Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Domain Name System

Similar presentations


Presentation on theme: "Implementing Domain Name System"— Presentation transcript:

1 Implementing Domain Name System
20410B 7: Implementing Domain Name System Presentation: 45 minutes Lab: 30 minutes After completing this module students will be able to: Describe name resolution for clients and servers. Install and manage Domain Name System (DNS) service. Manage DNS zones. Required Materials To teach this module, you need the Microsoft® Office PowerPoint® file 20410B_07.pptx. Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, all the features of the slides might not display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance. Module 7 Implementing Domain Name System

2 Module Overview Managing DNS Zones 20410B
7: Implementing Domain Name System Managing DNS Zones Provide a brief overview of the module content.

3 Lesson 1: Name Resolution for Windows Clients and Servers
20410B Lesson 1: Name Resolution for Windows Clients and Servers 7: Implementing Domain Name System Troubleshooting Name Resolution This is the introductory lesson to name resolution. Some students may already be familiar with these concepts. If you have students that already understand the basics of name resolution, you can briefly review the first four topics, and then spend more time on Link‑Local Multicast Name Resolution and troubleshooting.

4 What Are Computer Names?
20410B What Are Computer Names? 7: Implementing Domain Name System Name Description Host name Up to 255 characters long Can contain alphabetic and numeric characters, periods, and hyphens Part of FQDN NetBIOS name Represent a single computer or group of computers 15 characters used for the name 16th character identifies service Flat namespace Discuss different types of names that computers can use. Emphasize that NetBIOS names are rarely used today, and that newer operating systems support them only for legacy applications.

5 What Is DNS? DNS can be used to: Resolve host names to IP addresses
7: Implementing Domain Name System DNS can be used to: Resolve host names to IP addresses Locate domain controllers and global catalog servers Resolve IP addresses to host names Locate mail servers during delivery Describe the tasks for which DNS is used. Emphasize the need to use DNS to locate domain controllers and global catalog servers. DNS that is configured incorrectly is one of the most common causes of slow workstation logons and logon failures. In addition, Active Directory® Domain Services (AD DS) replication may fail if DNS is configured incorrectly.

6 DNS Zones and Records Zone types: Forward lookup zone
20410B DNS Zones and Records 7: Implementing Domain Name System A DNS zone is a specific portion of DNS namespace that contains DNS records Zone types: Forward lookup zone Reverse lookup zone Resource records in forward lookup zones include: A, MX, SRV, NS, SOA, and CNAME Resource records in reverse lookup zones include: PTR Explain to students that a DNS zone is specific portion of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. If students are interested, you can discuss that subdomains can be either a separate zone, or part of the same zone. Explain to students what each type of resource record is used for: host (A). Resolves names to IP addresses (you can use websites as an example) server (SRV). Locates a domain controller mail exchanger (MX). Locates a mail server pointer (PTR). Resolves an IP address to a host name, when troubleshooting Mention that, in most cases, the DNS records required for AD DS are added automatically to the necessary zone by domain controllers and global catalog servers. In addition, workstations and servers create their own A records and PTR records automatically.

7 How Internet DNS Names Are Resolved
20410B How Internet DNS Names Are Resolved 7: Implementing Domain Name System Describe the DNS name resolution process for locating the IP address for A workstation queries the local DNS server for the IP address of If the local DNS server does not have the information, it then queries a root DNS server for the location of the .com DNS servers. The local DNS server then queries a .com DNS server for the location of the Microsoft.com DNS servers. The local DNS server then queries the Microsoft.com DNS server for the IP address of The IP address of is returned to the workstation. Mention to students that understanding this process is important when troubleshooting name resolution issues for clients and servers—for example, when a client is unable to access a web-based application or file server. Consider mentioning forwarding and caching as two options that modify the resolution process. Microsoft.com DNS server .com DNS server What is the IP address of Root DNS server Local DNS server Workstation

8 What Is LinkLocal Multicast Name Resolution?
20410B What Is LinkLocal Multicast Name Resolution? 7: Implementing Domain Name System LLMNR is an additional method for name resolution that does not use DNS or WINS LLMNR is designed for IPv6 Works only on Windows Vista, Windows Server 2008, and all newer Windows operating systems Network Discovery must be enabled Can be controlled via Group Policy Explain the basics of LLMNR. Emphasize that this protocol is supported only on newer operating systems. In addition, explain the Network Discovery feature in Network and Sharing Center, and if possible, demonstrate how to turn it on.

9 How a Client Resolves a Name
20410B How a Client Resolves a Name 7: Implementing Domain Name System 5. NetBIOS Name Cache 6. WINS Server 7. Broadcast 2. DNS Resolver Cache / Hosts file content 1. Local Host Name 8. Lmhosts File 3. DNS Server Explain how the name resolution process works, step-by-step. Emphasize the switch from DNS to NetBIOS methods in the process. Mention GlobalNames zone support. 4. LLMNR

10 Troubleshooting Name Resolution
7: Implementing Domain Name System Common tools for troubleshooting name resolution are: Consider using the new cmdlets in Windows PowerShell to manage and troubleshoot DNS Always clear DNS resolver cache before troubleshooting Use the hosts file for troubleshooting Isolate problem Nslookup Dnscmd Dnslint Ipconfig DNS Server Monitoring Discuss troubleshooting techniques for DNS.

11 Lesson 2: Installing and Managing a DNS Server
20410B Lesson 2: Installing and Managing a DNS Server 7: Implementing Domain Name System Demonstration: Installing the DNS Server Role Briefly describe the lesson content.

12 What Are the Components of a DNS Solution?
20410B What Are the Components of a DNS Solution? 7: Implementing Domain Name System DNS Resolvers DNS Servers DNS Servers on the Internet Resource Record Root “.” List the components of a DNS solution. Ask students to identify the elements that they have used already for a DNS solution. .com Resource Record .edu

13 20410B What Are Root Hints? 7: Implementing Domain Name System Root hints contain the IP addresses for DNS root servers Root (.) Servers Explain what root hints are, and how they are used in name resolving process. DNS Servers Root Hints com DNS Server Client microsoft

14 What Are DNS Queries? Queries are recursive or iterative
20410B What Are DNS Queries? 7: Implementing Domain Name System Queries are recursive or iterative DNS clients and DNS servers initiate queries DNS servers are authoritative or nonauthoritative for a namespace An authoritative DNS server for the namespace will either: Return the requested IP address Return an authoritative “No” A nonauthoritative DNS server for the namespace will either: Check its cache Use forwarders Use root hints An iterative query directed to a DNS server may be answered with a referral to another DNS server client Local DNS server Root hint (.) .com mail1.contoso.com Recursive query Iterative query Ask .com Ask contoso.com Authoritative response contoso.com DNS client mail1.contoso.com A recursive query is sent to a DNS server and requires a complete answer Database Local DNS server Explain that a DNS query is used to request name resolution, and that the query is sent to a DNS server. Briefly explain that there are two types of queries: recursive and iterative. DNS servers also can act as DNS clients and send DNS queries to other DNS servers. Explain that a DNS server can be either authoritative or non‑authoritative for the namespace of the query. Explain how recursive queries work. Inform students that they should consider disabling recursive queries for specific domains. In doing so, the DNS server in question will not attempt to forward its DNS requests to another server. This is useful when you do not want a particular DNS server communicating outside of its network. Disabling recursion is performed in the DNS administrative Microsoft Management Console (MMC). Describe the purpose of an iterative query.

15 20410B What Is Forwarding? 7: Implementing Domain Name System A forwarder is a DNS server designated to resolve external or offsite DNS domain names contoso.com Root hint (.) .com Iterative query Ask .com Ask contoso.com Authoritative response Forwarder Recursive query for mail1.contoso.com Recursive query Local DNS server client ISP DNS All other DNS domains Local DNS contoso.com DNS contoso.com Query for Conditional forwarding forwards requests using a domain name condition Client computer In this topic emphasis the following: Define forwarders and explain their purpose. A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. Define conditional forwarding. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. Go over the example: You can configure a DNS server to forward all of the queries that it receives for names ending with contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers. Describe how conditional forwarding works by referring to the slide. Best Practice. Use conditional forwarders if you have multiple internal namespaces. This results in faster name resolution.

16 How DNS Server Caching Works
20410B How DNS Server Caching Works 7: Implementing Domain Name System DNS server cache Host name IP address TTL ServerA.contoso.com 28 seconds Explain DNS caching on server and client side. If you have enough time, demonstrate how to view cache content on server and on client. ServerA is at Where’s ServerA? ServerA Client1 ServerA is at Where’s ServerA? Client2

17 How to Install the DNS Server Role
20410B How to Install the DNS Server Role 7: Implementing Domain Name System DNS Server Installation Methods Server Manager Active Directory Domain Services Installation Wizard Tools available to manage DNS Server DNS Manager Snap-In DNS Manager console (dnsmgmt.msc) DNSCmd command-line tool Windows Powershell Remote Server Administrative tools Discuss how you can install and manage the DNS server role.

18 Demonstration: Installing the DNS Server Role
20410B Demonstration: Installing the DNS Server Role 7: Implementing Domain Name System In this demonstration, you will see how to: Install a second DNS server Configure forwarding Preparation Steps Start 20410B‑LON‑DC1 and 20410B‑LON‑SVR1. Demonstration Steps Install a second DNS server Sign in to LON‑DC1 and LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd. On LON‑SVR1, in the Server Manager console, click Add roles and features. On the Before you begin page, click Next. On the Select installation type page, click Next. On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next. On the Select server roles page, click DNS Server. In the Add Roles and Features Wizard window, click Add Features, and then click Next. On the Select Features page, click Next. On the DNS Server page, click Next. On the Confirm installation selections page, click Install. On the Installation progress page, when a message displays that installation succeeded, click Close. Configure forwarding On LON‑SVR1, open the DNS Manager console. In the DNS Manager console, right‑click LON‑SVR1, click Properties, and then click the Forwarders tab. (More notes on the next slide)

19 7: Implementing Domain Name System
20410B 7: Implementing Domain Name System In the Forwarders dialog box, click Edit. In the Edit Forwarders page, type , and then click OK two times. Note: Leave all virtual machines in their current state for the next demonstration.

20 Lesson 3: Managing DNS Zones
20410B Lesson 3: Managing DNS Zones 7: Implementing Domain Name System Demonstration: Creating an Active Directory– Integrated Zone Provide a brief overview of the lesson content.

21 What Are DNS Zone Types? Zones Description Primary
20410B What Are DNS Zone Types? 7: Implementing Domain Name System Zones Description Primary Read/write copy of a DNS database Secondary Read-only copy of a DNS database Stub Copy of a zone that contains only records used to locate name servers Active Directory– integrated Zone data is stored in AD DS rather than in zone files Explain that there are four DNS zone types: primary, secondary, stub, and Active Directory–integrated. Make the following points about the zones: Primary Zone DNS server is the primary source for zone information. Stores the master copy of zone data in either a local file or in AD DS. File is named zone_name.dns by default, and is located in %windir%\System32\Dns. Secondary Zone The server is a secondary source for zone information. Must be obtained from another remote DNS server that also hosts the zone. Cannot be stored in AD DS. Stub Zone Windows 2003 introduced stub zones, which solved several problems with large DNS namespaces and multiple tree forests. Active Directory–Integrated Zone Introduce the concept of Active Directory–integrated zones.

22 What Are Dynamic Updates?
20410B What Are Dynamic Updates? 7: Implementing Domain Name System Client sends SOA query DNS server returns SOA resource record Client sends dynamic update request(s) to identify the primary DNS server DNS server responds that it can perform update Describe how dynamic updates work. Explain to students that when an IP address is configured (by DHCP or fixed), it is actually the DHCP client service (not to be confused with the DHCP server) that registers a client’s host records. This is triggered when an IP address is added or changed on any network connection. Registration also happens during computer startup. Remind students that you can also activate registration manually using the ipconfig /registerdns command, or by using the Windows PowerShell cmdlet Register-DNSClient. Ask students what would happen if dynamic updates were not enabled. They should answer that the biggest problem would be that domain controllers would not be able to register their records in DNS, so the domain controller records would have to be added manually. Mention to students that the DHCP server can also update client computer resource records dynamically in DNS. Mention that, by default, Windows Server 2012 DNS servers are configured to support secure-only updates for Active Directory–integrated zones. You will be discussing Active Directory–integrated zones more in-depth during the next topic. Client sends unsecured update to DNS server If zone permits only secure updates, update is refused Client sends secured update to DNS server 1 2 3 4 5 6 7 DNS Server Resource Records

23 What Are Active Directory–Integrated Zones?
20410B What Are Active Directory–Integrated Zones? 7: Implementing Domain Name System Benefits of an Active Directory–integrated zone include: Allows multimaster writes to zone Replicates DNS zone information by using AD DS replication Leverages efficient replication topology Uses efficient incremental updates for Active Directory replication processes Enables secure dynamic updates Security: Can delegate zones, domains, resource records Explain how DNS stores data in AD DS. Briefly review the benefits. Question Can you think of any disadvantages to storing DNS information in AD DS? Answer If you want to replicate DNS data to other non‑Microsoft DNS servers, then you should not store it in AD DS.

24 Demonstration: Creating an Active Directory–Integrated Zone
20410B Demonstration: Creating an Active Directory–Integrated Zone 7: Implementing Domain Name System In this demonstration, you will see how to: Promote a server as a domain controller Create an Active Directory–integrated zone Create a record Verify replication to a second DNS server Preparation Steps You need the 20410B‑LON‑DC1, and 20410B‑LON‑SVR1, virtual machines to complete this demonstration. They should already be running after the preceding demonstration. Demonstration Steps Promote LON‑SVR1 as an additional domain controller In the Server Manager console, click Add roles and features. On the Before you begin page, click Next. On the Select installation type page, click Next. On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next. On the Select server roles page, click Active Directory Domain Services. When Add Roles and Features Wizard window displays, click Add Features, and then click Next. On the Select features page, click Next. On the Active Directory Domain Services page, click Next. On the Confirm installation selections page, click Install. On the Installation progress page, when the Installation succeeded message displays, click Close. In the Server Manager console, on the navigation page, click AD DS. At the title bar where Configuration required for Active Directory Domain Services at LON‑SVR1 displays, click More. On the All Server Task Details and Notifications page, click Promote this server to a domain controller. (More notes on the next slide)

25 7: Implementing Domain Name System
20410B 7: Implementing Domain Name System In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, ensure that Add a domain controller to an existing domain is selected, and then click Next. On the Domain Controller Options page, select the Domain Name System (DNS) server check box, and leave the Global Catalog (GC) check box selected. Type Pa$$w0rd in both text fields, and then click Next. On the DNS Options page, click Next. On the Additional Options page, click Next. On the Paths page, click Next. On the Review Options page, click Next. On the Prerequisites Check page, click Install. Note: The server will automatically restart as part of the procedure. After LON‑SVR1 restarts, sign in as Adatum\Administrator. Create an Active Directory–integrated zone On LON‑DC1, open Server Manager. Click Tools, and then click DNS. In the DNS Manager console, click and then right‑click LON‑DC1, and then select New Zone. In the New Zone Wizard, click Next. On the Zone Type page, click Primary zone, ensure that the Store the zone in Active Directory option is selected, and then click Next. Note: To the instructor: Point out that this option determines that that zone is in AD DS. On the Active Directory Zone Replication Scope page, review the available options, and then without making any changes, click Next. (More notes on the next slide)

26 7: Implementing Domain Name System
20410B 7: Implementing Domain Name System On the Forward or Reverse Lookup Zone page, select Forward lookup zone, and then click Next. On the Zone Name page, in the Zone name field, type Contoso.com, and then click Next. On the Dynamic Update page, review the available options, select Allow only secure dynamic updates, and then click Next. On the Completing the New Zone Wizard page, click Finish. In DNS Manager console, expand Forward Lookup Zones, click Contoso.com, and then review the records that are created automatically. Create a record In the DNS Manager console, expand LON‑DC1, expand Forward Lookup Zones, and then click Contoso.com. Right‑click Contoso.com, and then select New Host (A or AAAA). In the New Host window, in the Name field, type www, in the IP address field, type , click Add Host, and then click OK. Click Done. Verify replication to a second DNS server On LON‑SVR1, in the Server Manager console, click Tools, and then click DNS. In the DNS Manager console, expand LON‑SVR1, expand Forward Lookup Zones, and then click Contoso.com. Verify that www resource record exists. It may take a couple of minutes for the record to appear, and you may have to refresh the console display.

27 Exercise 3: Managing the DNS Server Cache
20410B Lab: Implementing DNS 7: Implementing Domain Name System Exercise 3: Managing the DNS Server Cache Before the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios will give context to the lab and exercises, and will help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise. Exercise 1: Installing and Configuring DNS As part of configuring the infrastructure for the new branch office, you need to configure a DNS server that will provide name resolution for the branch office. The DNS server in the branch office will also be a domain controller. The Active Directory–integrated zones that are required to support logons will be replicated automatically to the branch office. Exercise 2: Creating Host Records in DNS Several new web-based applications are being implemented in the A. Datum head office. Each application requires that you configure a host record in DNS. You have been asked to create the new host records for these applications. Exercise 3: Managing the DNS Server Cache After you changed some host records in zones configured on LON‑DC1, you noticed that clients that use LON‑SVR1 as their DNS server are still receiving old IP addresses during the name resolving process. You want to determine which component is caching this data. Virtual machines B‑LON‑DC1 20410B‑LON‑SVR1 20410B‑LON‑CL1 User name Adatum\Administrator Password Pa$$w0rd Logon Information Estimated Time: 40 minutes

28 20410B Lab Scenario 7: Implementing Domain Name System A. Datum Corporation has an IT office and data center in London, which supports the London location and other locations. A. Datum has recently deployed a Windows Server infrastructure with Windows 8 clients. You need to configure the infrastructure service for a new branch office. Your manager has asked you to configure the domain controller in the branch office as a DNS server. You have also been asked to create some new host records to support a new application that is being installed. Finally, you need to configure forwarding on the DNS server in the branch office to support Internet name resolution.

29 20410B Lab Review 7: Implementing Domain Name System How can you browse the content of the DNS resolver cache on a DNS server? Question Can you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations? Answer Yes, you can. However, you cannot create Active Directory–integrated zones on a DNS server that is not a domain controller. What is the most common way to carry out Internet name resolution on a local DNS? Companies typically configure their local DNS with a forwarder. That forwarder is most often a DNS server of their ISP. How can you browse the content of the DNS resolver cache on a DNS server? You can browse the content of the DNS resolver cache on a DNS server by enabling the Advanced view in the DNS Manager console or by using Windows PowerShell cmdlets.

30 Module Review and Takeaways
20410B Module Review and Takeaways 7: Implementing Domain Name System Common Issues and Troubleshooting Tips Review Questions Question You are troubleshooting DNS name resolution from a client computer. What must you remember to do before each test? Answer You should clear the resolver cache before starting to troubleshoot. You are deploying DNS servers into an Active Directory domain, and your customer requires that the infrastructure is resistant to single points of failure. What must you consider when planning the DNS configuration? You should deploy more than one AD DS domain controller with the DNS server role installed. What benefits do you realize by using forwarders? Forwarders are used when your local DNS server cannot resolve a query from the client using its own local zones. You usually configure forwarders to resolve Internet names. However, you can also use forwarders to optimize performance, to optimize Internet link usage on your local DNS server, and to enhance security. (More notes on the next slide)

31 7: Implementing Domain Name System
20410B 7: Implementing Domain Name System Tools Best Practice: When implementing DNS, use the following best practices: Always use host names instead of NetBIOS names. Use forwarders rather than root hints. Be aware of potential caching issues when troubleshooting name resolution. Use Active Directory–integrated zones instead of primary and secondary zones. Common Issues and Troubleshooting Tips Common Issue: Clients sometimes cache invalid DNS records. Troubleshooting Tip: Clear the cache. Common Issue: DNS Server performs slowly. Troubleshooting Tip: Use the Performance Monitor to measure the load on DNS. Name of tool Used for Where to find it DNS Manager console Manage DNS server role Administrative Tools Nslookup Troubleshoot DNS Command‑line tool Ipconfig Windows PowerShell cmdlets Manage and troubleshoot DNS Windows PowerShell


Download ppt "Implementing Domain Name System"

Similar presentations


Ads by Google