Windows System Administration
DNS, DHCP and VPN
Borislav Varadinov
Telerik Software Academy
academy.telerik.com
System [email protected]
Table of Contents Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP)
Virtual Private Network
2
Domain Name System (DNS)
What is Microsoft DNS Server?
DNS is a widely used standardized protocol A Request for Comments (RFC)-compliant
DNS server Windows Server Role Used in TCP/IP networks for naming hosts and
network services Locates hosts and services through user-
friendly names Client-Server architecture service Support for Active Directory integration
4
DNS Resolution Process
Local DNS Server
Example.com
DNS Request
Example.com
DNS Request
News.com
Root DNS Server
.com DNS Server
News.com DNS Server
What are forward and reverse zones?
Forward Lookup Zone Supports the primary function of
DNS, the resolution of host names to IP addresses
Reverse Lookup Zone Supports the resolution of IP
addresses to host names
6
DNS Records There are many different types of DNS records
Most common: A CNAME MX NS PTR SOA SRV 7
Dynamic Update Dynamic update enables DNS client computers to: Register their resource records Dynamically update their resource
records Dynamic update is additional DNS standard specification (RFC 2136)
8
What Are the DNS Zone Types?
9
Primary Secondary Stub Active Directory-Integrated
Active Directory-integrated DNS
Usually DNS Servers store their zones data as text files on the file system
Active Directory–integrated DNS enables to: Store zone data in AD database Replicate DNS zone data through AD
replication Secure Dynamic Updates Allows multimaster writes to zone
Available only on Domain Controllers
10
Stub Zone A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative DNS servers for that zone
11
Manageable Name Resolution Root Hints
Root Hints is a list of IP addresses of DNS servers that are authoritative at the root level of the DNS hierarchy
Forwarders A forwarder is a DNS server that forwards
DNS queries for external names to DNS servers outside that network
Conditional Forwarders A conditional forwarder is a DNS server that
forwards DNS queries according to the DNS domain name in the query 12
Zone Delegation DNS provides the option of dividing up
the namespace into one or more zones DNS delegations can be used to:
Delegate management of part of your DNS namespace to another location or department
Divide large zone into smaller zones to distribute traffic loads among multiple servers
Extend the namespace by adding numerous subdomains 13
High Availability The DNS Services high availability is achieved by using multiple DNS Servers Use secondary DNS Servers Use Active Directory-integrated
zones DNS Client chooses primary DNS Server and if it is no available, it asks the next server
In domain infrastructure always put only Domain Controllers for primary and secondary
14
Aging and Scavenging Provides a mechanism for performing
cleanup and removal of stale resource records (RRs)
Aging
Scavenging DNS server can determine that RRs have
aged to the point of becoming stale and remove them from zone data
15
Advanced Server Options
Round Robin Used to randomize the results of a
similar type of query to provide basic load-balancing functionality
Netmask Ordering Used to return addresses for type A DNS
queries to prioritize local resources to the client
Disable Recursion
16
DNS Management Tools DNS Manager (DNSMgmt.msc) DNSCMD.exe
17
Demonstration Install DNS Role Create new forward and reverse lookup
zones Configure Server and Zone settings Demonstrate DDNS Demonstrate Active Directory-
Integrated replication Demonstrate Primary and Secondary
DNS Server usage Demonstrate Forwarders and
Conditional Forwarders 18
Dynamic Host Configuration Protocol
(DHCP)
What is DHCP? Widely used standardized protocol Windows Server Role Client-Server architecture Integrated with Active Directory and DNS Authorization DNS Dynamic Update
20
Authorize DHCP Server DHCP Authorization is a process that: Register the DHCP Server IP
address in Active Directory Prevent not authorized DHCP
Servers to lease IP addresses on the network
Stand-alone DHCP Servers detects if an authorized server is working on the same network segment (Only for Windows Servers) 21
Demonstration Install DHCP Server Role Verify that DHCP Server is authorized
22
Scope A scope must be properly defined and
activated before DHCP clients can use the DHCP server for automatic TCP/IP configuration
A scope has the following properties: Scope name Range of possible IP addresses Unique subnet mask (which determines the
network ID for the scope) Lease duration values
23
DHCP Options The DHCP options are various configuration settings that are passed to the DHCP Clients
Common DHCP options DNS Servers DNS Domain Name Routers NTP Servers
24
Reservations You can reserve IP addresses for assignment to specified computers or devices
Reservations ensure that a specified devices always receives the same IP address.
Use reservations for devices that must always have the same IP address: such as servers that do not support
Domain Name System (DNS) dynamic update.
25
Preventing address conflicts
Windows Server 2008 DHCP has both server-side and client-side conflict detection to prevent duplicate IP addresses on your network.
Client conflict detection Server conflict detection
26
Relay Agent Relay agent is a service that relays
DHCP messages between DHCP clients and DHCP servers on different IP networks
27
DHCP High Availability Split Scope Failover Clustering
28
Vendor and Users classes
Vendor Class User Class
Ipconfig /setclassid
29
DHCP Server Management Tools
DHCP MMC Console Netsh
30
Demonstration Install DHCP Role Create new scope Configure Server and Scope settings
31
VPN and DirectAccess
What Is Routing and Remote Access (RRAS)
? Role Service of Network Access and Policy Services
Provides Routing and NAT functions
Provides Dial-Up and VPN functions
33
VPN
34
Internet
Tunneling Protocols for VPN
PPTP L2TP SSTP IKEv2
35
VPN Server Requirements
Two NICs IP Address allocation Local Administrator
36
CMAK Connection Profile
Management software that simplifies and enhances the management of remote connections
Uses profiles made of connection settings that allow connections from the local computer to a remote network
Profiles can be distributed to client computers
37
Network Policy Server (NPS)
Network Policy Server (NPS) can be used as a RADIUS server
Performs (For RADIUS clients): Authentication Authorization Accounting
38
DirectAccess New remote access feature Allows connectivity to corporate
network Differs from the traditional VPN
connections Provides support only for domain-joined
Windows 7 and above Enables seamless connectivity to
corporate networks39
форум програмиране, форум уеб дизайнкурсове и уроци по програмиране, уеб дизайн – безплатно
програмиране за деца – безплатни курсове и уроцибезплатен SEO курс - оптимизация за търсачки
уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop
уроци по програмиране и уеб дизайн за ученициASP.NET MVC курс – HTML, SQL, C#, .NET, ASP.NET MVC
безплатен курс "Разработка на софтуер в cloud среда"
BG Coder - онлайн състезателна система - online judge
курсове и уроци по програмиране, книги – безплатно от Наков
безплатен курс "Качествен програмен код"
алго академия – състезателно програмиране, състезанияASP.NET курс - уеб програмиране, бази данни, C#, .NET, ASP.NET
курсове и уроци по програмиране – Телерик академия
курс мобилни приложения с iPhone, Android, WP7, PhoneGapfree C# book, безплатна книга C#, книга Java, книга C# Дончо Минков - сайт за програмиране
Николай Костов - блог за програмиранеC# курс, програмиране, безплатно
?? ? ?
??? ?
?
? ?
??
?
?
? ?
Questions?
?
Group Policy
http://academy.telerik.com
Free Trainings @ Telerik Academy
"Web Design with HTML 5, CSS 3 and JavaScript" course @ Telerik Academy html5course.telerik.com
Telerik Software Academy academy.telerik.com
Telerik Academy @ Facebook facebook.com/TelerikAcademy
Telerik Software Academy Forums forums.academy.telerik.com