8/14/2019 Module 2: Configuring and Troubleshooting DNS
1/47
8/14/2019 Module 2: Configuring and Troubleshooting DNS
2/47
Module Overview
Installing the DNS Server Role
Configuring the DNS Server Role
Configuring DNS Zones
Configuring DNS Zone Transfers
Managing and Troubleshooting DNS
8/14/2019 Module 2: Configuring and Troubleshooting DNS
3/47
Lesson 1: Installing the DNS Server Role
Overview of the Domain Name System Role
Overview of the DNS Namespace
DNS Improvements for Windows Server 2008
Demonstration: Installing the DNS Server Role
Considerations for Deploying the DNS Server Role
8/14/2019 Module 2: Configuring and Troubleshooting DNS
4/47
Overview of the Domain Name System Role
Domain Name System is a hierarchical distributed database
Domain Name System is a hierarchical distributed database
DNS is the foundation of the Internet naming scheme
DNS supports accessing resources by usingalphanumeric names
InterNIC is responsible for managing thedomain namespace
DNS was created to support the Internets growingnumber of hosts
8/14/2019 Module 2: Configuring and Troubleshooting DNS
5/47
Overview of the DNS Namespace
Root DomainRoot Domain
SubdomainSubdomain
Second-LevelSecond-Level
DomainDomain
Top-Level DomainTop-Level Domain
FQDN:SERVER1.sales.south.nwtraders.com
south
south
nwtraders
nwtraders
com
com
sales
sales
west
west east
east
org
orgnet
net
Host: SERVER1
8/14/2019 Module 2: Configuring and Troubleshooting DNS
6/47
Notes Page Over-flow Slide. Do Not Print Slide.See Notes pane.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
7/47
DNS Improvements for Windows Server 2008
New or enhanced features in the Windows Server 2008 version ofDNS include:
Background zone loading
IP version 6 support
Support for read-only domain controllers
Global single names
8/14/2019 Module 2: Configuring and Troubleshooting DNS
8/47
Demonstration: Installing the DNS Server Role
In this demonstration, you will see how to install the DNS
Server role
8/14/2019 Module 2: Configuring and Troubleshooting DNS
9/47
Considerations for Deploying theDNS Server Role
The user account must be a member of the localadministrators group or equivalent
Manually configuring the server to use a static IP addressis recommended
Manually editing the server and boot files is notrecommended
Use the DNS console or dnscmd
Active Directory-integrated DNS zones cannot beadministered using a text editor
8/14/2019 Module 2: Configuring and Troubleshooting DNS
10/47
Lesson 2: Configuring the DNS Server Role
What Are the Components of a DNS Solution?
DNS Resource Records
What Are Root Hints?
What Is a DNS Query?
What Are Recursive Queries?
What Are Iterative Queries?
What Is a Forwarder?
What Is Conditional Forwarding?
How DNS Server Caching Works
Demonstration: Configuring the DNS Server Role
8/14/2019 Module 2: Configuring and Troubleshooting DNS
11/47
What Are the Components of a DNS Solution?
DNS Servers on the InternetDNS ServersDNS Clients
Root .
.com
.eduResourceRecord
ResourceRecord
8/14/2019 Module 2: Configuring and Troubleshooting DNS
12/47
DNS resource records include:
SOA: Start of Authority
A: Host Record
CNAME: Alias Record
MX: Mail Exchange Record
SRV: Service Resources
NS: Name Servers
AAAA: IPv6 DNS Record
DNS Resource RecordsDNS Resource Records
8/14/2019 Module 2: Configuring and Troubleshooting DNS
13/47
What Are Root Hints?
Root hints contain the IP addresses for DNS root serversRoot hints contain the IP addresses for DNS root servers
microsoft
DNS Servers
DNS Server
Root (.) Servers
com
Client
Root Hints
8/14/2019 Module 2: Configuring and Troubleshooting DNS
14/47
What Is a DNS Query?
Queries are recursive or iterative
DNS clients and DNS servers both initiate queries
DNS servers are authoritative or nonauthoritative fora namespace
An authoritative DNS server for the namespace will either:
Return the requested IP address
Return an authoritative No
A nonauthoritative DNS server for the namespace will either:
Check its cache
Use forwarders
Use root hints
A queryis a request for name resolution and is directed to aDNS server
A queryis a request for name resolution and is directed to aDNS server
8/14/2019 Module 2: Configuring and Troubleshooting DNS
15/47
What Are Recursive Queries?
DNS Client
mail1.contoso.msft
172.16.64.11
A recursive queryis sent to a DNS server and requires acomplete answerA recursive queryis sent to a DNS server and requires acomplete answer
Database
Local DNS Server
8/14/2019 Module 2: Configuring and Troubleshooting DNS
16/47
What Are Iterative Queries?
An iterative query directed to a DNS server may be
answered with a referral to another DNS server
An iterative query directed to a DNS server may be
answered with a referral to another DNS server
Client Server
Local DNS ServerRoot Hint (.)
.com
Recursiv
eQuery
mail1
.nwtr
aders
.com
172
.16
.64
.11
Iterative Query
IterativeQuery
IterativeQuery
Ask .com
Asknwtraders.com
AuthoritativeResponse
Nwtraders.com
8/14/2019 Module 2: Configuring and Troubleshooting DNS
17/47
What Is a Forwarder?
A forwarderis a DNS server designated to resolve
external or offsite DNS domain names
A forwarderis a DNS server designated to resolve
external or offsite DNS domain names
Nwtraders.com
Root Hint (.)
.com
Iterative Query
IterativeQuery
IterativeQuery
Ask .com
Asknwtraders.com
AuthoritativeResponse
Forwarder
RecursiveQueryformail1.nwtraders.com
172.16.64.11
172
.16
.64
.11
Recu
rsiv
eQu
ery
Local DNS Server Client Server
8/14/2019 Module 2: Configuring and Troubleshooting DNS
18/47
ISP DNS
All other DNS domains
Local DNS
Contoso.msft DNS
contoso.msft
Qu
eryfo
r
www
.conto
so.msft
Conditional forwarding forwards requests using a domain
name condition
Conditional forwarding forwards requests using a domain
name condition
Client Computer
What Is Conditional Forwarding?
8/14/2019 Module 2: Configuring and Troubleshooting DNS
19/47
WheresServerA?
ServerA is at192.168.8.44
WheresServerA?
ServerA is at192.168.8.44
How DNS Server Caching Works
Client1
Client2
ServerA
DNS server cacheHost name IP address TTL
ServerA.contoso.msft 192.168.8.44 28 seconds
8/14/2019 Module 2: Configuring and Troubleshooting DNS
20/47
Demonstration: Configuring the DNS Server Role
In this demonstration, you will see how to:
Update root hints on a DNS server
Configure a DNS server to use a forwarder
Clear the DNS server cache by using the DNS console
Clear the DNS server cache by using the DNSCmdcommand
8/14/2019 Module 2: Configuring and Troubleshooting DNS
21/47
Lesson 3: Configuring DNS Zones
What Is a DNS Zone?
What Are the DNS Zone Types?
What Are Forward and Reverse Lookup Zones?
What are Stub Zones?
Demonstration: Creating Forward and Reverse LookupZones
DNS Zone Delegation
8/14/2019 Module 2: Configuring and Troubleshooting DNS
22/47
What Is a DNS Zone?
....
.com.com.com.com
microsoft.com zone
microsoft.comdomain
Internet
example.microsoft.comzone
DNS root domain
Zone database
Zone database
example.microsoft.com
www.example.microsoft.com
ftp.example.microsoft.com
Dele
gate
d
microsoft.com
www.microsoft.com
ftp.microsoft.com
example.microsoft.com
WWW
FTP
WWW.exampleFTP.example
8/14/2019 Module 2: Configuring and Troubleshooting DNS
23/47
What Are the DNS Zone Types?
Zones Description
Primary Read/write copy of a DNS database
Secondary Read-only copy of a DNS database
Stub Copy of a zone that contains onlyrecords used to locate name servers
Active Directoryintegrated
Zone data is stored in Active Directoryrather than in zone files
8/14/2019 Module 2: Configuring and Troubleshooting DNS
24/47
DNS Client2
DNS Client3
What Are Forward and Reverse Lookup Zones?
Namespace: training.nwtraders.msft
DNS Client1
DNS Server Authorizedfor training
Forward
zone
Training DNS Client1 192.168.2.45
DNS Client2 192.168.2.46
DNS Client3 192.168.2.47
Reversezone
1.168.192.in-
addr.arpa
192.168.2.45 DNS Client1
192.168.2.46 DNS Client2
192.168.2.47 DNS Client3
DNS Client2 = ?
192.168.2.46 = ?
8/14/2019 Module 2: Configuring and Troubleshooting DNS
25/47
With a stub zone defined, the location of the na.fabrikam.com zone
is known without querying multiple DNS servers
With a stub zone defined, the location of the na.fabrikam.com zone
is known without querying multiple DNS servers
Contoso.com(Root
domain)
na.contoso.com
sa.contoso.com
ny.na.contoso.com
rio.sa.contoso.com
DNS server
DNS server
DNS server
DNS server
DNS server
fabrikam.com
DNS server
DNS server
na.fabrikam.com
Stubzone:na.fabrikam.com
Stubzone:rio.sa.contoso.com
Without stub zones, the ny.na.contoso.com server must queryseveral servers to find the server that hosts the na.fabrikam.com
zone
Without stub zones, the ny.na.contoso.com server must queryseveral servers to find the server that hosts the na.fabrikam.com
zone
Contoso.com(Root
domain)
na.contoso.com
sa.contoso.com
ny.na.contoso.com
rio.sa.contoso.com
DNS server
DNS server
DNS server
DNS server
DNS server
fabrikam.com
DNS server
DNS server
na.fabrikam.com
What Are Stub Zones?
Demonstration: Creating Forward and Reverse
8/14/2019 Module 2: Configuring and Troubleshooting DNS
26/47
Demonstration: Creating Forward and ReverseLookup Zones
In this demonstration, you will see how to:
Create a forward lookup zone
Create a reverse lookup zone
8/14/2019 Module 2: Configuring and Troubleshooting DNS
27/47
DNS Zone Delegation
Training.contoso.msft Sales.contoso.msft
Contoso.msft
8/14/2019 Module 2: Configuring and Troubleshooting DNS
28/47
Lesson 4: Configuring DNS Zone Transfers
What Is a DNS Zone Transfer?
How DNS Notify Works
Securing Zone Transfers
Demonstration: Configuring DNS Zone Transfers
8/14/2019 Module 2: Configuring and Troubleshooting DNS
29/47
What Is a DNS Zone Transfer?
A DNS zone transferis the synchronization ofauthoritative DNS zone data between DNS servers
A DNS zone transferis the synchronization ofauthoritative DNS zone data between DNS servers
SOA query for a zone
SOA query answered
IXFR or AXFR query for a zone
IXFR or AXFR query answered
(zone transferred)
1
2
3
4
Secondary server Primary andMaster server
8/14/2019 Module 2: Configuring and Troubleshooting DNS
30/47
How DNS Notify Works
Secondary Server Primary andMaster Server
DNS notify
Zone transfer
A DNS notifyis an update to the original DNS protocolspecification that permits notification to secondaryservers when zone changes occurA DNS notifyis an update to the original DNS protocolspecification that permits notification to secondaryservers when zone changes occur
Source ServerDestination Server
1
2
3
4
Resource record isupdated
SOA serial number isupdated
8/14/2019 Module 2: Configuring and Troubleshooting DNS
31/47
Securing Zone Transfers
Primary Zone Secondary Zone
Encrypt zone transfer traffic
Consider using Active Directory-integrated zones
Restrict zone transfer to specified servers
8/14/2019 Module 2: Configuring and Troubleshooting DNS
32/47
Demonstration: Configuring DNS Zone Transfers
In this demonstration, you will see how to:
Configure DNS zone transfers
Configure a secondary zone
8/14/2019 Module 2: Configuring and Troubleshooting DNS
33/47
Lesson 5: Managing and Troubleshooting DNS
What Is Time to Live, Aging, and Scavenging?
Demonstration: Managing DNS Records
Testing the DNS Server Configuration
Tools That Identify Problems With DNS
Demonstration: Testing the DNS Server Configuration
Monitoring DNS Using the DNS Event Log and DebugLogging
8/14/2019 Module 2: Configuring and Troubleshooting DNS
34/47
What Is Time to Live, Aging, and Scavenging?
Feature Description
Time to Live(TTL)
Indicates how long a DNS record willremain valid
Aging Occurs when records that have beeninserted into the DNS server reachtheir expiration and are removed
Scavenging Performs DNS server resource recordgrooming for old records in DNS
8/14/2019 Module 2: Configuring and Troubleshooting DNS
35/47
Demonstration: Managing DNS Records
In this demonstration, you will see how to:
Configure TTL
Enable Scavenging
Configure Aging
8/14/2019 Module 2: Configuring and Troubleshooting DNS
36/47
Testing the DNS Server Configuration
You can test the DNS server configuration by using:
A simple query to ensure that the DNS serviceis answering
A recursive query to ensure that the DNS servercan communicate with the upstream DNS service
8/14/2019 Module 2: Configuring and Troubleshooting DNS
37/47
Tools That Identify Problems With DNS
Tool Used to:
Nslookup Troubleshoot DNS problems
Dnscmd Edit the DNS configuration
Dnslint Diagnose common DNS issues
Demonstration: Testing the DNS Server
8/14/2019 Module 2: Configuring and Troubleshooting DNS
38/47
Demonstration: Testing the DNS ServerConfiguration
In this demonstration, you will see how to test the DNS
server configuration by using:
Simple queries
Recursive queries
Nslookup Dnscmd
Dnslint
Monitoring DNS Using the DNS Event Log and
8/14/2019 Module 2: Configuring and Troubleshooting DNS
39/47
Monitoring DNS Using the DNS Event Log andDebug Logging
Monitor DNS events in the event log to:
Monitor zone transfer information
Monitor computer events
Enable DNS debug logging to view granularverbose information about DNS activities
8/14/2019 Module 2: Configuring and Troubleshooting DNS
40/47
Lab: Configuring and Verifying a DNS Solution
Exercise 1: Configuring a DNS Infrastructure
Exercise 2: Monitoring and Troubleshooting DNS
Logon information
Virtual machines NYC-DC1, NYC-SVR1
User name AdministratorPassword Pa$$w0rd
Estimated time: 60 minutes
Notes Page Over-flow Slide. Do Not Print Slide.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
41/47
gSee Notes pane.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
42/47
Lab Review
When you added a DNS zone on NYC-DC1, why were youable to choose Active Directory-integrated zones?
What type of DNS zone transfer would take place betweenNYC-SRV1 and NYC-DC1?
When using NS lookup, what record type would you use tofind a mail server? How would you configure NS lookup to
request this record type? When using Dnslint to verify name server records, you ranthe DNSLint command to generate a DNSLint report forthe nwtraders.msft domain and used the /s switch. Whywas it important to use this switch?
8/14/2019 Module 2: Configuring and Troubleshooting DNS
43/47
Module Review and Takeaways
Review Questions
Common Issues and Troubleshooting Tips
Real-world Issues and Scenarios
Best Practices
The DNS Console
Command-line Tools
Monitoring Tools
Notes Page Over-flow Slide. Do Not Print Slide.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
44/47
gSee Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
45/47
gSee Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
46/47
gSee Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
8/14/2019 Module 2: Configuring and Troubleshooting DNS
47/47
gSee Notes pane.