1. 70-410: Installing and Configuring Windows Server 2012
Chapter 4
Deploying and Configuring Core Network Services

2. Objective 4.1: Configuring IPv4 and IPv6 Addressing

3. IPv4 Addressing IP Address Subnet Mask Network Host
32-bit address
Four 8-bit decimal values between 0 and 255 separated by periods (octets)
Subnet Mask
32-bit value of 0’s and 1’s
1’s designate network bits, 0’s are host bits
Network Host
Examples: IP Address
Subnet Mask
Explain how each host on a network requires a unique address for communication.
© 2013 John Wiley & Sons, Inc.

4. IPv4 Classful Addressing
Explain that this is what USED to be done, but it is very wasteful. Use the next slide to help explain.
The three IPv4 address classes
© 2013 John Wiley & Sons, Inc.

5. IPv4 Address Classes IP Address Class Class A Class B Class C
First bit values (binary) 10
110
First byte value (decimal)
0–127
128–191
192–223
Number of network identifier bits 8 16 24
Number of host identifier bits
Number of possible networks
126
16,384
2,097,152
Number of possible hosts
16,777,214
65,534
254
© 2013 John Wiley & Sons, Inc.

6. Classless Inter-Domain Routing
Classful addressing was gradually phased out by a series of subnetting methods, including variable length subnet masking (VLSM) and, eventually, Classless Inter-Domain Routing (CIDR).
CIDR is a subnetting method that enables administrators to place the division between the network bits and the host bits anywhere in the address, not just between octets.
Because Classful address is wasteful and the Internet has grown beyond the available addresses, mechanisms were created to extend the life of IPv4 by creating less waste and repeatedly using the same addresses.
© 2013 John Wiley & Sons, Inc.

7. CIDR
CIDR notation: /26
Where the /26 means 26 bits of the address are used as the network identifier
In binary, the subnet mask translates to: or in decimal
This would allow us to divide this address into 4 networks, each with up to 62 hosts
Compare this to the default setting of /24, and use the example in the book.
© 2013 John Wiley & Sons, Inc.

8. CIDR 192.168.43.0/26 Networks Network Address Starting IP Address
Ending IP Address
Subnet Mask
Use this table to illustrate the example on the previous slide.
© 2013 John Wiley & Sons, Inc.

9. Public and Private IPv4 Addressing
Registered IP addresses are not necessary for workstations that merely access resources on the Internet
The three blocks of addresses allocated for private use are as follows: /8
/12
/16
Explain how there are not enough registered addresses left and that this is a way for the same addresses to be used repeatedly.
© 2013 John Wiley & Sons, Inc.

10. Using Network Address Translation (NAT)
NAT is a network-layer routing technology that enables a group of workstations to share a single registered address.
A NAT router is a device with two network interfaces, one connected to a private network and one to the Internet.
When a workstation on the private network wants to access an Internet resource, it sends a request to the NAT router.
The NAT router substitutes its own registered IP address for the workstation’s private address, and sends the request on to the Internet server.
The router then performs the same substitution in reverse and forwards the response back to the original unregistered workstation.
It would help to draw a network diagram to show where NAT is on a network. Home networks that students can identify with are good examples.
© 2013 John Wiley & Sons, Inc.

11. Using a Proxy Server
Like NAT, a proxy server receives requests from clients on a private network, and forwards to the destination on the Internet, using its own registered address.
The proxy server interposes additional functions into the forwarding process. These functions can include:
Filtering
Logging
Caching
Scanning
Applications must be configured to use a proxy server.
Compare NAT with the Proxy Server.
© 2013 John Wiley & Sons, Inc.

12. IPv4 Subnetting
Allows you to split one IP address range into multiple networks (e.g., you can take the /8 private IP address range and use the entire second octet as a subnet ID).
This creates up to 256 subnets with up to 65,536 hosts.
The subnet masks will be and the network addresses will proceed as follows:
/16
/16
/16 …
/16
When you are working on an existing network, the subnetting process is more difficult.
Use the example in the book to expand on this.
© 2013 John Wiley & Sons, Inc.

13. Calculate IPv4 Subnets
Determine how many subnet identifier bits you need to create the required number of subnets.
Subtract the subnet bits you need from the host bits and add them to the network bits.
Calculate the subnet mask by adding the network and subnet bits in binary form and converting the binary value to decimal.
Take the least significant subnet bit and the host bits, in binary form, and convert them to a decimal value.
Increment the network identifier (including the subnet bits) by the decimal value you calculated to determine the network addresses of your new subnets.
Use these steps to work through an example.
© 2013 John Wiley & Sons, Inc.

14. Supernetting
Allows contiguous networks to be added to a routing table with one entry to reduce the size of Internet routing tables.
For example:
/24
/24
/24
/24
/24
Can all be expressed in one supernet address: /21
Use the calculations in the book to work through this example
© 2013 John Wiley & Sons, Inc.

15. Assigning IPv4 Addresses
To assign IPv4 addresses, there are three basic methods:
Manual configuration
Dynamic Host Configuration Protocol (DHCP)
Automatic Private IP Addressing (APIPA)
© 2013 John Wiley & Sons, Inc.

16. Manual IPv4 Address Configuration
Manually enter IP address, subnet mask, default gateway and DNS servers.
Use a GUI or command line.
Not difficult, but it can be time consuming on a large network.
Difficult to troubleshoot if information is entered incorrectly.
© 2013 John Wiley & Sons, Inc.

17. Dynamic Host Configuration Protocol (DHCP)
Client computers are configured to Obtain an IP address automatically.
DHCP Servers on the network contain a pool of addresses and other IPv4 configuration.
Clients request configuration at boot up.
DHCP Servers respond to the requests.
IPv4 configurations are leased for a period of time and renewed as necessary.
No addresses are duplicated.
© 2013 John Wiley & Sons, Inc.

18. Automatic Private IP Addressing (APIPA)
A DHCP failover mechanism used by all current Microsoft Windows operating systems.
If a system fails to locate a DHCP server on the network, APIPA takes over and automatically assigns an address on the /16 network to the computer.
For a small network that consists of only a single LAN, APIPA is a simple and effective alternative to installing a DHCP server.
© 2013 John Wiley & Sons, Inc.

19. IPv6 Addressing
Designed to increase the size of the IP address space (128 bit), thus providing addresses for many more devices than IPv4
Reduces the size of the routing tables because the size of the addresses provides for more than the two levels of subnetting currently possible with IPv4
© 2013 John Wiley & Sons, Inc.

20. Introducing IPv6
IPv6 addresses use a notation called colon-hexadecimal format
Eight 16-bit hexadecimal numbers, separated by colons: XX:XX:XX:XX:XX:XX:XX:XX
Each X represents eight bits (or 1 byte), which in hexadecimal notation is represented by two characters, as in: 21cd:0053:0000:0000:e8bb:04f2:003c:c394
© 2013 John Wiley & Sons, Inc.

21. Contracting IPv6 Addresses
When an IPv6 address has two or more consecutive eight-bit blocks of zeroes, you can replace them with a double colon (but you can only use one double colon in any IPv6 address): 21cd:0053::e8bb:04f2:003c:c394
You can also remove the leading zeros in any block where they appear: 21cd:53::e8bb:4f2:3c:c394
Contracting, as in contractions…..shortening the address.
© 2013 John Wiley & Sons, Inc.

22. Expressing IPv6 Network Addresses
No subnet masks in IPv6
Network addresses use the same slash notation as CIDR:
21cd:53::/64
This is the contracted form for the following network address:
21cd:0053:0000:0000/64
© 2013 John Wiley & Sons, Inc.

23. IPv6 Address Types IPv6 supports three address types:
Unicast: Provides one-to-one transmission service to individual interfaces, including server farms sharing a single address. IPv6 supports several types of unicast addresses, including global, link-local, and unique local.
Multicast: Provides one-to-many transmission service to groups of interfaces identified by a single multicast address.
Anycast: Provides one-to-one-of-many transmission service to groups of interfaces, only the nearest of which (measured by the number of intermediate routers) receives the transmission.
© 2013 John Wiley & Sons, Inc.

24. Original Global Unicast Addresses
The equivalent of a registered IPv4 address, routable worldwide and unique on the Internet. It consists of the following elements:
Format prefix (FP): An FP value of 001 identifies the address as a global unicast.
Top Level Aggregator (TLA): A 13-bit globally unique identifier allocated to regional Internet registries by the IANA.
Reserved: An 8-bit field that is currently unused.
Next Level Aggregator (NLA): A 24-bit field that the TLA organization uses to create a multilevel hierarchy for allocating blocks of addresses to its customers.
Site Level Aggregator (SLA): A 16-bit field that organizations can use to create an internal hierarchy of sites or subnets.
Extended Unique Identifier (EUI-64): A 64-bit field, derived from the network interface adapter’s MAC address, identifying a specific interface on the network.
Don’t spend too much time on this because you will be looking at the CURRENT addressing scheme in the next couple of slides.
© 2013 John Wiley & Sons, Inc.

25. Global Unicast Addresses
The original IPv6 global unicast address format
© 2013 John Wiley & Sons, Inc.

26. Current Global Unicast Addresses
The current official format for global unicast addresses consists of the following elements:
Global routing prefix: A 48-bit field beginning with the 001 FP value, the hierarchical structure of which is left up to the RIR
Subnet ID: Formerly known as the SLA, a 16-bit field that organizations can use to create an internal hierarchy of sites or subnets
Interface ID: A 64-bit field identifying a specific interface on the network
© 2013 John Wiley & Sons, Inc.

27. Global Unicast Addresses
The current IPv6 global unicast address format
© 2013 John Wiley & Sons, Inc.

28. Subnet IDs
Organizations have a16-bit subnet ID with which to create an internal subnet hierarchy, if desired. Here are some of the possible subnetting options:
One-level subnet: By setting all subnet ID bits to 0, all computers in the organization are part of a single subnet. This option is only suitable for smaller organizations.
Two-level subnet: By creating a series of 16-bit values, you can split the network into as many as 65,536 subnets. This is the functional equivalent of IPv4 subnetting, but with a much larger subnet address space.
Multi-level subnet: By allocating specific numbers of subnet ID bits, you can create multiple levels of subnets, sub-subnets, and sub-sub-subnets; suitable for an enterprise of almost any size.
Use example on the next slide to illustrate.
© 2013 John Wiley & Sons, Inc.

29. Subnet ID Example
To support a large international enterprise, you could split the subnet ID as follows:
Country (4 bits): Creates up to 16 subnets representing countries in which the organization has offices
State (6 bits): Creates up to 64 sub-subnets within each country, representing states, provinces, or other geographical divisions
Office (2 bits): Creates up to 4 sub-sub-subnets within each state or province, representing offices located in various cities
Department (4 bits): Creates up to 16 sub-sub-sub-subnets within each office, representing the various departments or divisions.
To create a subnet ID for a particular office, it is up to the enterprise administrators to assign values for each field.
Expand on this example using the information in the book.
© 2013 John Wiley & Sons, Inc.

30. Interface IDs
The interface ID contains a unique identifier for a specific interface on the network.
The Institute for Electrical and Electronic Engineers (IEEE) defines the format for the 48-bit MAC address assigned to each network adapter by the manufacturer, as well as the EUI-64 identifier format derived from it.
A privacy problem with this method of deriving interface IDs from the computer’s hardware—the location of a mobile computer might be tracked based on its IPv6 address.
Instead of using MAC addresses, Windows operating systems generate random interface IDs by default.
© 2013 John Wiley & Sons, Inc.

31. Link-Local Unicast Addresses
In IPv6, systems that assign themselves an address automatically create a link-local unicast address, which is the equivalent of an APIPA address in IPv4.
All link local addresses have the same network identifier: a 10-bit FP of followed by 54 zeroes, resulting in:
fe80:0000:0000:0000/64
In its more compact form, the link-local network address is:
fe80::/64
© 2013 John Wiley & Sons, Inc.

32. Unique Local Unicast Addresses
These are the same as private addresses in IPv4, with the following format:
Global ID: A 48-bit field beginning with an 8-bit FP of in binary, or fd00::/8 in hexadecimal. The remaining 40 bits of the global ID are randomly generated.
Subnet ID: A 16-bit field that organizations can use to create an internal hierarchy of sites or subnets.
Interface ID: A 64-bit field identifying a specific interface on the network.
Review the principles of private addressing as in IPv4.
© 2013 John Wiley & Sons, Inc.

33. Unique Local Unicast Addresses
The IPv6 unique local unicast address format
© 2013 John Wiley & Sons, Inc.

34. Special Addresses
Loopback address: Any messages sent to it are returned back to the sending system.
0:0:0:0:0:0:0:1 or ::1
Unspecified address: The address the system uses while requesting an address from a DHCP server.
0:0:0:0:0:0:0:0
© 2013 John Wiley & Sons, Inc.

35. Multicast Addresses
Multicast addresses always begin with an FP value of , in binary, or ff in hexadecimal. The entire multicast address format is as follows:
FP: An 8-bit field that identifies the message as a multicast.
Flags: A 4-bit field that specifies whether the multicast address contains the address of a rendezvous point (0111), is based on a network prefix (0010), and is permanent (0000) or transient (0001).
Scope: A 4-bit field that specifies how widely routers can forward the address. Values include interface-local (0001), link-local (0010), site-local (0101), organization-local (1000), and global (1110).
Group ID: A 112-bit field uniquely identifying a multicast group.
Note that IPv6 has eliminated broadcast messages, but can use a Multicast to all hosts in a similar way.
© 2013 John Wiley & Sons, Inc.

36. Anycast Addresses
Used to identify the routers within a given address scope and send traffic to the nearest router, as determined by the local routing protocols.
Can be used to identify a particular set of routers in the enterprise, such as those that provide access to the Internet.
To use anycasts, the routers must be configured to recognize the anycast addresses.
Review the example Anycast address that corresponds to the sample network used in previous examples from the book.
© 2013 John Wiley & Sons, Inc.

37. Assigning IPv6 Addresses
As with IPv4, a Windows computer can obtain an IPv6 address by three possible methods:
Manual allocation: A user or administrator manually supplies an address and other information for each network interface.
Self-allocation: The computer creates its own address using a process called stateless address autoconfiguration.
Dynamic allocation: The computer solicits and receives an address from a Dynamic Host Configuration Protocol (DHCPv6) server on the network.
Explain each of these methods in more detail and refer to the IPv4 properties sheet on the next slide.
© 2013 John Wiley & Sons, Inc.

38. Planning an IP Transition
Administrators are reluctant to change from IPv4 to IPv6 because there is a lot to learn.
IPv4 hardware is still functioning.
The Internet is still mostly IPv4, but there is a gradual transition happening where there will be support for both IP versions.
Currently, we must have mechanisms in place to transmit IPv6 traffic over IPv4 connections, but the situation will be reversed in the future.
© 2013 John Wiley & Sons, Inc.

39. Using a Dual IP Stack
The simplest way to transition is to run both IP versions.
Windows has been doing this since Windows Server 2008 and Windows Vista.
Use ipconfig /all to see IPv6 configuration.
This allows us to communicate with IPv4 and IPv6 devices at the same time.
© 2013 John Wiley & Sons, Inc.

40. Tunneling
Tunneling is the process by which a system encapsulates an IPv6 datagram within an IPv4 packet.
Often used for router-to-router communication when communicating between two IPv6 networks over an IPv4 connection.
© 2013 John Wiley & Sons, Inc.

41. Two IPv6 networks connected by an IPv4 tunnel
Tunneling
Two IPv6 networks connected by an IPv4 tunnel
© 2013 John Wiley & Sons, Inc.

42. Configuring Tunnels Manually
It is possible to manually create semi-permanent tunnels that carry IPv6 traffic through an IPv4-only network. When a computer running Windows Server 2012 or Windows 8 is functioning as one end of the tunnel, you can use this command:
netsh interface ipv6 add v6v4tunnel “interface” localaddress remoteaddress
In this command, interface is a friendly name you want to assign to the tunnel you are creating and localaddress and remoteaddress are the IPv4 addresses forming the two ends of the tunnel. An example of an actual command would be this:
netsh interface ipv6 add v6v4tunnel “tunnel”
© 2013 John Wiley & Sons, Inc.

43. Objective 4.2: Configuring Servers

44. Understanding DHCP
The Dynamic Host Configuration Protocol (DHCP) service:
Automatically configures the IP address and other TCP/IP settings on network computers by assigning addresses from a pool (called a scope) and reclaiming them when they are no longer in use.
Saves time.
Prevents configuration errors.
© 2013 John Wiley & Sons, Inc.

45. Understanding DHCP DHCP consists of three components:
DHCP server application: Responds to client requests for TCP/IP configuration settings.
DHCP client: Issues requests to servers and applies the TCP/IP configuration settings it receives to the local computer.
DHCP communications protocol: Defines the formats and sequences of the messages exchanged by DHCP clients and servers.
© 2013 John Wiley & Sons, Inc.

46. Understanding DHCP Three different IP address allocation methods:
Dynamic allocation: The DHCP server assigns an IP address to a client computer from a scope, for a specified length of time. DHCP servers only lease addresses to clients with this method.
Automatic allocation: The DHCP server permanently assigns an IP address to a client computer from a scope. It is essentially dynamic allocation with an indefinite lease.
Manual allocation: The DHCP server permanently assigns a specific IP address to a specific computer on the network. It is called a reservation. You use manually allocated addresses for computers that must have the same IP address at all times.
© 2013 John Wiley & Sons, Inc.

47. DHCP Packets The DHCP packet format
Use the information in the book to describe the structure of a DHCP packet.
The DHCP packet format
© 2013 John Wiley & Sons, Inc.

48. DHCP Options
There are many other TCP/IP parameters that can be configured by DHCP besides the IP address:
Magic cookie
Option format
DHCP Message Type option
Pad option
Option Overload option
Vendor-Specific Information option
End option
The DHCP options are going to be described in the upcoming slides.
© 2013 John Wiley & Sons, Inc.

49. BOOTP Vendor Information Extensions
Subnet Mask: Specifies which bits of the IP address identify the host system and which bits identify the network where the host system resides.
Router: Specifies the IP address of the router (or default gateway) on the local network segment the client should use to transmit to systems on other network segments.
Domain Name Server: Specifies the IP addresses of the servers the client will use for DNS name resolution.
Host Name: Specifies the DNS host name the client system will use.
Domain name: Specifies the name of the DNS domain on which the system will reside.
Refer to RFC 1497 as per the information in the textbook.
© 2013 John Wiley & Sons, Inc.

50. IP Layer Parameters
These options affect the functionality of the IP protocol on the client system:
IP Forwarding Enable/Disable: Specifies whether IP forwarding (i.e., routing) should be enabled on the client system.
Default IP Time-to-Live: Specifies the time-to-live value the client should use in its outgoing IP datagrams.
Interface MTU: Specifies the maximum transfer unit to be used by the Internet Protocol on this network interface only.
© 2013 John Wiley & Sons, Inc.

51. DHCP Extensions (1)
These options provide parameters that govern the DHCP lease negotiation and renewal processes:
Requested IP Address: Used by the client to request a particular IP address from the server.
IP Address Lease Time: Specifies the duration of a dynamically allocated IP address lease.
Server Identifier: Specifies the IP address of the server involved in a DHCP transaction; used by the client to address unicasts to the server.
© 2013 John Wiley & Sons, Inc.

52. DHCP Extensions (2)
Parameter Request List: Used by the client to send a list of requested configuration options (identified by their code numbers) to the server.
Message: Carries an error message from the server to the client in a DHCPNAK message.
Renewal (T1) time value: Specifies the time period that must elapse before an IP address lease enters the renewing state.
Rebinding (T2) time value: Specifies the time period that must elapse before an IP address lease enters the rebinding state.
© 2013 John Wiley & Sons, Inc.

53. DHCP Message Types (1)
The DHCP communication protocol defines eight different message types:
DHCPDISCOVER: Used by clients to request configuration parameters from a DHCP server.
DHCPOFFER: Used by servers to offer IP addresses to requesting clients.
DHCPREQUEST: Used by clients to accept or renew an IP address assignment.
DHCPDECLINE: Used by clients to reject an offered IP address.
Review the different message types of the packets that go between a DHCP client and server.
© 2013 John Wiley & Sons, Inc.

54. DHCP Message Types (2)
DHCPACK: Used by servers to acknowledge a client’s acceptance of an offered IP address.
DHCPNAK: Used by servers to reject a client’s acceptance of an offered IP address.
DHCPRELEASE: Used by clients to terminate an IP address lease.
DHCPINFORM: Used by clients to obtain additional TCP/IP configuration parameters from a server.
Review the different message types of the packets that go between a DHCP client and server.
© 2013 John Wiley & Sons, Inc.

55. DHCP Lease Negotiation
Use the steps from the textbook to review the process as outlined in the flowchart.
The DHCP IP address assignment process
© 2013 John Wiley & Sons, Inc.

56. The DHCP IP address renewal process
DHCP Lease Renewal
Use the steps in the textbook to expand on the Renewal process in the flowchart.
The DHCP IP address renewal process
© 2013 John Wiley & Sons, Inc.

57. Designing a DHCP Infrastructure
The Windows Server 2012 DHCP Server service is theoretically capable of supporting many thousands of clients.
Virtually all enterprise networks require more than one DHCP server.
DHCP relies on broadcast messages, which have limitations.
© 2013 John Wiley & Sons, Inc.

58. Using a Distributed DHCP Infrastructure
Use the information in the textbook to explain Distributed DHCP and its advantages and disadvantages.
A distributed DHCP infrastructure
© 2013 John Wiley & Sons, Inc.

59. Using a Centralized DHCP Infrastructure
Use the information in the textbook to explain Centralized DHCP and its advantages and disadvantages. Describe the DHCP Relay Agent.
A centralized DHCP infrastructure
© 2013 John Wiley & Sons, Inc.

60. Using a Hybrid DHCP Infrastructure
The distributed and centralized DHCP infrastructure represents the extremes at opposite ends of the design spectrum.
The ideal solution resides somewhere between them.
A hybrid DHCP infrastructure uses multiple DHCP servers on different subnets, but it does not necessarily require a DHCP server on every subnet.
Use examples from the book to discuss different scenarios and solutions to those scenarios.
© 2013 John Wiley & Sons, Inc.

61. Regulating DHCP Network Traffic
Several factors can effect network traffic and you can make configuration choices that will change the amount of traffic generated by DHCP:
Place DHCP servers close to the clients.
Adjust the lease duration so there are fewer renewals.
Make the lease duration unlimited.
© 2013 John Wiley & Sons, Inc.

62. Deploying a DHCP Server
The DHCP Server service is packaged as a role in Windows Server 2012.
Install the role, through the Add Roles and Features Wizard in Server Manager.
DHCP servers operate independently, so you must install the service and configure scopes on every computer that will function as a DHCP server.
© 2013 John Wiley & Sons, Inc.

63. Creating a Scope
A scope is a range of IP addresses on a particular subnet that are selected for allocation by a DHCP server.
Create a scope using the DHCP snap-in for Microsoft Management Console (MMC).
© 2013 John Wiley & Sons, Inc.

64. Configuring DHCP Options
The Windows DHCP server supports two kinds of options:
Scope options: Supplied only to DHCP clients receiving addresses from a particular scope.
Server options: Supplied to all DHCP clients receiving addresses from the server.
© 2013 John Wiley & Sons, Inc.

65. Creating a Reservation
A reservation is a manually allocated address.
Used for computers whose IP addresses must remain the same (static), like domain controllers, DNS servers, and Internet web servers.
Allows you to manage all of your IP addresses through DHCP.
© 2013 John Wiley & Sons, Inc.

66. Using PXE
The Pre-boot Execution Environment (PXE) is a feature built into many network interface adapters that enables them to connect to a DHCP server over the network and obtain TCP/IP client settings, even when the computer has no operating system.
DHCP can also supply the workstation with an option specifying the location of a boot file that the system can download and use to start the computer and initiate a Windows operating system installation.
© 2013 John Wiley & Sons, Inc.

67. Using PXE with WDS
Windows Deployment Services (WDS) enables administrators to manage image files that remote workstations can use to start up and install Windows.
For a PXE adapter to access WDS images, the DHCP server on the network must have a custom PXEClient option (option 60) configured with the location of the WDS server on the network.
Use the steps in the book to explain how a computer boots with PXE and connects to the WDS server to start a Windows installation.
© 2013 John Wiley & Sons, Inc.

68. Deploying a DHCP Relay Agent
If you create a centralized or hybrid DHCP infrastructure, you will need a DHCP relay agent on every subnet that does not have a DHCP server on it.
Many routers are capable of functioning as DHCP relay agents, but when they cannot, you can configure a Windows Server 2012 computer to function as a relay agent.
© 2013 John Wiley & Sons, Inc.

69. Objective 4.3: Deploying and Configuring the DNS Service

70. Understanding the DNS Architecture
Host names are easier for us to remember than IP addresses.
Computers need to resolve the host names we use to IP addresses in order to communicate with other computers.
This conversion process is referred to as name resolution.
Host tables were used when networks were small, but are impractical today.
Today, Domain Name System (DNS) servers convert host names into IP addresses.
© 2013 John Wiley & Sons, Inc.

71. Creating a DNS Standard
At its core, the DNS is still a list of names and their equivalent IP addresses, but the methods for creating, storing, and retrieving those names is very different from those in a host table. The DNS consists of three elements:
The DNS name space
Name servers
Resolvers
© 2013 John Wiley & Sons, Inc.

72. The DNS Name Space
The DNS standards define a tree-structured name space in which each branch of the tree identifies a domain.
Each domain contains a collection of resource records that contain host names, IP addresses, and other information.
Query operations are attempts to retrieve specific resource records from a particular domain.
© 2013 John Wiley & Sons, Inc.

73. Name Servers
A DNS server is an application running on a server computer that maintains information about the domain tree structure and (usually) contains authoritative information about one or more specific domains in that structure.
The application responds to queries for information about the domains for which it is the authority and forwards queries about other domains to other name servers.
This enables any DNS server to access information about any domain in the tree.
© 2013 John Wiley & Sons, Inc.

74. Resolvers
A resolver is a client program that generates DNS queries and sends them to a DNS server for fulfillment.
A resolver has direct access to at least one DNS server and can also process referrals to direct its queries to other servers when necessary.
© 2013 John Wiley & Sons, Inc.

75. Creating a DNS Standard
DNS servers relay requests and replies to other
DNS servers
© 2013 John Wiley & Sons, Inc.

76. DNS Naming
A two-tiered system, consisting of domain names and host names
Obtain Doman names from a centralized authority, to ensure uniqueness
Assign the host names within that domain
Internet websites use this naming method
We access web servers using a Uniform Resource Locater (URL), such as:
© 2013 John Wiley & Sons, Inc.

77. The DNS domain hierarchy
DNS Naming
Use the textbook to help explain the hierarchical structure of the DNS name space. Define FQDN.
The DNS domain hierarchy
© 2013 John Wiley & Sons, Inc.

78. The DNS Domain Hierarchy
The authoritative source for a domain is the DNS server responsible for maintaining that domain’s resource records.
DNS servers can locate the authoritative source for any domain name, by communicating with other DNS servers.
Domains at each level of the hierarchy are responsible for maintaining information about the domains in the next lower level.
The root name servers are the highest-level DNS servers in the entire namespace.
All DNS server implementations are preconfigured with the IP addresses of the root name servers.
© 2013 John Wiley & Sons, Inc.

79. Top-Level Domains
The original DNS name space called for six generic top-level domains (gTLDs), dedicated to specific purposes:
com: Commercial organizations
edu: Four-year, degree-granting educational institutions in North America
gov: United States government institutions
mil: United States military applications
net: Networking organizations
org: Noncommercial organizations
Talk about the original top level domains and Network Solutions and ICANN, and the new top-level domains….next slide.
© 2013 John Wiley & Sons, Inc.

80. ICANN’s New Top-Level Domains
ICANN is also responsible for the ratification of new top-level domains:
aero
biz
coop
info
museum
name
pro
asia
cat
jobs
mobi
tel
travel
© 2013 John Wiley & Sons, Inc.

81. Top-Level Domains
The root name servers do nothing but respond to millions of requests by sending out the addresses of the authoritative servers for the top-level domains.
The top-level domain servers do the same for the second-level domains.
There are no hosts in the root or top-level domains.
© 2013 John Wiley & Sons, Inc.

82. Country Code Domains
There are hundreds of two-letter country-code top-level domains (ccTLDs):
fr for France
de for Deutschland (Germany)
us for the United States
ca for Canada
Each domain is permitted to establish its own prices and requirements for registration of subdomains.
Make note of the requirements for the us domain, of using 2 character state codes, plus a city code. adatum.chicago.il.us
© 2013 John Wiley & Sons, Inc.

83. Second-Level Domains
Each top-level domain has its own collection of second-level domains.
Individuals and organizations can purchase these domains for their own use.
To use the domain name, you must supply the registrar with the IP addresses of two DNS servers that you want to be the authoritative sources for information about the domain.
The administrators of the top-level domain servers then create resource records pointing to these authoritative servers.
Explain how the DNS servers will resolve these newly registered Second-Level Domains.
© 2013 John Wiley & Sons, Inc.

84. Subdomains
Once you purchase the rights to a second-level domain, you can create as many hosts as you want in that domain by creating new resource records on the authoritative servers.
You can also create as many additional domain levels as you want with only a few limitations:
Each individual domain name can be no more than 63 characters long.
The total FQDN (including the trailing period) can be no more than 255 characters long.
Use the contoso.com and sales.contoso.com examples as in the book to explain subdomains. Explain why companies might want to do this.
© 2013 John Wiley & Sons, Inc.

85. DNS Messaging
The Domain Name System uses a single message format for all communications that consists of the following five sections:
Header: Contains information about the nature of the message.
Question: Contains the information being requested from the destination server.
Answer: Contains resource records supplying the information requested in the Question section.
Authority: Contains resource records pointing to an authority for the information requested in the Question section.
Additional: Contains resource records with additional information in response to the Question section.
Every DNS message has a Header section, and the other four sections are included only if they contain data. Describe the messaging process when a request and a response happens.
© 2013 John Wiley & Sons, Inc.

86. DNS Communications
Type a URL containing a DNS name ( into the browser's Address box and press Enter.
You will see a message that says something like “Finding Site:
Then, a few seconds later, you will see a message that says “Connecting to,” followed by an IP address.
It is during this interval that the DNS name resolution process occurs.
© 2013 John Wiley & Sons, Inc.

87. DNS Communications
Use the steps in the book to explain the DNS communication process on the next slides.
A DNS client sends a name resolution request to its designated DNS server
© 2013 John Wiley & Sons, Inc.

88. DNS Communications
Use the steps in the book to explain the DNS communication process on the next slides.
The client’s DNS server forwards an iterative query to a root name server
© 2013 John Wiley & Sons, Inc.

89. DNS Communications
Use the steps in the book to explain the DNS communication process on the next slides.
The client’s DNS server forwards an iterative query to a top-level domain server
© 2013 John Wiley & Sons, Inc.

90. DNS Communications
Use the steps in the book to explain the DNS communication process on the next slides.
The client’s DNS server forwards an iterative query to a second-level domain server
© 2013 John Wiley & Sons, Inc.

91. DNS Communications
Use the steps in the book to explain the DNS communication process on the next slides.
The client’s DNS server returns the IP address supplied by the authoritative server to the client
© 2013 John Wiley & Sons, Inc.

92. DNS Server Caching
DNS servers are capable of retaining the information they learn about the DNS name space in the course of their name resolution procedures and storing it in a cache on the local drive.
The next time that a client requests the resolution of a previously resolved name, the server can respond immediately with the cached information.
© 2013 John Wiley & Sons, Inc.

93. DNS Server Caching
Name caching enables the second name resolution request for the same name to bypass the referral process
© 2013 John Wiley & Sons, Inc.

94. Negative Caching
Negative caching occurs when a DNS server retains information about names that do not exist in a domain.
Top-level domain server will return a reply containing an error message which will then be retained in the requesting DNS server’s cache.
© 2013 John Wiley & Sons, Inc.

95. Cache Data Persistence
Caching is a vital element of the DNS architecture, because it reduces the number of requests sent to the root name and top-level domain servers.
The amount of time that DNS data remains cached on a server is called its Time To Live (TTL).
The administrators of each authoritative DNS server specify how long the data for the resource records in their domains or zones should be retained in the servers where it is cached.
© 2013 John Wiley & Sons, Inc.

96. DNS Referrals and Queries
The process by which one DNS server sends a name resolution request to another DNS server is called a referral.
DNS servers recognize two types of name resolution requests:
Recursive query: The DNS server receiving the name resolution request takes full responsibility for resolving the name. If the server possesses information about the requested name, it replies immediately to the requestor.
Iterative query: The server that receives the name resolution request immediately responds with the best information it possesses at the time. This information could be cached or authoritative, and it could be a resource record containing a fully resolved name or a reference to another DNS server. DNS servers use iterative queries when communicating with each other.
Explain recursive and iterative queries in more detail. It might be useful to go back to the diagrams showing DNS Communications.
© 2013 John Wiley & Sons, Inc.

97. DNS Forwarders
DNS servers send recursive queries to other servers when you configure a server to function as a forwarder.
On a network running several DNS servers, you may not want all the servers sending queries to other DNS servers on the Internet.
© 2013 John Wiley & Sons, Inc.

98. Reverse Name Resolution
Reverse name resolution is when a computer needs to convert an IP address into a DNS name.
A special domain called in-addr.arpa is specifically designed for reverse name resolution.
For example, to resolve the IP address into a name, a DNS server would locate a domain called in-addr.arpa in the usual manner and read the contents of a resource record named 34 in that domain.
Use the information in the book to explain how the in-addr.arpa reverse lookup domain is set up and then use the example to explain how the reverse lookup is resolved. Use the diagram on the next slide.
© 2013 John Wiley & Sons, Inc.

99. Reverse Name Resolution
The DNS reverse lookup domain
© 2013 John Wiley & Sons, Inc.

100. Designing a DNS Deployment
Every computer on a TCP/IP network needs access to a DNS server.
Internet service providers (ISPs) nearly always include the use of their DNS servers into their rates, and in some cases, it might be better to use other DNS servers, rather than run your own.
The first factor in designing a DNS deployment is what DNS services your network requires.
© 2013 John Wiley & Sons, Inc.

101. Resolving Internet Names
A caching-only server is not the authoritative source for any domain and hosts no resource records of its own.
It is used for Internet name resolution purposes, and it processes incoming queries from resolvers and sends its own queries to other DNS servers on the Internet.
As a general rule, if your network requires no DNS services other than name resolution, you should consider using off-site DNS servers.
Explain the two scenarios related to caching-only servers on the next two slides.
© 2013 John Wiley & Sons, Inc.

102. Resolving Internet Names
Using an ISP’s caching-only DNS server
© 2013 John Wiley & Sons, Inc.

103. Resolving Internet Names
Using your own caching-only DNS server
© 2013 John Wiley & Sons, Inc.

104. Hosting Internet Domains
One advantage to hosting your domain on your own DNS servers is the ability to modify your resource records at will.
Using a commercial domain hosting service provides greater reliability, in the form of redundant servers and Internet connections, so your DNS records are always available.
© 2013 John Wiley & Sons, Inc.

105. Hosting Active Directory Domains
You must have at least one DNS server on the network that supports the Service Location (SRV) resource record, in order to run Active Directory Domain Services (AD DS).
The DNS server does not have to have a registered IP address or an Internet domain name.
© 2013 John Wiley & Sons, Inc.

106. Integrating DHCP and DNS
To resolve a DNS name into an IP address, the DNS server must have a resource record containing a name and IP address.
DHCP creates an environment where IP addresses can change.
Dynamic Updates in the Domain Name System (DNS UPDATE) enables a DNS server to modify resource records at the request of DHCP servers and clients.
When a DHCP server assigns an address to a client, it also sends the commands to the DNS server to create or update the records.
© 2013 John Wiley & Sons, Inc.

107. Separating DNS Services
You do not have to choose to have your DNS servers entirely external, or entirely internal.
It is possible to use a single DNS server to host both Internet and Active Directory domains, as well as to provide clients with name resolution services and DHCP support.
Services are independent from each other; therefore, you might want to split these functions by using several DNS servers.
You can use a commercial service provider to host your Internet domain while keeping your Active Directory domain hosting and dynamic update services internal.
Have a discussion about the different ways the DNS services can be divided or not.
© 2013 John Wiley & Sons, Inc.

108. Creating Internet Domains
Most organizations register a single second-level domain and use it to host all their Internet servers.
The name will depend on what is available.
If your name is already taken:
Choose a different domain name.
Register the name in a different top-level domain.
Attempt to purchase the domain name from its current owner.
© 2013 John Wiley & Sons, Inc.

109. Creating Internet Domains
Some organizations maintain multiple sites on the Internet.
There are two basic ways to implement multiple sites on the Internet:
Register a single second-level domain name and then create multiple subdomains beneath.
Register multiple second-level domains: If your organization consists of multiple, completely unrelated brands or operations, this is often the best solution.
Describe different scenarios using examples from the book, where you might use either of these methods for having multiple sites on the Internet.
© 2013 John Wiley & Sons, Inc.

110. Creating Internal Domains
When you are designing a DNS namespace for a network that uses Active Directory Domain Services, the DNS domain name hierarchy is directly related to the directory service hierarchy.
© 2013 John Wiley & Sons, Inc.

111. Names for Your Internal Domains
Keep domain names short
Avoid an excessive number of domain levels
Create a naming convention and stick to it
Avoid obscure abbreviations
Avoid names that are difficult to spell
Expand on the rules for creating names for your Internal Domains.
© 2013 John Wiley & Sons, Inc.

112. Naming for a Network Connected to the Internet
Use registered domain names
Do not use top-level domain names or names of commonly known products or companies
Use only characters that are compliant with the Internet standard
Expand on the rules for creating names for your Internal Domains that are connected to the Internet
© 2013 John Wiley & Sons, Inc.

113. Creating Subdomains
The primary reason for creating subdomains is to delegate administrative authority for parts of the namespace
You can create subdomains based on geographical locations or logical divisions within your company, or any way you want
© 2013 John Wiley & Sons, Inc.

114. Combining Internal and External Domains
Use the same domain name internally and externally: A computer in the internal network could have the same DNS name as a computer on the external network. This duplication wreaks havoc with the name resolution process. Strongly discouraged. Create separate and unrelated internal and external domains: By using different domain names for your internal and external networks, you eliminate the potential name resolution conflicts that come with using the same domain name for both networks. Make the internal domain a subdomain of the external domain: Microsoft recommends combining internal and external networks by registering a single Internet domain name and using it for external resources, and then creating a subdomain beneath that domain name and using it for your internal network.
Discuss the 3 strategies for Combining Internal and External (Internet) Domains.
© 2013 John Wiley & Sons, Inc.

115. Combining Internal and External Domains
Internal and external domain names
© 2013 John Wiley & Sons, Inc.

116. Creating Host Names
Create hosts the same way you create domains—devise a naming rule and then stick to it.
In many cases, host-naming rules are based on users, geographical locations, or the function of the computer.
© 2013 John Wiley & Sons, Inc.

117. Creating Host Names—Best Practices
Create easily remembered names
Use unique names throughout the organization
Do not use case to distinguish names
Use only characters supported by all your DNS servers
Discuss and expand on the Best Practices for creating host names
© 2013 John Wiley & Sons, Inc.

118. Deploying a DNS Server
Install the DNS Server role, using the Add Roles and Features Wizard in Server Manager.
The server is ready to perform caching-only name resolution services for any clients that have access to it.
Use the DNS Manager console to configure the DNS server’s other capabilities.
© 2013 John Wiley & Sons, Inc.

119. Creating Zones
A zone is an administrative entity you create on a DNS server to represent a discrete portion of the DNS namespace.
Zones always consist of entire domains or subdomains.
Usually, administrators create multiple zones on a server and then delegate most of them to other servers for hosting.
Every zone consists of a zone database, which contains the resource records for the domains in that zone.
© 2013 John Wiley & Sons, Inc.

120. Valid zones must consist of contiguous domains
Creating Zones
Valid zones must consist of contiguous domains
© 2013 John Wiley & Sons, Inc.

121. Zone Types
Primary zone: Contains the master copy of the zone database, where administrators make all changes to the zone’s resource records.
Secondary zone: A duplicate of a primary zone on another server that contains a backup copy of the primary master zone database file, stored as an identical text file on the server’s local drive.
Stub zone: A copy of a primary zone that contains the key resource records that identify the authoritative servers for the zone. The stub zone forwards or refers requests.
© 2013 John Wiley & Sons, Inc.

122. Using Active Directory-Integrated Zones
Storing the DNS database in Active Directory provides a number of advantages:
Ease of administration
Conservation of network bandwidth
Increased security
The zone database is replicated automatically to other domain controllers, along with all other Active Directory data.
© 2013 John Wiley & Sons, Inc.

123. Creating Resource Records
When you run your own DNS server, you create a resource record for each host name that you want to be accessible by the rest of the network.
© 2013 John Wiley & Sons, Inc.

124. Types of Resource Records (1)
The most important types of resource record used by DNS servers:
SOA (Start of Authority): Indicates that the server is the best authoritative source for data concerning the zone. Each zone must have an SOA record, and only one SOA record can be in a zone.
NS (Name Server): Identifies a DNS server functioning as an authority for the zone. Each DNS server in the zone (whether primary master or secondary) must be represented by an NS record.
A (Address): Provides a name-to-address mapping that supplies an IPv4 address for a specific DNS name. This record type performs the primary function of the DNS, converting names to addresses.
AAAA (Address): Provides a name-to-address mapping that supplies an IPv6 address for a specific DNS name. This record type performs the primary function of the DNS, converting names to addresses.
© 2013 John Wiley & Sons, Inc.

125. Types of Resource Records (2)
PTR (Pointer): Provides an address-to-name mapping that supplies a DNS name for a specific address in the in-addr.arpa domain. This is the functional opposite of an A record, used for reverse lookups only.
CNAME (Canonical Name): Creates an alias that points to the canonical name (i.e., the “real” name) of a host identified by an A record. Used to provide alternative names by which systems can be identified.
MX (Mail Exchanger): Identifies a system that will direct traffic sent to an address in the domain to the individual recipient, a mail gateway, or another mail server.
© 2013 John Wiley & Sons, Inc.

126. Configuring DNS Server Settings
Once you have installed a DNS server and created zones and resource records on it, there are many settings you can alter to modify its behavior.
Use the next two slides to explain what Active Directory DNS Replication and Root Hints are.
© 2013 John Wiley & Sons, Inc.