Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS
2 Objectives Understand the fundamentals of the Domain Name System (DNS) Install the DNS service on Windows Server 2003 Create and configure both standard and Active Directory–integrated DNS zones Understand the purpose of name resolution files in Windows Server 2003 Troubleshoot name resolution problems in Windows Server 2003
3 DNS Fundamentals Domain Name System (DNS) –Used by Windows Server 2003 for Resolving host and domain names to IP addresses Locating network services in an Active Directory environment
4 Basics of DNS DNS –Uses a hierarchical structure –Enables users to access servers using a user- friendly name, such as –Main components Domain namespace –The DNS hierarchical structure of domains DNS zones –One or more DNS domains grouped together for administrative purposes Name servers –A DNS server that holds all of the host records for a specific zone
5 Basics of DNS (Continued) The root domain –Located at the top of the DNS hierarchical structure –Often represented by a period, or “.” First-level domains –Located below the root domain –Examples:.com,.org,.mn Second-level domains –Located below the first-level domains –Usually represent an organization’s name –Examples: Microsoft, Dovercorp
6 Basics of DNS (Continued) Host –A computer that is a member of a specific DNS domain within the network structure –Referred to by its fully qualified domain name (FQDN) Example:
7 The DNS namespace
8 Basics of DNS (Continued) DNS zones –One or more domains that are grouped together for administrative purposes –Types of zones Forward lookup zones –Used to find the IP address associated with a host name Reverse lookup zones –Used for find the FQDN or host name associated with a known IP address
9 Basics of DNS (Continued) Primary DNS server –Contains all of the records for a specific DNS zone –Authoritative for a zone Secondary DNS server –Contains zone information that is copied from a primary DNS server or other secondary servers –Used to provide Backup Load-balancing Zone transfer –Copying DNS database information between primary and secondary name servers
10 The Name Resolution Process When a client needs to communicate with a computer on a local network or the Internet, the host name or FQDN is usually supplied Each client is configured to contact a specific DNS name server whenever it needs to resolve an FQDN to an IP address A specific process is followed when a client attempts to contact a computer using a FQDN
11 Installing DNS DNS service –Not installed by default during the Windows Server 2003 installation process –Can be added either Automatically as part of promoting a server to be an Active Directory domain controller As a separate service Caching-only server –A DNS server with no zone files configured that only caches information A number of properties can be configured for a new DNS server
12 DNS server properties
13 Creating and Configuring DNS Zones To create and configure a forward or reverse lookup zone –Must be a member of the local Administrators group If the server is a domain controller –Must be a member of at least one of the following global groups Domain Admins Enterprise Admins DNS Admins
14 Creating and Configuring DNS Zones (Continued) Windows Server 2003 supports two main types of DNS zones –Standard zones –Active Directory–integrated zones
15 Standard DNS Zones Standard DNS zone –The traditional zone type used by most implementations of DNS –Places DNS zone information into a text file stored in the %systemroot%\system32\dns folder on the server
16 Standard DNS Zones (Continued) Files used by a standard DNS zone –CACHE.DNS Contains records for all 13 Internet root servers –dns.log Gathers DNS information when DNS Debug Logging is explicitly enabled in the DNS console –domainname.dns Acts as the storage location for a given zone and holds all applicable resource records
17 Standard DNS Zones (Continued) Main types of standard DNS zones –Standard primary zone Authoritative for one or more domains Represents the only writable copy of the zone file –Standard secondary zone Used for load balancing and redundancy of DNS
18 Active Directory-Integrated DNS Zones Active Directory–integrated DNS zones –Store zone information within the Active Directory database –Advantages DNS zone information is automatically replicated to all domain controllers specified in the Active Directory environment Provides an additional layer of security if dynamic DNS updates are enabled through the secure dynamic updates feature
19 DNS Resource Records Once a new DNS zone is created and defined, resource records must be added to the server for it to respond to DNS client requests Two resource records are created by default and added to a new zone once created –Start of Authority (SOA) record Designates server as authoritative for a zone Stores additional information, such as –Zone file serial number –Time-to-live (TTL) intervals –Name Server (NS) record Specifies the FQDN of a name server that is authoritative for the zone
20 DNS resource record types
21 DNS Resource Records (Continued) Zone transfer methods supported by Windows Server 2003 –Full zone transfer (AXFR) Transfers the entire contents of the DNS zone database from a standard primary server to a standard secondary server –Incremental zone transfer (IXFR) Transfers only changes to the zone database file not currently present in the secondary server’s version of the DNS zone database
22 DNS Resource Records (Continued) Scenarios under which a zone transfer occurs –The refresh interval for the zone has expired –The primary server notifies the secondary servers that changes to the zone file exist –The DNS service is restarted on the secondary server –The zone transfer process is manually initiated from the DNS console of the secondary server
23 DNS Resource Records (Continued) DNS Notify feature –Allows a primary DNS server to notify any secondary servers of when changes to the DNS zone database have occurred –To use the feature Configure the Notify properties of a DNS zone with the IP addresses of all standard primary servers
24 Configuring the notify properties for a primary zone
25 DNS Forwarders A DNS forwarder –A server to which unresolved DNS queries can be forwarded by other DNS servers –Advantage Speeds up the name resolution process
26 Configuring Dynamic DNS Updates Windows Server 2003 DNS supports the dynamic updating of resource records –Advantage An administrator does not have to manually update the resource records in a zone file
27 Configuring Dynamic DNS Updates (Continued) Dynamic updates are configured on a zone-by- zone basis Options available for configuring dynamic updates –No –Yes –Only secure updates
28 Configuring DNS Client Settings The DNS tab of the Advanced properties of a client’s TCP/IP settings –First section Allows you –To add or remove the IP addresses of DNS servers that the client will use –Control the order in which the servers are contacted
29 Configuring DNS Client Settings (Continued) The DNS tab (Continued) –Middle section Allows you to control how the client will handle name resolution requests that are not fully qualified –Options for handling this situation »Append primary and connection specific DNS suffixes »Append parent suffixes of the primary DNS suffix »Append these DNS suffixes (in order)
30 Configuring DNS Client Settings (Continued) The DNS tab (Continued) –Last section Allows you to configure DNS settings specific to a particular network connection Settings in this section –DNS suffix for this connection –Register this connection’s addresses in DNS –Use this connection’s DNS suffix in DNS registration
31 Client DNS settings in the Advanced TCP/IP Settings dialog box
32 Testing the DNS Server Utilities that can be used to test the server to ensure that lookup queries and resource records are properly configured –DNS Monitor Found on the Monitoring tab of a DNS server’s properties dialog box Allows you to perform both simple and recursive DNS queries –Nslookup A command-line utility Can be used to view resource records and perform queries on any DNS server
33
34 Testing a DNS server via the Monitoring tab
35 Name Resolution Files Static text files which can be used by Windows Server 2003 for resolving names to IP addresses –HOSTS file Used for resolving host names and FQDNs to IP addresses –LMHOSTS file Used for mapping NetBIOS names to IP addresses
36 The HOSTS File Stored in the %systemroot%\system32\drivers\etc directory By default, consists of a single host name to IP address mapping –The localhost entry, with an IP address of Commonly used for testing purposes, especially in cases where host name or FQDN resolution is required, but DNS has yet to be configured
37 Default configuration of the HOSTS file
38 The LMHOSTS File Exists in the %systemroot%\system32\drivers\etc directory File extension –By default, includes the extension.SAM –Once configured and saved, should not include a file extension Exists for the purpose of mapping NetBIOS names to IP addresses A Windows Server 2003 system can be configured to disable LMHOSTS processing if required
39 Sample LMHOSTS file
40 Troubleshooting Name Resolution Problems Both host names and NetBIOS names must be considered during name resolution Windows Internet Name Service (WINS) –Used to resolve NetBIOS names to IP addresses –Assists pre-Windows 2000 clients in finding network resources, such as domain controllers –Can be installed via the Add or Remove Programs applet in Control Panel
41 Troubleshooting Name Resolution Problems (Continued) To troubleshoot name resolution problems on the network, you must be familiar with –The NetBIOS name resolution process A specific process followed when a client attempts to communicate with another computer using a NetBIOS utility –The host name resolution process A specific process followed when a client attempts to contact another computer using its host name or FQDN
42 DNS Troubleshooting Utilities Dnscmd.exe –A command-line tool that can be used As a troubleshooting tool To add, delete, view, and configure DNS settings
43 DNS Troubleshooting Utilities (Continued) DNS Events log file –Can be accessed via The Event Viewer MMC The DNS MMC –Stores the following kinds of events which are related to the DNS server service Information events Error events Warning events
44 DNS Events log even IDs
45 DNS Events log
46 DNS Troubleshooting Utilities (Continued) Utilities that are not exclusively for troubleshooting DNS –Netdiag.exe Provides the ability to test DNS connectivity when used with the /test:DNS switch –Netsh.exe Allows you to perform tests on a wide variety of network services, including DNS
47 DNS Troubleshooting Utilities (Continued) Utilities that are not exclusively for troubleshooting DNS (Continued) –Netstat.exe Allows you to view the status on TCP and UDR ports on the local computer when used with the -an switch –Portqry.exe Allows you to query a particular port on a network server to find out its status
48 Summary DNS is a Windows Server 2003 service used to –Resolve host names and FQDNs to IP addresses –Locate network services Types of DNS zones –Standard primary –Standard secondary –Active Directory-integrated Forward and reverse lookup zones files –A forward lookup zone file Used to map host names to IP addresses –A reverse lookup zone file Used to map IP addresses to host names
49 Summary (Continued) A DNS caching-only server –A DNS server that is not configured with any zone-related information DNS client configuration settings impact the way in which a client will –Be registered in DNS –Query a DNS server When configuring a DNS server, you can choose –Whether or not to allow dynamic updates –To only allow those computers with accounts in Active Directory to perform updates
50 Summary (Continued) Nslookup and DNS Monitor utilities –Provide methods to test the functionality of a DNS server Text files that may impact the name resolution process –HOSTS file Used to map host names and FQDNs to IP addresses –LMHOSTS file Used to map NetBIOS names to IP addresses
51 Summary (Continued) Dnscmd.exe utility and DNS Event log file –Two of the primary methods that can be used to troubleshoot DNS-related name resolution problems