Presentation on theme: "Implementing Domain Name System"— Presentation transcript:
1 Implementing Domain Name System 20410B7: Implementing Domain Name SystemPresentation: 45 minutesLab: 30 minutesAfter completing this module students will be able to:Describe name resolution for clients and servers.Install and manage Domain Name System (DNS) service.Manage DNS zones.Required MaterialsTo teach this module, you need the Microsoft® Office PowerPoint® file 20410B_07.pptx.Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, all the features of the slides might not display correctly.Preparation tasksTo prepare for this module:Read all of the materials for this module.Practice performing the demonstrations and the lab exercises.Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance.Module 7Implementing Domain Name System
2 Module Overview Managing DNS Zones 20410B 7: Implementing Domain Name SystemManaging DNS ZonesProvide a brief overview of the module content.
3 Lesson 1: Name Resolution for Windows Clients and Servers 20410BLesson 1: Name Resolution for Windows Clients and Servers7: Implementing Domain Name SystemTroubleshooting Name ResolutionThis is the introductory lesson to name resolution. Some students may already be familiar with these concepts. If you have students that already understand the basics of name resolution, you can briefly review the first four topics, and then spend more time on Link‑Local Multicast Name Resolution and troubleshooting.
4 What Are Computer Names? 20410BWhat Are Computer Names?7: Implementing Domain Name SystemNameDescriptionHost nameUp to 255 characters longCan contain alphabetic and numeric characters, periods, and hyphensPart of FQDNNetBIOS nameRepresent a single computer or group of computers15 characters used for the name16th character identifies serviceFlat namespaceDiscuss different types of names that computers can use. Emphasize that NetBIOS names are rarely used today, and that newer operating systems support them only for legacy applications.
5 What Is DNS? DNS can be used to: Resolve host names to IP addresses 7: Implementing Domain Name SystemDNS can be used to:Resolve host names to IP addressesLocate domain controllers and global catalog serversResolve IP addresses to host namesLocate mail servers during deliveryDescribe the tasks for which DNS is used.Emphasize the need to use DNS to locate domain controllers and global catalog servers. DNS that is configured incorrectly is one of the most common causes of slow workstation logons and logon failures. In addition, Active Directory® Domain Services (AD DS) replication may fail if DNS is configured incorrectly.
6 DNS Zones and Records Zone types: Forward lookup zone 20410BDNS Zones and Records7: Implementing Domain Name SystemA DNS zone is a specific portion of DNS namespace that contains DNS recordsZone types:Forward lookup zoneReverse lookup zoneResource records in forward lookup zones include:A, MX, SRV, NS, SOA, and CNAMEResource records in reverse lookup zones include:PTRExplain to students that a DNS zone is specific portion of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. If students are interested, you can discuss that subdomains can be either a separate zone, or part of the same zone.Explain to students what each type of resource record is used for:host (A). Resolves names to IP addresses (you can use websites as an example)server (SRV). Locates a domain controllermail exchanger (MX). Locates a mail serverpointer (PTR). Resolves an IP address to a host name, when troubleshootingMention that, in most cases, the DNS records required for AD DS are added automatically to the necessary zone by domain controllers and global catalog servers. In addition, workstations and servers create their own A records and PTR records automatically.
7 How Internet DNS Names Are Resolved 20410BHow Internet DNS Names Are Resolved7: Implementing Domain Name SystemDescribe the DNS name resolution process for locating the IP address forA workstation queries the local DNS server for the IP address ofIf the local DNS server does not have the information, it then queries a root DNS server for the location of the .com DNS servers.The local DNS server then queries a .com DNS server for the location of the Microsoft.com DNS servers.The local DNS server then queries the Microsoft.com DNS server for the IP address ofThe IP address of is returned to the workstation.Mention to students that understanding this process is important when troubleshooting name resolution issues for clients and servers—for example, when a client is unable to access a web-based application or file server.Consider mentioning forwarding and caching as two options that modify the resolution process.Microsoft.com DNS server.com DNS serverWhat is the IP address ofRoot DNS serverLocal DNS serverWorkstation
8 What Is LinkLocal Multicast Name Resolution? 20410BWhat Is LinkLocal Multicast Name Resolution?7: Implementing Domain Name SystemLLMNR is an additional method for name resolution that does not use DNS or WINSLLMNR is designed for IPv6Works only on Windows Vista, Windows Server 2008, and all newer Windows operating systemsNetwork Discovery must be enabledCan be controlled via Group PolicyExplain the basics of LLMNR. Emphasize that this protocol is supported only on newer operating systems. In addition, explain the Network Discovery feature in Network and Sharing Center, and if possible, demonstrate how to turn it on.
9 How a Client Resolves a Name 20410BHow a Client Resolves a Name7: Implementing Domain Name System5. NetBIOS Name Cache6. WINS Server7. Broadcast2. DNS Resolver Cache / Hosts file content1. Local Host Name8. Lmhosts File3. DNS ServerExplain how the name resolution process works, step-by-step. Emphasize the switch from DNS to NetBIOS methods in the process. Mention GlobalNames zone support.4. LLMNR
10 Troubleshooting Name Resolution 7: Implementing Domain Name SystemCommon tools for troubleshooting name resolution are:Consider using the new cmdlets in Windows PowerShell to manage and troubleshoot DNSAlways clear DNS resolver cache before troubleshootingUse the hosts file for troubleshootingIsolate problemNslookupDnscmdDnslintIpconfigDNS Server MonitoringDiscuss troubleshooting techniques for DNS.
11 Lesson 2: Installing and Managing a DNS Server 20410BLesson 2: Installing and Managing a DNS Server7: Implementing Domain Name SystemDemonstration: Installing the DNS Server RoleBriefly describe the lesson content.
12 What Are the Components of a DNS Solution? 20410BWhat Are the Components of a DNS Solution?7: Implementing Domain Name SystemDNS ResolversDNS ServersDNS Servers on the InternetResourceRecordRoot “.”List the components of a DNS solution. Ask students to identify the elements that they have used already for a DNS solution..comResourceRecord.edu
13 20410BWhat Are Root Hints?7: Implementing Domain Name SystemRoot hints contain the IP addresses for DNS root serversRoot (.) ServersExplain what root hints are, and how they are used in name resolving process.DNS ServersRoot HintscomDNS ServerClientmicrosoft
14 What Are DNS Queries? Queries are recursive or iterative 20410BWhat Are DNS Queries?7: Implementing Domain Name SystemQueries are recursive or iterativeDNS clients and DNS servers initiate queriesDNS servers are authoritative or nonauthoritative for a namespaceAn authoritative DNS server for the namespace will either:Return the requested IP addressReturn an authoritative “No”A nonauthoritative DNS server for the namespace will either:Check its cacheUse forwardersUse root hintsAn iterative query directed to a DNS server may be answered with a referral to another DNS serverclientLocal DNS serverRoot hint (.).commail1.contoso.comRecursive queryIterative queryAsk .comAsk contoso.comAuthoritative responsecontoso.comDNS clientmail1.contoso.comA recursive query is sent to a DNS server and requires a complete answerDatabaseLocal DNS serverExplain that a DNS query is used to request name resolution, and that the query is sent to a DNS server.Briefly explain that there are two types of queries: recursive and iterative. DNS servers also can act as DNS clients and send DNS queries to other DNS servers.Explain that a DNS server can be either authoritative or non‑authoritative for the namespace of the query.Explain how recursive queries work.Inform students that they should consider disabling recursive queries for specific domains. In doing so, the DNS server in question will not attempt to forward its DNS requests to another server. This is useful when you do not want a particular DNS server communicating outside of its network. Disabling recursion is performed in the DNS administrative Microsoft Management Console (MMC).Describe the purpose of an iterative query.
15 20410BWhat Is Forwarding?7: Implementing Domain Name SystemA forwarder is a DNS server designated to resolve external or offsite DNS domain namescontoso.comRoot hint (.).comIterative queryAsk .comAsk contoso.comAuthoritative responseForwarderRecursive query formail1.contoso.comRecursive queryLocal DNS serverclientISP DNSAll other DNS domainsLocal DNScontoso.com DNScontoso.comQuery forConditional forwarding forwards requests using a domain name conditionClient computerIn this topic emphasis the following:Define forwarders and explain their purpose. A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network.Define conditional forwarding. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query.Go over the example:You can configure a DNS server to forward all of the queries that it receives for names ending with contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.Describe how conditional forwarding works by referring to the slide.Best Practice. Use conditional forwarders if you have multiple internal namespaces. This results in faster name resolution.
16 How DNS Server Caching Works 20410BHow DNS Server Caching Works7: Implementing Domain Name SystemDNS server cacheHost nameIP addressTTLServerA.contoso.com28 secondsExplain DNS caching on server and client side. If you have enough time, demonstrate how to view cache content on server and on client.ServerA is atWhere’s ServerA?ServerAClient1ServerA is atWhere’s ServerA?Client2
17 How to Install the DNS Server Role 20410BHow to Install the DNS Server Role7: Implementing Domain Name SystemDNS Server Installation MethodsServer ManagerActive Directory Domain Services Installation WizardTools available to manage DNS ServerDNS Manager Snap-InDNS Manager console (dnsmgmt.msc)DNSCmd command-line toolWindows PowershellRemote Server Administrative toolsDiscuss how you can install and manage the DNS server role.
18 Demonstration: Installing the DNS Server Role 20410BDemonstration: Installing the DNS Server Role7: Implementing Domain Name SystemIn this demonstration, you will see how to:Install a second DNS serverConfigure forwardingPreparation StepsStart 20410B‑LON‑DC1 and 20410B‑LON‑SVR1.Demonstration StepsInstall a second DNS serverSign in to LON‑DC1 and LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd.On LON‑SVR1, in the Server Manager console, click Add roles and features.On the Before you begin page, click Next.On the Select installation type page, click Next.On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.On the Select server roles page, click DNS Server.In the Add Roles and Features Wizard window, click Add Features, and then click Next.On the Select Features page, click Next.On the DNS Server page, click Next.On the Confirm installation selections page, click Install.On the Installation progress page, when a message displays that installation succeeded, click Close.Configure forwardingOn LON‑SVR1, open the DNS Manager console.In the DNS Manager console, right‑click LON‑SVR1, click Properties, and then click the Forwarders tab.(More notes on the next slide)
19 7: Implementing Domain Name System 20410B7: Implementing Domain Name SystemIn the Forwarders dialog box, click Edit.In the Edit Forwarders page, type , and then click OK two times.Note: Leave all virtual machines in their current state for the next demonstration.
20 Lesson 3: Managing DNS Zones 20410BLesson 3: Managing DNS Zones7: Implementing Domain Name SystemDemonstration: Creating an Active Directory– Integrated ZoneProvide a brief overview of the lesson content.
21 What Are DNS Zone Types? Zones Description Primary 20410BWhat Are DNS Zone Types?7: Implementing Domain Name SystemZonesDescriptionPrimaryRead/write copy of a DNS databaseSecondaryRead-only copy of a DNS databaseStubCopy of a zone that contains only records used to locate name serversActive Directory– integratedZone data is stored in AD DS rather than in zone filesExplain that there are four DNS zone types: primary, secondary, stub, and Active Directory–integrated. Make the following points about the zones:Primary ZoneDNS server is the primary source for zone information.Stores the master copy of zone data in either a local file or in AD DS.File is named zone_name.dns by default, and is located in %windir%\System32\Dns.Secondary ZoneThe server is a secondary source for zone information.Must be obtained from another remote DNS server that also hosts the zone.Cannot be stored in AD DS.Stub ZoneWindows 2003 introduced stub zones, which solved several problems with large DNS namespaces and multiple tree forests.Active Directory–Integrated ZoneIntroduce the concept of Active Directory–integrated zones.
22 What Are Dynamic Updates? 20410BWhat Are Dynamic Updates?7: Implementing Domain Name SystemClient sends SOA queryDNS server returns SOA resource recordClient sends dynamic update request(s) to identify the primary DNS serverDNS server responds that it can perform updateDescribe how dynamic updates work.Explain to students that when an IP address is configured (by DHCP or fixed), it is actually the DHCP client service (not to be confused with the DHCP server) that registers a client’s host records. This is triggered when an IP address is added or changed on any network connection. Registration also happens during computer startup. Remind students that you can also activate registration manually using the ipconfig /registerdns command, or by using the Windows PowerShell cmdlet Register-DNSClient.Ask students what would happen if dynamic updates were not enabled. They should answer that the biggest problem would be that domain controllers would not be able to register their records in DNS, so the domain controller records would have to be added manually.Mention to students that the DHCP server can also update client computer resource records dynamically in DNS. Mention that, by default, Windows Server 2012 DNS servers are configured to support secure-only updates for Active Directory–integrated zones. You will be discussing Active Directory–integrated zones more in-depth during the next topic.Client sends unsecured update to DNS serverIf zone permits only secure updates, update is refusedClient sends secured update to DNS server1234567DNS ServerResource Records
23 What Are Active Directory–Integrated Zones? 20410BWhat Are Active Directory–Integrated Zones?7: Implementing Domain Name SystemBenefits of an Active Directory–integrated zone include:Allows multimaster writes to zoneReplicates DNS zone information by using AD DS replicationLeverages efficient replication topologyUses efficient incremental updates for Active Directory replication processesEnables secure dynamic updatesSecurity: Can delegate zones, domains, resource recordsExplain how DNS stores data in AD DS. Briefly review the benefits.QuestionCan you think of any disadvantages to storing DNS information in AD DS?AnswerIf you want to replicate DNS data to other non‑Microsoft DNS servers, then you should not store it in AD DS.
24 Demonstration: Creating an Active Directory–Integrated Zone 20410BDemonstration: Creating an Active Directory–Integrated Zone7: Implementing Domain Name SystemIn this demonstration, you will see how to:Promote a server as a domain controllerCreate an Active Directory–integrated zoneCreate a recordVerify replication to a second DNS serverPreparation StepsYou need the 20410B‑LON‑DC1, and 20410B‑LON‑SVR1, virtual machines to complete this demonstration. They should already be running after the preceding demonstration.Demonstration StepsPromote LON‑SVR1 as an additional domain controllerIn the Server Manager console, click Add roles and features.On the Before you begin page, click Next.On the Select installation type page, click Next.On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.On the Select server roles page, click Active Directory Domain Services.When Add Roles and Features Wizard window displays, click Add Features, and then click Next.On the Select features page, click Next.On the Active Directory Domain Services page, click Next.On the Confirm installation selections page, click Install.On the Installation progress page, when the Installation succeeded message displays, click Close.In the Server Manager console, on the navigation page, click AD DS.At the title bar where Configuration required for Active Directory Domain Services at LON‑SVR1 displays, click More.On the All Server Task Details and Notifications page, click Promote this server to a domain controller.(More notes on the next slide)
25 7: Implementing Domain Name System 20410B7: Implementing Domain Name SystemIn the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, ensure that Add a domain controller to an existing domain is selected, and then click Next.On the Domain Controller Options page, select the Domain Name System (DNS) server check box, and leave the Global Catalog (GC) check box selected. Type Pa$$w0rd in both text fields, and then click Next.On the DNS Options page, click Next.On the Additional Options page, click Next.On the Paths page, click Next.On the Review Options page, click Next.On the Prerequisites Check page, click Install.Note: The server will automatically restart as part of the procedure.After LON‑SVR1 restarts, sign in as Adatum\Administrator.Create an Active Directory–integrated zoneOn LON‑DC1, open Server Manager.Click Tools, and then click DNS.In the DNS Manager console, click and then right‑click LON‑DC1, and then select New Zone.In the New Zone Wizard, click Next.On the Zone Type page, click Primary zone, ensure that the Store the zone in Active Directory option is selected, and then click Next.Note: To the instructor: Point out that this option determines that that zone is in AD DS.On the Active Directory Zone Replication Scope page, review the available options, and then without making any changes, click Next.(More notes on the next slide)
26 7: Implementing Domain Name System 20410B7: Implementing Domain Name SystemOn the Forward or Reverse Lookup Zone page, select Forward lookup zone, and then click Next.On the Zone Name page, in the Zone name field, type Contoso.com, and then click Next.On the Dynamic Update page, review the available options, select Allow only secure dynamic updates, and then click Next.On the Completing the New Zone Wizard page, click Finish.In DNS Manager console, expand Forward Lookup Zones, click Contoso.com, and then review the records that are created automatically.Create a recordIn the DNS Manager console, expand LON‑DC1, expand Forward Lookup Zones, and then click Contoso.com.Right‑click Contoso.com, and then select New Host (A or AAAA).In the New Host window, in the Name field, type www, in the IP address field, type , click Add Host, and then click OK.Click Done.Verify replication to a second DNS serverOn LON‑SVR1, in the Server Manager console, click Tools, and then click DNS.In the DNS Manager console, expand LON‑SVR1, expand Forward Lookup Zones, and then click Contoso.com.Verify that www resource record exists. It may take a couple of minutes for the record to appear, and you may have to refresh the console display.
27 Exercise 3: Managing the DNS Server Cache 20410BLab: Implementing DNS7: Implementing Domain Name SystemExercise 3: Managing the DNS Server CacheBefore the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios will give context to the lab and exercises, and will help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise.Exercise 1: Installing and Configuring DNSAs part of configuring the infrastructure for the new branch office, you need to configure a DNS server that will provide name resolution for the branch office. The DNS server in the branch office will also be a domain controller. The Active Directory–integrated zones that are required to support logons will be replicated automatically to the branch office.Exercise 2: Creating Host Records in DNSSeveral new web-based applications are being implemented in the A. Datum head office. Each application requires that you configure a host record in DNS. You have been asked to create the new host records for these applications.Exercise 3: Managing the DNS Server CacheAfter you changed some host records in zones configured on LON‑DC1, you noticed that clients that use LON‑SVR1 as their DNS server are still receiving old IP addresses during the name resolving process. You want to determine which component is caching this data.Virtual machines B‑LON‑DC120410B‑LON‑SVR120410B‑LON‑CL1User name Adatum\AdministratorPassword Pa$$w0rdLogon InformationEstimated Time: 40 minutes
28 20410BLab Scenario7: Implementing Domain Name SystemA. Datum Corporation has an IT office and data center in London, which supports the London location and other locations. A. Datum has recently deployed a Windows Server infrastructure with Windows 8 clients. You need to configure the infrastructure service for a new branch office.Your manager has asked you to configure the domain controller in the branch office as a DNS server. You have also been asked to create some new host records to support a new application that is being installed. Finally, you need to configure forwarding on the DNS server in the branch office to support Internet name resolution.
29 20410BLab Review7: Implementing Domain Name SystemHow can you browse the content of the DNS resolver cache on a DNS server?QuestionCan you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations?AnswerYes, you can. However, you cannot create Active Directory–integrated zones on a DNS server that is not a domain controller.What is the most common way to carry out Internet name resolution on a local DNS?Companies typically configure their local DNS with a forwarder. That forwarder is most often a DNS server of their ISP.How can you browse the content of the DNS resolver cache on a DNS server?You can browse the content of the DNS resolver cache on a DNS server by enabling the Advanced view in the DNS Manager console or by using Windows PowerShell cmdlets.
30 Module Review and Takeaways 20410BModule Review and Takeaways7: Implementing Domain Name SystemCommon Issues and Troubleshooting TipsReview QuestionsQuestionYou are troubleshooting DNS name resolution from a client computer. What must you remember to do before each test?AnswerYou should clear the resolver cache before starting to troubleshoot.You are deploying DNS servers into an Active Directory domain, and your customer requires that the infrastructure is resistant to single points of failure. What must you consider when planning the DNS configuration?You should deploy more than one AD DS domain controller with the DNS server role installed.What benefits do you realize by using forwarders?Forwarders are used when your local DNS server cannot resolve a query from the client using its own local zones. You usually configure forwarders to resolve Internet names. However, you can also use forwarders to optimize performance, to optimize Internet link usage on your local DNS server, and to enhance security.(More notes on the next slide)
31 7: Implementing Domain Name System 20410B7: Implementing Domain Name SystemToolsBest Practice: When implementing DNS, use the following best practices:Always use host names instead of NetBIOS names.Use forwarders rather than root hints.Be aware of potential caching issues when troubleshooting name resolution.Use Active Directory–integrated zones instead of primary and secondary zones.Common Issues and Troubleshooting TipsCommon Issue: Clients sometimes cache invalid DNS records.Troubleshooting Tip: Clear the cache.Common Issue: DNS Server performs slowly.Troubleshooting Tip: Use the Performance Monitor to measure the load on DNS.Name of toolUsed forWhere to find itDNS Manager consoleManage DNS server roleAdministrative ToolsNslookupTroubleshoot DNSCommand‑line toolIpconfigWindows PowerShell cmdletsManage and troubleshoot DNSWindows PowerShell