Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | sivasankar015 |
View: | 221 times |
Download: | 0 times |
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 1/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Processes:Name Query
ADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 2/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Recursive and Iterative Queries
Name Caching
Forwarders
Root Hints
Delegation and Glue Records
Name Query Behavior Name Query Behavior
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 3/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Client querying for:Mail1.Contoso.Com
Recursive Query to itsConfigured DNS Server 1. Client sends recursive query
to local DNS Server
2. Local DNS Server checks: Forward lookup zone Cache
3. If found, the DNS Server returns answer to Client
4. If not found, the DNS Server uses Forwarder address or Root Hints.
Recursive QueryRecursive Query
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 4/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
If configured to useRoot Hints,Local DNS makes IterativeQueries:
1. Local DNS Server sends
iterative query to Root server to obtain authoritative NS
2. Root server responds with aReferral to a DNS Server
closer to the submitteddomain name
NonNon--Recursive (Iterative) QueryRecursive (Iterative) Query
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 5/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
1. Local DNS server then makes iterative query to thatserver.
2. Process continues until Local DNS receives AuthoritativeResponse
3. Response is then sent to the DNS client
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 6/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Possible Response to an Iterative Query
References a DNS Server ³closer´ to name in query
Usually one level below server being queried
ReferralReferral
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 7/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
The DNS Server caches Host Name and IP Address of: Host Names resolved via iterative queries to other DNS
Servers
Name Servers that it learns are authoritative for unknown
domains
DNS Server uses its cached data in conjunction with itszone data to resolve subsequent queries: If specific Host/IP Mapping are in cache Server returns
that data to querying host
Will used cached Name Server data when trying toresolve subsequent queries to unknown domains
DNS Server CachingDNS Server Caching
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 8/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Length of time entries stay in cache (TTL) is set byresponding server
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 9/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
If DNS Server learns that Host Name is invalid or doesnot exist from an authoritative server, it caches thatinformation
On subsequent queries it can then respond to clientwithout attempting to contact the remote Server
Helps to reduce overall traffic between servers.
Negative CachingNegative Caching
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 10/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Client (Resolver) also caches resolved Host Name/IPMapping data
Client checks local cache before contacting DNS Server
Local HOSTS file, if it exists, is pre-loaded into cache atstartup
Clients also perform Negative Caching
Entries remain in cache for duration specific by TTL
ClientClient--side (Resolver) Cachingside (Resolver) Caching
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 11/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
If DNS Server cannot resolve name using local or cacheddata, it must communicate with other name servers toresolve request, often across Internet or WAN
Forwarders are DNS Servers configured to handle queriesthat cannot be resolved using local data, and for whichqueries across the Internet or WAN are necessary
Reduces workload on local DNS Servers, tasks specificmachines with remote query functions
ForwardersForwarders
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 12/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Servers may be configured with address of one or more Forwarders
DNS Servers use Forwarders in one of two modes
Non-exclusive mode DNS Server passes queries that cannot be resolved with local
data to specified Forwarder
If Forwarder cannot resolve request, local DNS Server attempts resolution via normal process of iterative queries viaRoot Hints.
Forwarder Behavior Forwarder Behavior
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 13/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Exclusive Mode
Same as above, except local Server does not attemptresolution via Root Hints if Forwarder cannot resolverequest.
Windows 2003 DNS Servers can be set Exclusive via ³Donot use recursion´ option in Server properties.
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 14/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Used to resolve names for which server is notauthoritative : Root Hints direct queries from name servers to Root
of namespace
Configuration Cache.dns
Edit Root Hints in the Properties of the DNS Server
Root HintsRoot Hints
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 15/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Servers configured to only ³query and cache´
Not authoritative for any domain
No zone files ± only cached data
Windows 2003 DNS Servers function as Caching Onlyservers at initial install if no zones are configured Uses Root Hints to carry out query process
Caching Only DNS Server Caching Only DNS Server
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 16/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Delegation of Subdomains to aSeparate Zone
Requires NS and ARecords in Parent
Zone
Lists AuthoritativeName Server for theDelegated Zone
Delegation and Glue RecordsDelegation and Glue Records
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 17/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Delegation NS Record in Parent Zone
Necessary for Name Resolution
Glue Record
A Record in Parent Zone
Needed when NS is a member of the delegated domain
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 18/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Recursive and Iterative Queries
Name Caching
Forwarders
Root Hints
Delegation and Glue Records
SummarySummary
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 19/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Processes:Server-Side Processes
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 20/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNSDNSProcessesProcesses
Server Server--sideside ProcessesProcesses
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 21/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Name Server Types
Zone Transfer Process
Active Directory Integration of DNS Zones
Round Robin
Subnet Prioritization
Discussion TopicsDiscussion Topics
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 22/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Servers can be configured with several zone typesor none at all:
Normal Operation Standard Primary Standard Secondary AD Integrated
Caching Only (No Zones)
Numerous options for optimal configuration based onnetwork topology, size of namespace, etc.
Name Server FunctionsName Server Functions
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 23/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Standard Primary Zone Authoritative server for its zone (or zones)
Hosts master (writeable) copy of zone file(s)
Changes to Zone Data are carried out on this server¶slocal zone files
In Win2k, supports dynamic update of zone files
Standard Secondary Zone
Receives its Zone Data and updates from authoritativeMaster Name server in its zone via Zone Transfer
process
Zone TypesZone Types
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 24/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Master Server Server from which a Secondary Name Server
receives its zone data and updates NOTE: A Secondary can function as Master to
another Secondary
Active Directory Integrated Zone
Zone Data is stored in Active Directory database
Only on Windows 2003 Domain Controllers
Multiple writable / master copies of zone
Caching-only Servers
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 25/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Transfer of Records to a Secondary Name Server in aZone
Pulled from a Master Server Master can be the Primary Name Server or another Secondary
Server Notification Based
Two Types: Full Zone Transfer
Windows 2003, Windows NT ® operating system 4.0
Incremental Zone Transfer Windows 2003
Zone TypesZone Types
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 26/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Notification of Change
Master Notifies Secondary
Notify List
Notification Process: Serial Number field in the SOA RR is updated
Master sends a Notify message to servers on the Notify List
Secondary servers initiate the Zone transfer process
DNS NotifyDNS Notify
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 27/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Transfer of the Entire Zone Database: Secondary waits ± Refresh
Secondary polls the master server for its SOA RR
Secondary compares master SOA serial number to itsown
If the number from the master is higher ± The zonedatabase on the secondary is out of date
Full Transfer (AXFR) query is sent to the master
Master responds with the full zone database
Full Zone Transfer Full Zone Transfer
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 28/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
If the master does not respond at step 2: The Retry field specifies how often the secondary retries the
process
If no answer after the interval in the Expire field The secondary server discards the zone
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 29/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Based on Zone Version History Maintained by Master
Increases Disk Space Needs on the Server
Same Process as Full Transfer until the Transfer query Secondary sends an Incremental Transfer (IXFR) instead of
AXFR query
Master sends only changes unknown to the secondary
Incremental Transfer Incremental Transfer
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 30/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
AD Integrated Zone Stored as AD Objects
Replicated as part of normal AD Replication
Multi-master Replication model
Benefits: Fault Tolerance
Security Simplified Management
More Efficient Replication of Large Zones
Active Directory Integrated ZonesActive Directory Integrated Zones
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 31/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
DNS Transfers Full Zone Transfers send the Entire Database
Incremental Zone Transfers send Each Change
Per-Property Processing Only Relevant Changes Propagated
Every DNS Server running on a DC is Authoritative SOA Records
MultiMulti--master Replicationmaster Replication
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 32/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Near Simultaneous Changes to the Same Object onDifferent DCs Results in inconsistent information between DCs
Replication Collision Change happens on Second DC before first change is
replicated
Resolution: AD disambiguates the names
Compares the version number of the changes If the versions are the same Timestamps are compared
Latest change is kept
Name Collisions (Active Directory Integrated)Name Collisions (Active Directory Integrated)
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 33/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Multiple Resource Records for one name (same name, differentIP Addresses)
Server rotates order of A recordswhen responding
Example with three A records:
1. First client queries toresolvewww.newcorp.com andreceives 172.16.64.11first in the reply
2. Second client receives172.17.64.22 first inresponse to the queryon same name
Round RobinRound Robin
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 34/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
1. Third client receives the address 172.18.64.33
2. The next client would receive the first address in order as theserver restarts the rotation
Enabled by ³Advanced Properties of the DNS Server´setting in the DNS MMC
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 35/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Response is reordered based on thesubnet of the client and resourcerecord (RR)
The host Srv1.newcorp.com hasthree host IP addresses registeredin DNS zone data
DNS Client queries the DNS Server to resolve Srv1.newcorp.com
The DNS Server notes theoriginating IP of the client, andreorders the response to provideaddress matching client¶s ownnetwork
List is not prioritized if no localnetwork match is found
Round Robin with Subnet PrioritizationRound Robin with Subnet Prioritization
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory
http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 36/36
ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center
Name Server Types
Zone Transfer Process
Active Directory Integration of DNS Zones
Round Robin
Subnet Prioritization
SummarySummary