Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 218 times |
Download: | 2 times |
2
Objectives
• Describe the functions of the Domain Name System• Install DNS• Explain the function of DNS zones• Configure a caching-only server to speed hostname
resolution• Integrate Active Directory and DNS, including
Dynamic DNS• Configure and manage a DNS server• Manage DNS zones• Troubleshoot DNS
3
Functions of the Domain Name System
• Domain Name System (DNS)– Essential service for a network that uses Active
Directory
– Has the ability to store DNS information in Active Directory
– Once DNS information is stored in Active Directory, it is automatically replicated to all domain controllers
– Storing DNS data in Active Directory allows security control for Dynamic DNS
4
Functions of the Domain Name System (Continued)
– Used internally to resolve hostnames to IP addresses
– Can be integrated with the worldwide system for resolving hostnames to IP addresses
– Can be used as a repository for service information and perform reverse lookups to convert IP addresses to host names
5
Hostname Resolution
• Windows Sockets (WinSock) and NetBIOS– Two standard methods Windows applications can
use to access network resources– Name accessed through WinSock is known as a
hostname
• Steps followed to resolve hostnames– Hostname
• Server first checks if hostname being resolved is its own
• If it is, then it uses its own IP address and resolution process stops
6
Hostname Resolution (Continued)• Steps (Continued)
– Hosts file is loaded into cache• HOSTS file is used to list hostnames and IP
addresses for resolution• Contents of the HOSTS file are placed in DNS
cache– DNS cache
• Contents are evaluated• If hostname being resolved is in DNS cache,
then IP address in the cache is used– DNS
• If required hostname is not the hostname of this server and has not been found in DNS cache, then Windows Server 2003 submits a request to a DNS server for resolution
7
HOSTS File
• Simple text file that stores hostname information• Must be located in C:\WINDOWS\system32\
drivers\etc• Contents are a list of IP addresses and
hostnames
9
Forward Lookup
• Resolves hostnames to IP addresses• Two-packet process
– First packet is request from DNS client to DNS server containing hostname to be resolved
– Second packet is response from server containing the IP address of requested hostname
10
Forward Lookup (Continued)
• Root servers– 13 root servers that control overall DNS lookup
process
– ICANN DNS Root Server System Advisory Committee is main body responsible for maintenance
– If servers become unavailable, much of the Internet
would be inaccessible • Recursive lookup
– DNS query that is resolved through other DNS servers until requested information is located
12
Registering a Domain
• Top-level domain names – Organized by either country or category
– Category names defined by the Internet Corporation for Assigned Names and Numbers (ICANN)
– To merge with worldwide DNS lookup system you must register your domain name with a registrar
• Registrars– Have ability to put domain information into top-
level domain DNS servers
14
Reverse Lookup
• Resolves IP addresses to hostnames• Often performed for the system logs of Internet
services• Web server can be configured to perform
reverse lookup of all clients accessing a Web site
• Reverse lookup DNS information maintained by ISP
15
DNS Record Types
• Created on a DNS server to resolve queries• Each type of record holds different information about
– A service– Hostname– IP address – Domain
• DNS has ability to hold many different record types
17
Domain Name System (DNS) and Berkeley Internet Name Domain (BIND)
• BIND– The de facto standard for DNS implementation on
UNIX and Linux systems
– Other implementations of DNS reference BIND version numbers for feature compatibility
19
Installing DNS
• Windows Server 2003 has the ability to act as a DNS server
• Small organizations– During installation of Active Directory, if no DNS
server has been configured for the domain, DCPROMO asks whether it should install DNS
• Large organizations– DNS is often installed on multiple servers
20
DNS Zones
• The part of a DNS namespace for which a DNS server is responsible
• Forward lookup zone– A zone that holds records for forward lookups
• Reverse lookup zone – A zone that holds records for reverse lookups
21
Primary and Secondary Zones
• Used to automatically synchronize DNS information between DNS servers
• Primary zone– First to be created– DNS records created here
• Secondary zone– Takes copies of primary zone information– Cannot be copied
22
Primary and Secondary Zones (Continued)• For fault tolerance and to reduce network traffic
– Keep copies of DNS domain information on more than one server
– Servers must automatically synchronize information between them
• Zone Transfer – Moving information from primary zone to secondary
zone
• Incremental Zone Transfer – Copies information that has changed from the
primary zone
23
Active Directory Integrated Zone
• Stores information in Active Directory rather than in a file on the local hard drive
• Advantages of Storing DNS information in Active Directory– Automatic backup of zone information
– Multimaster replication
– Increased security
24
DNS Zone Storage in Active Directory
• Two areas DNS zones can be stored in Active Directory– Domain directory partition
• Holds information about objects specific to a particular Active Directory domain
• Replicated to all domain controllers in an Active Directory domain
• Cannot be replicated to domain controllers in other Active Directory domains
25
DNS Zone Storage in Active Directory (Continued)
– Application directory partition• Allows information to be stored in Active Directory
but be replicated only among a defined set of domain controllers
• Domain must be in the same Active Directory forest but can be in different Active Directory domains
28
Merging Active Directory Integrated Zones with Traditional DNS
• Active Directory integrated zones– Interact with traditional zones by acting as a
primary zone to traditional secondary zones• Situations where a DNS server cannot participate
in an Active Directory integrated zone– DNS server is pre-Windows 2000– DNS server is Windows 2000 and Active Directory
integrated zone is stored in an application directory partition
– DNS server is a non-Windows server– DNS server is a member server, but not a domain
controller– DNS server is in a different forest
29
Stub Zones
• A DNS zone that holds only NS records for a domain
• NS records – Define the name servers that are responsible for
a domain
31
Caching-only Server
• Does not have zones configured on it• Exists only to be a local DNS server for client
computers• On very slow WAN links
– Caching-only servers may create less network traffic than storing Active Directory integrated zones or secondary zones locally
• To create a caching-only server– Install the DNS Service and do not create any
zones
32
Active Directory and DNS
• Active Directory requires DNS to function properly
• Most important function DNS performs for Active Directory is locating services
33
Active Directory and DNS (Continued)
• Dynamic DNS– Used to simplify management of DNS records for
Active Directory
– System in which records can be updated on a DNS server automatically
– Defined by RFC 2136
– Service records for domain controllers are placed in DNS zone using Dynamic DNS
– Windows 2000/XP clients perform their own Dynamic DNS updates
35
Configuring a Zone for Dynamic DNS
• Can be done during creation process or by modifying properties of the zone after configuration
• “Allow only secure dynamic updates” option– Available only if the zone is Active Directory
integrated• “Allow only dynamic updates” option
– If selected, then any client can update records• Do not allow dynamic updates option
– Stops this zone from accepting dynamic updates
38
Managing DNS Servers
• Aging and Scavenging– New feature of DNS in Windows Server 2003
– Allows DNS records created by Dynamic DNS to be removed after a certain period of time if they have not been updated
– Must be enabled on the Advanced tab of the DNS server properties
39
Managing DNS Servers (Continued)
• Update Server Data Files– Option is available when you right-click on the
server
• Clear Cache– DNS server automatically caches all lookups that
it performs
– Must clear cache to force a DNS server to perform a new lookup before the record times out
40
Managing DNS Servers (Continued)
• Configure Bindings– You can configure DNS to only respond on certain
IP addresses that are bound to server
• Forwarding– Allows you to configure local DNS server to
forward queries from clients to another DNS server
42
Root Hints
• Servers used to perform recursive lookups• Root Hints tab
– Automatically populated with names and IP addresses of DNS root servers on the Internet
• Possible to configure one of your internal DNS servers to act as a root server– Create a forward lookup zone named “.”
– DNS server with zone named “.” is considered a root server
45
Logging
• Event logging– Records errors, warnings, and information to
event log• Debug logging
– Records packet-by-packet information about queries the DNS server is receiving
– Can reduce information recorded by specifying• Packet direction• Transport protocol• Packet contents• Packet type
47
Advanced Options
• Configurable options on Advanced tab of server properties– Disable recursion (also disables forwarders)
– BIND secondaries
– Fail on load if bad zone data
– Enable round robin
– Enable netmask ordering
– Secure cache against pollution
49
Managing Zones
• Options that can be configured for a zone– Reload zone information
– Create a new delegation
– Change the type of zone and replication
– Configure aging and scavenging
– Modify the Start of Authority (SOA) record
– Name servers
– Enable WINS resolution
– Enable zone transfers
– Configure security
50
Troubleshooting DNS• Most DNS problems are a result of incorrectly
configured DNS records• Iterative query
– DNS server looks only in the zones for which it is responsible
• NSLOOKUP– Queries DNS records
– Allows you to confirm that each DNS server is configured with the correct information
– Can be used from a command prompt to resolve hostnames
– Most powerful in interactive mode
52
Summary
• Hostname resolution– Check if hostname being resolved matches
hostname of local computer– Load HOSTS file into DNS cache– Check DNS cache for third step– DNS is used if required
• Forward lookup– Resolves hostnames to IP addresses
• Reverse lookup– Resolves IP address to hostname
53
Summary (Continued)• Recursive lookup
– Performed when local DNS server queries root servers on the Internet on behalf of a DNS client Common DNS record types
– A, MX, CNAME, NS– SOA, SRV,AAAA, and PTR
• DNS zones– Hold records for a portion of DNS namespace– Primary and secondary zones stored in a zone file– Active Directory integrated zones stored in Active
Directory– Stub zone contains name server records
54
Summary (Continued)
• Caching-only server– Reduces network traffic generated by DNS
queries Dynamic DNS– Allows records to be automatically updated on a
DNS server• Aging and scavenging
– Remove outdated records created by Dynamic DNS
• Root hints– Used for recursive lookups