve the

query.

5. If the DNS server is configured to forward the query for a specific domain name to a DNS forwarder, the DNS

server

then forwards the query to the IP address of its configured DNS forwarder.

A few considerations for configuring forwarders for your DNS environmentare:

You should only implement the DNS forwarders that are necessary for your environment. You should refrain from

creating loads of forwarders for your internal DNS servers.

You should avoid chaining your DNS servers together in a forwarding configuration.

To avoid the DNS forwarder turning into a bottleneck, do not configure one external DNS forwarder for all your

internal DNS servers.

How to create a new zone

1. Click Start, Administrative Tools, and then click DNS to open the DNS console.

2. Expand the Forward Lookup Zones folder

3. Select the Forward Lookup Zones folder.

4. From the Action menu, select New Zone.

5. The New Zone Wizard initiates.

6. On the initial page of the Wizard, click Next.

7. On the Zone Type page, ensure that the Primary Zone. Creates A Copy Of A Zone That Can Be Updated Directly

On This

Server option is selected. This option is by default selected.

25


26/97

8. Uncheck the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) checkbox.

Click Next.

9. On the Zone Name page, enter the correct name for the zone in he Zone Name textbox. Click Next.

10. On the Zone File page, ensure that the default option, Create A New File With This File Name is selected. Click

Next.

11. On the Dynamic Update page, ensure that the Do Not Allow Dynamic Updates. Dynamic Updates Of Resource

Records Are

Not Accepted By This Zone. You Must Update These Records Manually option is selected. Click Next.

12. The Completing The New Zone Wizard page is displayed next.

13. Click Finish to create the new zone.

How to create subdomains


2. In the console tree, select the appropriate zone.

3. From the Action menu, select New Domain.

4. The DNS Domain dialog box opens.

5. Enter the name for new subdomain.

6. Click OK to create the new subdomain.

How to create a reverse lookup zone


2. Select the appropriate DNS server in the console tree.

3. Right-click the DNS server, and then select New Zone from the shortcut menu.

4. The New Zone Wizard starts.

5. Click Next on the first page of the New Zone Wizard.

6. On the Zone Type page, ensure that the Primary Zone option is selected. Click Next.

7. On the following page, select the Reverse lookup zone option. Click Next.

8. Enter the IP network in the Network ID box, for the domain name that you are creating this new reverse lookup

zone

for. Click Next.

26


27/97

9. Accept the default zone file name. Click Next.

10. On the Dynamic Update page, select the Allow both nonsecure and secure dynamic updates option, and then

click

Next.

11. .The Completing The New Zone Wizard page is displayed next.

12. Click Finish to create the new reverse lookup zone.

How to create a stub zone


2. Expand the Forward Lookup Zones folder

3. Select the Forward Lookup Zones folder.

4. From the Action menu, select New Zone.

5. The New Zone Wizard initiates.

6. On the initial page of the Wizard, click Next.

7. On the Zone Type page, select the Stub Zone option.

8. Uncheck the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) checkbox.

Click Next.

9. On the Zone Name page, enter the name for the new stub zone in the Zone Name textbox, and then click Next.

10. Accept the default setting on the Zone file page. Click Next.

11. On the Master DNS Servers page, enter the IP address of the master server in the Address text box. Click Next.

12. On the Completing The New Zone Wizard page, click Finish.

How to add resource records to zones


2. In the console tree, select the zone that you want to add resource records to.

3. From the Action menu, select the resource record type that you want to add to the zone. The options are:

o New Host (A)

o New Alias (CNAME)

27


28/97

o New Mail Exchanger (MX)

o Other New Records

4. Select the New Host (A) option.

5. The New Host dialog box opens.

6. In the Name (Use Parent Domain Name If Blank) textbox, enter the name of the new host.

7. When you specify the name of the new host, the resulting FQDN is displayed in the Fully qualified domain name

(FQDN) textbox.

8. In the IP Address box, enter the address for the new host.

9. If you want to create an associated pointer (PTR) record, enable the checkbox.

10. Click the Add Host button.

11. The new host (A) resource record is added to the particular zone.

12. A message box is displayed, verifying that the new host (A) resource record was successfully created for the

zone.

13. Click OK.

14. Click Done to close the New Host dialog box./li>

How to create a zone delegation


2. Right-click your subdomain in the console tree, and then select New Delegation from the shortcut menu.

3. The New Delegation Wizard initiates.

4. Click Next on the first page of the New Delegation Wizard.

5. When the Delegated Domain Name page opens, provide a delegated domain name, and then click Next.

6. On the Name Servers page, click the Add button to provide the names and the IP addresses of your DNS serversthat

should host the delegation

7. On the Name Servers page, click Next.

8. Click Finish.

How to enable dynamic updates for a zone

28


29/97


2. Right-click the zone you want to work with in the console tree, and then select Properties from the shortcut

menu.

3. When the Zone Properties dialog box opens, on the General tab, select Yes in the Allow Dynamic Updates list

box.

4. Click OK.

How to configure a zone to use WINS for name resolution

You can configure your forward lookup zone to use WINS for name resolution in instances where the queried name is

not found in the DNS namespace.


2. In the console tree, proceed to expand your DNS server node, and then expand the Forward Lookup Zones

folder.

3. Locate and right-click the zone which you want to configure and then select Properties from the shortcut menu.

4. When the Zone Properties dialog box opens, click the WINS tab.

5. Enable the Use WINS Forward Lookup checkbox.

6. Type the WINS server IP address. Click Add, and then click OK.

7. On the General tab, select Yes in the Allow Dynamic Updates list box.

8. Click OK.

Understanding DNS

Domain Name Service (DNS) Overview

Domain Name Service (DNS) enables applications and users to connect to hosts in TCP/ IP based networks by

specifying

a name. DNS is a hierarchically distributed database that creates hierarchical names that can be resolved to IP

addresses. The IP addresses are then resolved to MACaddresses. DNS therefore provides the means for naming IPhosts,

and for locating IP hosts when they are queried for by name.

The protocols and standards of DNS provide the following key components:

The method for updating address information in a DNS database.

The method for querying address information in a DNS database.

29
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-513http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-513http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-469http://www.tech-faq.com/microsoft-dns/glossary-1/m/mac-513


30/97

he schema of the DNS database.

The ability of replicating address information between DNS servers in the DNS topology.

The HOSTS files were used to resolve host names to IP addresses before DNS was in existence. The HOSTS files were

manually maintained by administrators. The HOSTS file was located on a centrally administered server on the Internet.

Each site or location that needed to resolve host names to IP addresses had to at regular intervals download a new copy

of the HOSTS file. The size of the HOSTS file grew as the Internet grew. The traffic that was generated from

downloading a new copy of the HOSTS file also grew. This ledto the design and implementation of Domain Name

Service

(DNS) in 1984, the hierarchically distributed database that can resolve host names to IP addresses.

The main design requirement of DNS provides the following key features over the HOST file.

A hierarchical name space

Hostnames in the DNS database can be distributed between multiple servers

The database has an unlimited size.

Extensible data types

Together with supporting host name to IP addressmappings, different data types are supported as well.

No degrade in performance as more servers are added . the database is scalable.

Distribution of administration . naming can be managed individually for each partition.

From the days of Windows NT Server 4.0, DNS has been included with the operating system. DNS is the primary name

registration and resolution service in Windows 2000 and Windows Server 2003, and provides the following features and

services:

A hierarchically distributed and scalable database.

Provides name registration, name resolution and service location for Windows 2000 and Windows Server 2003

clients.

Locates domain controllers for logon.

The Differences between the NetBIOS Naming System and DNS

Before discussing the differences between the NetBIOS naming system and DNS, lets first look at the different name

types used in Windows operating systems:

Computer name: This is the name which an administrator assigns to a computer. To verify the computer name

of

a computer:

30
http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/o/operating-system-572http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108http://www.tech-faq.com/microsoft-dns/glossary-1/l/led-502http://www.tech-faq.com/microsoft-dns/glossary-1/i/ip-address-68http://www.tech-faq.com/microsoft-dns/glossary-1/o/operating-system-572http://www.tech-faq.com/microsoft-dns/glossary-1/r/resolution-108


31/97

1. Right-click My Computer, and select Properties from the shortcut menu.

2. Click the Computer Name tab to verify the computer.s name.

NetBIOS name: A unique name used to identify a NetBIOS resource on the network. The NetBIOS name is

resolved

to an IP address for communication to occur.

Host name: A host name is assigned to a computer to identify a host in a TCP/IP network. The host name can

be described as being the alias that is assigned to a node, to identify it. When the host name is used and not

the IP

address, the host name has to be resolved to an IP address for IP communication to occur. The HOSTS file is a

text file

that contains host names to IP addresses mappings. The HOSTS file is stored locally.

Fully qualified domain name (FQDN): This is the DNS name that is used to identify a computer on the

network.

FQDNs have to be unique. The FQDN usually consists of the following:

1. Host name

2. Primary DNS suffix

3. Period

DNS Name: A DNS name is name that can include a number of labels that are segregated by a dot. When a

DNS

name displays the entire path, it is known as the Fully Qualified Domain Name (FQDN).

Alias: This is name used instead of another name. The Canonical Name (CNAME) is an alias name in DNS.

Nickname: This is another name used for a host. It is usually an abbreviated version of the FQDN. A nickname

has to be unique for each node if you want to map it the FQDN.

Primary DNS suffix: Computers running in a Windows Server 2003 network are assigned primary DNS

suffixes for

name registration and name resolution purposes. The primary DNS suffix is also referred to as the primary

domain name,

or domain name.

Connection-specific DNS suffix: This is a DNS suffix which is assigned to an adapter. The

connection-specific DNS suffix is called the adapter DNS suffix.

The name differences between the NetBIOS naming system and DNS namespace are noted below:

A NetBIOS name cannot be greater than 16 characters.

With DNS, up to 255 characters can be used for names.

31
http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259http://www.tech-faq.com/microsoft-dns/glossary-1/n/node-259


32/97

The NetBIOS naming system is a flat naming system.

The namespace used by DNS is a hierarchical space, or hierarchical system. The DNS naming system is called

the

domain namespacef. If you decide to use a private domain namespace, and there is no interaction with the

Internet, it does not have to be unique.

Understanding the DNS namespace

The naming system used by DNS is a hierarchical namespace, called the DNS namespace. The DNS namespace has

a

unique root. The root can contain numerous subdomains. Each subdomain also can contain multiple subdomains. The

DNS

namespace uses a logical tree structure wherein an entity is subordinate to the entity which resides over it. Each node

in the DNS domain tree has a name, which is called a label. The label can be up to 63 characters. Nodes that are

located on the same branch within the DNS domain tree must have different names. Nodes that reside on separate

branches

in the DNS hierarchy can have the same name.

Each node in the DNS domain tree or DNS hierarchy is identified by a FQDN. This is a DNS domain name that specifies

the node.s location in relation to the DNS domain tree/hierarchy. A domain name can be defined as the list of labels

along the path from the root of the DNS domain tree/hierarchy to a particular node. The FQDN is the entire list of

labels for a specific node.

Each domain registered in DNS is connected to a DNS name server. The DNS server of a domain provides authoritative

replies to queries for that particular domain.

Internet Corporation for Assigned Names and Numbers (ICANN) manages the DNS rootof the Internet domain

namespace. ICANN manages the assignment of globally unique identifiers which are key to the operation of Internet. This

includes the following components:

Internet domain names

IP addresses

Port numbers

Protocol parameters

Below the root DNS domain are the top-level domains. These top-level domains are also managed by ICANN. The

top-level domains managed by ICANN are:

Organizational domains: Organizational domains have the following characteristics:

o Organizational domains can be used globally.

o They are named via a three-character code.

32
http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248http://www.tech-faq.com/microsoft-dns/glossary-1/r/root-240http://www.tech-faq.com/microsoft-dns/glossary-1/p/protocol-248


33/97

o The code defines the main function of the organizations of the DNS domain.

Geographical domains: Geographical domains have the following characteristics:

o Geographical domains are usually used by organizations not residing in the United States.

o They are named via a two-character country and region codes.

o The codes were established by the International Organization for Standardization (ISO) 3166.

o The codes identify a country, such as .uk for the United Kingdom

Reverse domains: These domains are used for IP address to name mappings. This is called reverse

lookups.

The additional top-level domains defined by ICANN in late 2000 are:

.aero; for the air transportation industry

.biz; for businesses

.coop; for cooperatives

.info; for information

.museum; for museums

.name; for individual names

.pro; for credentialed professions such as attorneys.

The common top-level domain names used are:

.com; commercial organizations

.edu; for educational institutes.

.gov; for government.

.int; for international organizations.

.mil; for military organizations

.net; for Internet providers, and networking organizations

.org; non-commercial organizations

.uk; United Kingdom

33
http://www.expatintelligence.com/expat-unitd-kingdom.shtmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/com-152http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554http://www.expatintelligence.com/expat-unitd-kingdom.shtmlhttp://www.tech-faq.com/microsoft-dns/glossary-1/com-152http://www.tech-faq.com/microsoft-dns/glossary-1/n/networking-554


34/97

.us; United States

.ca; Canada

.jp; Japan

Understanding DNS Components and Terminology

The components which DNS is dependant on and the terminology used when discussing and managing DNS are listed

below:

DNS server: This is a computer running the DNS Server service, or BIND; that provides domain name services.

The DNS server manages the DNS database that is located on it. The DNS server program, whether it is the DNS

Server

service or BIND; manages and maintains the DNS database located on the DNS server. The information in the

DNS database

of a DNS server pertains to a portion of the DNS domain tree structure or namespace. This information is used to

provide responses to client requests for name resolution.

When a DNS server is queried it can do one of the following:

o Respond to the request directly by providing the requested information.

o Provide a pointer (referral) to another DNS server that can assist in resolving the query

o Respond that the information is unavailable

o Respond that the information does not exist

A DNS server is authoritative for the contiguous portion of the DNS namespace over which it resides.

The following types of DNS servers exist:

o Primary DNS server: This DNS server owns the zones defined in its DNS database, and can make

changes to

these zones.

o Secondary DNS server: This DNS server obtains a read-only copy of zones via DNS zone transfers.

A secondary

DNS server cannot make any changes to the information contained in its read-only copy. A secondary

DNS server can

however resolve queries for name resolution. Secondary DNS servers are usually implemented for the

following reasons:

Provide redundancy: It is recommended to install one primary DNS server, and one

secondary DNS server for

each DNS zone (minimum requirement). Install the DNS servers on different subnets so that if

34


35/97

one DNS server fails, the

other DNS server can continue to resolve queries.

Distribution of DNS processing load: Implementing secondary DNS servers assist in

reducing the load of the

primary DNS server.

Provide fast access for clients in remote locations: Secondary DNS servers can also

assist in preventing

clients from transversing slow links for name resolution requests.

DNS zones: A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server

has

authority, or is authoritative. A zone is a portion of a namespace . it is not a domain. A domain is a branch of the

DNS namespace. A DNS zone can contain one or more contiguous domains. A DNS server can be authoritative

for multiple

DNS zones.

Zone files store resource records for the zones over which a DNS server has authority.

DNS client: This is a machine that queries the DNS server for name resolution. To issue DNS requests to the

DNS server, DNS resolvers are used.

Queries:The types of DNS queries which can be sent to a DNS server are:

o Recursive queries

o Iterative queries

DNS resolvers: These are programs that use DNS queries to request information from the DNS servers. In

Windows Server 2003, the DNS Client service performs the function of the DNS resolver. A DNS resolver can

communicate and issue name queries to remote DNS servers, or to the DNS server running locally. When a DNS

resolver

receives a response from a DNS server, the resolver caches the information locally. The local cacheis then

used if the

same information is requested.

Resource records: The DNS database contains resource records (entries) that are used to resolve name

resolution queries sent to the DNS server. Each DNS server contains the resource records it needs to respond to

name

resolution queries for the portion of the DNS namespace for which it is authoritative.

Root servers: A root server performs the following functions when a query cannot be resolved from the local

zone files:

o Returns an authoritative answer for a particular domain.

o Returns a referral to another DNS server that can provide an authoritative answer

35
http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19http://www.tech-faq.com/microsoft-dns/glossary-1/c/cache-19


36/97

How DNS Resolves Queries

A DNS client queries a DNS server to resolve a name. The query contains the following important information:

The DNS domain name in the FQDN format.

The query type

The class for the DNS domain name

A DNS client uses one ofthree query types to query a DNS server:

Iterative queries: The DNS server provides the best answer it can. This can be:

o The resolved name

o A referral to a different DNS server

Recursive queries: The DNS server has to reply with the requested information, or with an error. The DNS

server cannot provide a referral to a different DNS server.

Inverse queries: The query sent to the DNS server is to resolve the host name associated with a known IP

address. All the domains have to be queried to provide a correct answer to the query.

If a DNS server cannot find a match for a queried name in its zone information, or in its cache; the DNS server

performs recursion to resolve the name. This is the default configuration for DNS servers. Recursion is the

process whereby which the DNS server queries other DNS servers for the client. By the initial DNS server querying the

other DNS servers, recursion actually ends up making the initia

Date post:	06-Apr-2018
Category:	Documents
Upload:	samee-chougule
View:	217 times
Download:	0 times

DNS Tech - Faq

Documents