Managing DNS

Managing Domain Name System (DNS)

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

1


2

Objectives

• Describe and install Active Directory Domain Services

• Manage your Domain Name System (DNS) environment

• Troubleshoot your DNS environment• Manage Windows Internet Name Service• Describe the new features of DNS in Windows

Server 2008

3

Introduction to Active Directory Domain Services

• Active Directory (AD) clients – Use DNS to locate all the resources available on the

network• DNS servers you can run in an AD DS environment

– Standard DNS servers– AD DS–integrated DNS servers


4MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

Using AD DS

• AD DS – Microsoft’s implementation of a directory services

infrastructure– Stores attributes, or specific information, for objects

within a network


Using AD DS (continued)

• Activity 6-2: Installing the AD DS Role on MSN-SRV-0XX

• Time Required: 10 minutes• Objective: Install the AD DS server role



• Activity 6-3: Promoting MSN-SRV-0XX to a DC• Time Required: 40 minutes• Objective: Build the first DC in a domain



• Activity 6-4: Reviewing the New DNS Zone Additions

• Time Required: 10 minutes• Objective: Review new zones and records created

by the AD DS installation process




• Domain controller locator– Runs at logon to provide client with location of a DC

that can authenticate its requests• AD domain names

– Every AD domain in Windows Server 2008 has a naming convention based on a DNS domain name

• DNS requirements for AD– When a DC is added to a domain, SRV and A

records are created to allow clients to find a DC during logon



AD-Integrated DNS

• Benefits of AD DNS– Faster and more efficient replication– Database security– Multimaster support for updates and replication

• Administrators can choose one of the following zone replication options for AD DS DNS zones– To all DNS servers in this forest– To all DNS servers in this domain– To all domain controllers in this domain (for Windows

2000 compatibility)


AD-Integrated DNS (continued)

• Activity 6-5: Changing the Zone Replication Settings for bentech.local

• Time Required: 10 minutes• Objective: Change replication options for AD DS–

integrated zone


DNS Zone Layout

• AD DS site structure– AD DS sites are designed to limit the replication

traffic across wide area network (WAN) links• Distribution of an IT department

– How your network is administered helps determine the layout for your DNS zones and servers

• Forwarding– Types: standard and conditional


DNS Zone Layout (continued)

• Activity 6-6: Delegating a DNS Zone to MSN-SC-0XX

• Time Required: 20 minutes• Objective: Delegate control of a DNS zone for a

subdomain to another server



Dynamic DNS

• Allows supported DNS clients to dynamically update their DNS records on a DNS server

• Allows DNS clients to update their A, AAAA, and PTR records

• Deletes records of clients removed from the domain or whose DHCP leases expire

• Scavenging – Process within a DNS database that uses time

stamps to determine when records can update themselves



Dynamic DNS (continued)

• DHCP configuration– By default, DHCP is configured to provide dynamic

updates to clients that support this feature• DNS configuration

– Dynamic updates are configured at the DNS zone level

• Secure and nonsecure updates– Secure: Performed only by an authenticated client– Nonsecure: Performed by any client



• How clients use DNS in an Active Directory environment– Failure to point your client to internal DNS servers

can cause problems• DNS Client Group Policy settings

– For environments that do not use DHCP or have statically assigned IP addresses, this is a good option for defining DNS suffixes and search orders




• Activity 6-7: Changing Group Policy Settings• Time Required: 20 minutes• Objective: Modify Group Policy settings


Managing DNS

• DNS console– Main GUI tool used for configuring DNS– Provides access to all DNS zones available on a

server, along with configuration settings for the DNS role

• DNS Manager– Allows you to add DNS servers


Configuration Settings in the DNS Console

• DNS server level– Configuration and maintenance tasks you can

perform• Configure a DNS server• Create the default application (Directory Partitions)• Create a zone• Set aging/scavenging for all zones• Scavenge stale resource records


Configuration Settings in the DNS Console (continued)

• Activity 6-8: Configuring DNS at the Server Level• Time Required: 15 minutes• Objective: Setting server-level properties



• DNS zone level– Level where all DNS zones exist

• DNS record level– Modifying and deleting records– Defining security settings on a DNS record– Managing scavenging settings for a record– Setting record Time to Live



• Activity 6-10: Modifying a DNS Record• Time Required: 5 minutes• Objective: Modify properties of a DNS record


Round-Robin DNS

• Allows an administrator to configure load balancing of servers based on DNS name resolution information

• DNScmd – Can be used to disable or enable round-robin DNS

along with other DNS features


Round-Robin DNS (continued)

• Activity 6-11: Setting Up Round-Robin DNS and Creating Records

• Time Required: 15 minutes• Objective: Setting up DNS records for load

balancing using round-robin DNS


Conditional Forwarding

• Forwarding based on a specific domain name• Created in their own location under your server in

the DNS console


Conditional Forwarding (continued)

• Activity 6-12: Creating a Conditional Forwarder for badgerironman.com

• Time Required: 15 minutes• Objective: Create a conditional forwarder in the

DNS console



• DNScmd– Command-line tool for performing configuration and

maintenance tasks on a DNS server– Can be used to:

• Create and delete DNS zones• Add and delete• View information about DNS zones and records• Change the zone type



• Activity 6-13: Performing Management Tasks with DNScmd

• Time Required: 15 minutes• Objective: Managing DNS zones with DNScmd


Troubleshooting DNS

• DNS server logs– Global Logs folder: contains a subset of the event

logs relating specifically to DNS called DNS Events– General Tab: DNS Events log file is set to a default

size of 16,384 KB– Filter Tab: allows you to modify the view of the DNS

Server log for better analysis of events


Troubleshooting DNS (continued)

• Activity 6-14: Modifying the DNS Server Log Size and Retention Value

• Time Required: 10 minutes• Objective: Modify the DNS Server log settings for

your environment


Troubleshooting DNS (continued)

• Activity 6-15: Modifying the DNS Server Log View• Time Required: 10 minutes• Objective: Modify the DNS Server log view to find

the root cause of a network issue


Command-Line Utilities

• Ping– You can ping a server by host name or FQDN

• Ipconfig– Commands and switches: ipconfig /all, ipconfig

/flushdns, ipconfig /displaydns, ipconfig /registerdns• DCDiag

– Allows you to perform diagnostic queries of your DCs

• Nslookup– Allows you to perform detailed queries for DNS

information from the command line


Command-Line Utilities (continued)

• Nslookup– Noninteractive - allows you to perform a single query

from the command line by entering all of the query parameters at once

– Interactive - allows you to launch nslookup in a command-line shell where you can define parameters one by one

– Used with debug parameter; provides more detailed information





• Activity 6-16: Using Nslookup in Interactive Mode• Time Required: 15 minutes• Objective: Perform DNS queries with nslookup




• Debug log– Windows Server 2008 allows you to turn on debug

logging for a DNS server– Allows you to capture packet data related to the DNS

server functionality



WINS

• Microsoft’s technology for resolving NetBIOS names to IP addresses

• Based on two important pieces– The Server service and the Client service

• WINS server service– Responsible for maintaining the WINS database and

responding to WINS requests• The WINS client service

– Responsible for initiating WINS queries, client registration, and name renewal


WINS (continued)

• Activity 6-17: Installing WINS• Time Required: 15 minutes• Objective: Install a WINS server on your network


WINS (continued)

• Activity 6-18: Editing the LMHOSTS File• Time Required: 15 minutes• Objective: Edit a user’s LMHOSTS file


WINS (continued)

• Global name zones (GNZs)– Provide single name–to–IP address resolution by

creating CNAME records in a special GNZ– If a GNZ is created, a DNS server looks to the GNZ

first and then to WINS


WINS (continued)

• Activity 6-19: Creating the GNZ• Time Required: 15 minutes• Objective: Create the GNZ and associated alias

records.


New DNS Features

• DNS on Server Core– You can deploy a single or multirole server running

DNS and other services • Support for IPv6

– Windows Server 2008 DNS supports the IPv6 address numbering scheme along with the AAAA resource records

• Primary Read-Only Zone– Read-only domain controllers (RODCs): contain a

copy of the AD DS database and can answer client requests


New DNS Features (continued)

• Activity 6-20: Creating an RODC• Time Required: 20 minutes• Objective: Create an RODC



• Link-local multicast name resolution– Clients exchange simple messages to verify that

they have a unique name on the local subnet• DNS client changes

– Clients periodically perform a check to ensure that they are authenticating with a local DC

– Clients use LLMNR to resolve names on a local network segment when a DNS server is not available



• Background zone loading– Allows DNS server to handle client requests

immediately instead of waiting until the entire DNS zone is loaded

• GNZ– Allows you to host computer name–to–IP address

resolution records in their Windows Server 2008 DNS zone


54

Summary

• In an AD DS environment, you can run two types of DNS servers– Standard DNS servers and AD DS DNS–integrated

servers• AD DS

– Uses DCs to store all the AD objects and information about an environment

– Uses a database structure to maintain its objects• AD

– Requires DNS for locating DCs, or the DC locator function


55

Summary (continued)

• Windows Server 2008 DNS implementations support two types of forwarding– Standard and conditional

• Dynamic DNS – Allows supported DNS clients to dynamically update

their DNS records on a DNS server• DNS console

– Main GUI tool used for managing DNS


Summary (continued)

• You can configure DNS at the DNS server, zone, or record level

• During forwarding– DNS server sends queries made for DNS zones that

do not match its own zone and cache information to another internal or external DNS server

• Troubleshoot DNS when – Your clients are having difficulties connecting to

applications or resources


Date post:	16-Mar-2016
Category:	Documents
Upload:	eric-macewen
View:	233 times
Download:	6 times

Managing DNS

Documents