Ersin KARA Istanbul Kültür Üniversitesi Bilgisayar Mühendisliği III Ersin KARA Istanbul Kültür Üniversitesi Bilgisayar Mühendisliği III.Sınıf

Configuring a Client for Name Resolution

Resolving Names

Resolving Host Names by Using Domain Name System (DNS)

The Name Resolution Process A DNS client can use several different methods to resolve an IP address from an FQDN 192.168.1.5 192.168.0.5 DNS Server 192.168.2.102 Payroll.contoso.msft Corp01.contoso.msft

The Types of Names Computers Use Description NetBIOS Names 16-byte address Can represent a single computer or group of computers 15 characters used for the name 16th character is used by the services that a computer offers to the network Host Names Assigned to a computer’s IP address 255 characters in length Can contain alphabetic and numeric characters, hyphens, and periods. Can take various forms Alias Domain name

What is the IP address for s1? Using a Hosts File What is the IP address for s1? 1 127.0.0.1 localhost 131.107.34.1 router 172.30.45.121 server1.central.microsoft.com s1 Hosts File 172.30.45.121 2 Client

Using Dynamic Name Resolution What Is WINS? What Is DNS? The DNS Suffix

What Is WINS? ? 1 2 3 OK Queries a WINS Server Payroll WINS Server NetBIOS Name Registration Query OK ? Queries a WINS Server Determines if name is in use or not If not in use, then registers the NetBIOS name and associated IP address 1 2 3

FQDN: printserver.contoso.com. Other top-level domains What Is DNS? FQDN: printserver.contoso.com. Root domain ( “.” Root) Other top-level domains Com Parent domain Edu Org Contoso Child domain printserver accounts payroll

The DNS Suffix corp05.contoso.com. corp01.sales.contoso.com. “.” Root FQDN corp05.contoso.com. corp01.sales.contoso.com. DNS Suffix Host Name corp01 = 192.168.0.67 corp05 = 192.168.0.66 com “.” Root contoso sales

How Client Names Are Resolved Enter command 1 Name is resolved Lmhosts File 8 DNS name cache 2 Broadcast 7 WINS Server 6 Hosts File 3 DNS Server 4 NetBIOS name cache 5

How Names Are Mapped to IP Addresses Name Resolution Service 192.168.1.200 Computer44 Where is the Computer44 file? 1 2 3

server1.training.nwtraders.msft. What Are Host Names? A host name is the DNS name, of a device on a network, that is used to locate computers on the network Examples: Server1 = 192.168.0.67 Server1 = 192.168.0.66 msft “.” Root nwtraders training FQDN server1.nwtraders.msft. server1.training.nwtraders.msft. DNS Suffix Host Name

What Are NetBIOS Names? A NetBIOS name is an identifier used by NetBIOS services running on a computer. It is made up of a 15-character name plus a 16th character (byte) denoting the service NetBIOS Name 16th character Services IP address Server2 00 Workstation 192.168.0.39 20 Server 01 Messenger Server2

Configuring Host Name Resolution The Host Name Resolution Process Client Resolver Cache How to View and Flush the Client Resolver Cache Hosts File How to Preload the Client Resolver Cache by Using a Hosts File

The Host Name Resolution Process Client Resolver Cache/Hosts File NetBIOS Name Cache DNS WINS Broadcast Lmhost File 2 1 192.168.1.35 Salescomputer2 What is the IP address for Salescomputer2? 3 Salescomputer2 Host name resolution is the process of resolving a host name to an IP address

Client Resolver Cache The client resolver cache is a location in memory that stores host names that have recently been resolved to IP addresses. It also stores host name-to-IP address mappings loaded from the Hosts file Computer1 Resolved host names from the DNS server Hosts File

Hosts File The Hosts file is a static file that is maintained on the local computer and that is used to load host name-to-IP address mappings into the client resolver cache # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # For example: #      102.54.94.97     rhino.acme.com         # source server #       38.25.63.10     x.acme.com               # x client host   127.0.0.1       localhost Computer1 Hosts File

Overview of Domain Name System Domain Name System (DNS) is a hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses DNS is the foundation of the Internet naming scheme and the foundation of an organization’s naming scheme DNS supports accessing resources by using alphanumeric names InterNIC is responsible for delegating administrative responsibility for portions of the domain namespace and for registering domain names DNS was designed to solve issues that arose when there was an increase in the: Number of hosts on the Internet Traffic generated by the update process Size of the Hosts file

What Is a Domain Namespace? Root Domain net com org Top-Level Domain nwtraders Second-Level Domain west south east Subdomains sales FQDN: server1.sales.south.nwtraders.com Host: server1

Standards for DNS Naming The following characters are valid for DNS names: A-Z a-z 0-9 Hyphen (-) The underscore (_) is a reserved character

What Are the Components of a DNS Solution? DNS Servers on the Internet DNS Servers DNS Clients Root “.” .com .edu Resource Record

What Is a DNS Query? A query is a request for name resolution to a DNS server. There are two types of queries: recursive and iterative DNS clients and DNS servers both initiate queries for name resolution An authoritative DNS server for the namespace of the query will either: Check the cache, check the zone, and return the requested IP address Return an authoritative, “No” A non-authoritative DNS server for the namespace of the query will either: Forward the unresolvable query to a specific query server called a Forwarder Use root hints to locate an answer for the query

How Recursive Queries Work A recursive query is a query made to a DNS server, in which the DNS client asks the DNS server to provide a complete answer to the query DNS server checks the forward lookup zone and cache for an answer to the query Computer1 Recursive query for mail1.nwtraders.com 172.16.64.11 Database Local DNS Server

How Root Hint Works Root hints are DNS resource records stored on a DNS server that list the IP addresses for the DNS root servers Cluster of DNS Servers Cluster of Root (.) Servers Root Hints com DNS Server microsoft Computer1

How Iterative Queries Work An iterative query is a query made to a DNS server in which the DNS client requests the best answer that the DNS server can provide without seeking further help from other DNS servers. The result of an iterative query is often a referral to another DNS server lower in the DNS tree Iterative Query Local DNS Server Root Hint (.) Ask .com 1 Iterative Query .com Ask nwtraders.com Recursive query for mail1.nwtraders.com 2 Iterative Query 172.16.64.11 Authoritative Response 3 Computer1 nwtraders.com

Authoritative Response How Forwarders Work A forwarder is a DNS server designated by other internal DNS servers to forward queries for resolving external or offsite DNS domain names Iterative Query Forwarder Root Hint (.) Ask .com Iterative Query .com Ask nwtraders.com Recursive Query 172.16.64.11 Iterative Query 172.16.64.11 Authoritative Response Recursive query for mail1.nwtraders.com nwtraders.com Local DNS Server Computer1

How DNS Server Caching Works Caching Table Host Name IP Address TTL clientA.contoso.msft. 192.168.8.44 28 seconds ClientA is at 192.168.8.44 Where’s Client A? ClientA Client1 Where’s Client A? ClientA is at 192.168.8.44 Client2 Caching is the process of temporarily storing recently accessed information in a special memory subsystem for quicker access

Configuring DNS Zones How DNS Data Is Stored and Maintained What Are Resource Records and Record Types? What Is a DNS Zone? What Are DNS Zone Types? How to Change a DNS Zone Type What Are Forward and Reverse Lookup Zones? How to Configure Forward and Reverse Lookup Zones

How DNS Data Is Stored and Maintained Namespace: training.nwtraders.msft DNS Server Resource records for the zone training.nwtraders.msft Host name IP address DNS ClientA 192.168.2.45 DNS ClientB 192.168.2.46 DNS ClientC 192.168.2.47 Zone File: Training.nwtraders.msft.dns DNS ClientC DNS ClientA DNS ClientB A resource record (RR) is a standard DNS database structure containing information used to process DNS queries A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS namespace

What Are Resource Records and Record Types? Description A Resolves a host name to an IP address PTR Resolves an IP address to a host name SOA The first record in any zone file SRV Resolves names of servers providing services NS Identifies the DNS server for each zone MX The mail server CNAME Resolves from a host name to a host name

What Is a DNS Zone? Nwtraders West South Support Sales Training North

What Are DNS Zone Types? Zones Description Primary Read/write copy of a DNS database Secondary Read-only copy of a DNS database Stub Copy of a zone containing limited records Read/Write Read-Only Copy of limited records

What Are Forward and Reverse Lookup Zones? Namespace: training.nwtraders.msft. Forward zone Training DNS Client1 192.168.2.45 DNS Client2 192.168.2.46 DNS Client3 192.168.2.47 Reverse zone 1.168.192.in-addr.arpa DNS Server Authorized for training DNS Client2 = ? 192.168.2.46 = ? DNS Client3 DNS Client1 DNS Client2

Configuring DNS Zone Transfers How DNS Zone Transfers Work How DNS Notify Works How to Configure DNS Zone Transfers

How DNS Zone Transfers Work A DNS zone transfer is the synchronization of authoritative DNS zone data between DNS servers 1 SOA query for a zone 2 SOA query answered 3 IXFR or AXFR query for a zone IXFR or AXFR query answered (zone transfer) 4 Secondary Server Primary and Master Server

How DNS Notify Works A DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur Resource record is updated 1 Destination Server Source Server SOA serial number is updated 2 3 DNS notify Zone transfer 4 Secondary Server Primary and Master Server

What Are Dynamic Updates? A dynamic update is the process of a DNS client dynamically creating, registering, or updating its records in zones that are maintained by DNS servers that can accept and process messages for dynamic updates A manual update is the process of an administrator manually creating, registering, or updating the resource record Dynamic update enables DNS client computers to interact automatically with the DNS server to register and update their own resource records Organizations that have dynamic changes can benefit from the dynamic method of updating DNS resource records Organizations may benefit from manual update if they: Are in a smaller environment that has few changes to their resource records Have isolated instances, such as when a larger organization chooses to control every address on every host.

How DNS Clients Register and Update Their Own Resource Records by Using Dynamic Updates DNS Server Client sends SOA query 1 DNS server sends zone name and server IP address 2 1 2 3 4 5 3 Client verifies existing registration DNS server responds by stating that registration does not exist 4 Client sends dynamic update to DNS server 5 Windows Server 2003 Windows XP Windows 2000

How a DHCP Server Registers and Updates Resource Records by Using Dynamic Updates DNS Server DHCP client makes an IP lease request DHCP server grants IP lease DHCP server automatically generates client’s FQDN Using dynamic update, the DHCP server updates the DNS forward and reverse records for the client 1 2 3 4 Resource Records 3 4 1 2 Window Server 2003 Running DHCP IP Address Lease DHCP Down- level Client

What Is an Active Directory-Integrated DNS Zone? DNS zone type Benefit Non Active Directory-integrated zone Does not require Active Directory Active Directory-integrated zone Stores DNS zone data in Active Directory and is thus more secure Uses Active Directory replication instead of zone transfers Allows only secure dynamic updates Uses multi-master instead of single master structure An Active Directory-integrated DNS zone is a DNS zone stored in Active Directory

How Active Directory-Integrated DNS Zones Use Secure Dynamic Updates A secure dynamic update is a process in which a client submits a dynamic update request to a DNS server, and the server attempts the update only if the client can prove its identity and has the proper credentials to make the update Find authoritative server DNS Client running Windows XP Local DNS Server Result Find authoritative server Result Attempt non-secure update Refused Secure update negotiation Accepted Domain Controller with Active Directory- Integrated DNS Zone

Configuring a DNS Client How Preferred and Alternate DNS Servers Work How Suffixes Are Applied How to Configure a DNS Client

How Preferred and Alternate DNS Servers Work 3. Optionally, you can enter a whole list of alternate DNS servers 1. The preferred DNS server is the one that the client tries first 4. The preferred and alternate DNS servers specified on the Properties page automatically appear at the top of this list, and preferred and alternate servers are queried in the order they are listed 2. If the preferred server fails, the client tries the alternate DNS server

How Suffixes Are Applied Suffix Selection option Domain suffix search list Connection Specific Suffix Name query = server1 server1.sales.south.nwtraders.com server1.south.nwtraders.com server1.nwtraders.com

Delegating Authority for Zones What Is Delegation of a DNS Zone? How to Delegate a Subdomain to a DNS Zone

What Is Delegation of a DNS Zone? Namespace: training.nwtraders.msft DNS server The administrator, at the nwtraders.com level of the namespace, delegates authority for training.nwtraders.com and offloads administration of DNS for that part of the namespace training.nwtraders.msft Training.nwtraders.com now has its own administrator and DNS server to resolve queries in that part of the namespace/organization DNS server training.nwtraders.msft Delegation is the process of assigning authority over child domains in your DNS namespace to another entity by adding records in the DNS database

Managing and Monitoring Domain Name System (DNS)

Overview Configuring the Time-to-Live Value Configuring Aging and Scavenging Integrating DNS with WINS Testing the DNS Server Configuration Verifying that a Resource Record Exists by Using Nslookup, DNSCmd, and DNSLint Monitoring DNS Server Performance

Configuring the Time-to-Live Value How the Time-to-Live Value Works How to Configure the Time-to-Live Value

How the Time-to-Live Value Works The Time-to-Live (TTL) value is a time-out value expressed in seconds that is included with DNS records that are returned in a DNS query  Resource Record Resource Record Cache Cache Zone Authoritative DNS Server2 DNS Client DNS Server1 TTL set on the zone The records in the zone are sent to other DNS servers and clients in response to queries 1 DNS servers and DNS clients that store the record in their cache hold the record for the TTL period supplied in the record 2 When the TTL expires, the record is removed from the cache 3

How to Configure the Time-to-Live Value Your instructor will demonstrate how to: Adjust the TTL value for a zone Adjust the TTL value for a resource record

Configuring Aging and Scavenging What Are Aging and Scavenging Parameters? How Aging and Scavenging Work How to Configure Aging and Scavenging

What Are Aging and Scavenging Parameters? Aging is the process that determines whether a stale DNS resource record should be removed from the DNS database   Scavenging is the process of cleaning and removing outdated or extinct names data from the WINS database A refresh attempt is the process of a computer requesting a refresh on its DNS record Parameter Description Example No Refresh Interval The time period when the DNS server does not accept refresh attempts 7-days (default) Refresh Interval The time period when the DNS server does accept refresh attempts

How Aging and Scavenging Works 7-days 7-days Jan 1 Jan 8 Jan 15 Time stamped No-Refresh interval Refresh interval Scavenge Aging

How to Configure Aging and Scavenging Your instructor will demonstrate how to: Set aging/scavenging parameters for the DNS server Set aging/scavenging parameters on a DNS zone Enable automatic scavenging of stale resource records on a DNS server Start immediate scavenging of stale resource records View when a zone can start scavenging stale resource records Configure the time stamp on a DNS resource record View the time stamp on a dynamic resource record

Integrating DNS and WINS Multimedia: DNS and WINS Integration How to Integrate DNS with WINS

DNS and WINS Integration The objective of this presentation is to explain how DNS and WINS can be integrated in the network infrastructure At the end of this presentation, you will be able to: Define DNS and WINS integration Explain how host names and NetBIOS names fit into DNS and WINS integration Describe how DNS and WINS integration works

Testing the DNS Server Configuration How Simple and Recursive Queries Work How to Test the DNS Server Configuration

How Simple and Recursive Queries Work A simple query is a query that performs a local test by using the DNS client to query the DNS server A recursive query is a query that tests a DNS server by forwarding a recursive query to another DNS server DNS Server DNS Root Server DNS Service Authoritative zone: training.nwtraders.msft DNS Client Resolver

Verifying that a Resource Record Exists by Using Nslookup, DNSCmd, and DNSLint Why Verify that a Resource Record Exists? Nslookup DNSCmd DNSLint How to Verify that a Resource Record Exists by Using Nslookup, DNSCmd, and DNSLint

Why Verify that a Resource Record Exists? To identify issues with your DNS solution, you can verify: Missing records Incomplete records Incorrectly configured records You can use the following three utilities to monitor DNS: Nslookup DNSCmd DNSLint

Nslookup Nslookup is a command-line utility used to diagnose DNS infrastructure

DNSCmd DNSCmd is a DNS support tool which allows you to complete many DNS administrative tasks on the DNS server from a command prompt

DNSLint DNSLint is a Microsoft Windows utility that can run a series of queries to help diagnose common DNS name resolution issues

Monitoring DNS Server Performance Guidelines for Monitoring DNS Server Performance by Using the Performance Console What Is a DNS Event Log? What Is DNS Debug Logging? How to Monitor DNS Server Performance by Using Logging

Monitoring DNS Server Performance Guidelines for Monitoring DNS Server Performance by Using the Performance Console What Is a DNS Event Log? What Is DNS Debug Logging? How to Monitor DNS Server Performance by Using Logging

Guidelines for Monitoring DNS Server Performance by Using the Performance Console Performance counter What to look for after a baseline is established Dynamic Update Rejected Any increase over the baseline may be cause for further investigation Recursive Queries/sec If this counter goes dramatically up or down, then it should be further investigated AXFR Request Sent If this counter goes dramatically above the baseline, then it could reflect a need to review the number of changes in the zone and the configuration of zone transfers

What Is a DNS Event Log? A DNS event log is a system log configured to log only DNS events

What Is DNS Debug Logging? DNS debug logging is an optional logging tool for DNS that stores the DNS information that you select Primary DNS Server1 Secondary DNS Server2

Questions