Chapter 10 Configuring DNS MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410 MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410 Chapter 10 Configuring DNS Chapter 10 Configuring DNS

Objectives Describe the structure of Domain Name System Install and configure DNS Configure DNS zones Configure advanced DNS server settings Monitor and troubleshoot DNS Objectives Describe the structure of Domain Name System Install and configure DNS Configure DNS zones Configure advanced DNS server settings Monitor and troubleshoot DNS MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Introduction to Domain Name System Domain Name System (DNS) is a distributed hierarchical database composed mainly of computer name and IP address pairs Distributed means no single database contains all data and hierarchical means there’s no structure to how information is stored and accessed in the database In order to resolve a name to an address, a DNS lookup will often require multiple queries to a hierarchy of DNS servers Introduction to Domain Name System\ Domain Name System (DNS) is a distributed hierarchical database composed mainly of computer name and IP address pairs Distributed means no single database contains all data and hierarchical means there’s no structure to how information is stored and accessed in the database In order to resolve a name to an address, a DNS lookup will often require multiple queries to a hierarchy of DNS servers MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

The Structure of DNS DNS can be described as an inverted tree structure The entire DNS tree is called the DNS namespace Each domain has one or more servers that are authoritative for the domain Root servers keep a database of addresses of other DNS servers managing top-level domain names, called top-level domain (TLD) servers The Structure of DNS DNS can be described as an inverted tree structure The entire DNS tree is called the DNS namespace Each domain has one or more servers that are authoritative for the domain Root servers keep a database of addresses of other DNS servers managing top-level domain names, called top-level domain (TLD) servers MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Figure 10-1 A partial view of the DNS naming hierarchy MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

The DNS Database A zone is a grouping of DNS information that represents one or more domains and possibly sub-domains Zones contain a variety of record types called resource records, which contain information about network resources DNS records can be added and changed by: Static updates - administrator enters DNS record information manually Dynamic updates - referred to as Dynamic DNS (DDNS) The DNS Database A zone is a grouping of DNS information that represents one or more domains and possibly sub-domains Zones contain a variety of record types called resource records, which contain information about network resources DNS records can be added and changed by: Static updates - administrator enters DNS record information manually Dynamic updates - referred to as Dynamic DNS (DDNS) MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

The DNS Lookup Process Two types of DNS lookup can be performed: Iterative Query - a DNS server will respond with the best information it has to satisfy the query, or it may give a referral response Recursive Query - a DNS server processes the query until it responds with an address that satisfies the query or with an “I don’t know message” A typical DNS lookup made by a DNS client can involve both recursive and iterative queries DNS clients maintain a text file that can contain static DNS entries and the file is stored in %systemroot%\System32\drivers\etc The DNS Lookup Process Two types of DNS lookup can be performed: Iterative Query - a DNS server will respond with the best information it has to satisfy the query, or it may give a referral response Recursive Query - a DNS server processes the query until it responds with an address that satisfies the query or with an “I don’t know message” A typical DNS lookup made by a DNS client can involve both recursive and iterative queries DNS clients maintain a text file that can contain static DNS entries and the file is stored in %systemroot%\System32\drivers\etc MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Figure 10-2 A DNS hierarchical lookup MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Server Roles DNS Servers can perform one or more of the following roles for a zone: Authoritative server - holds a complete copy of a zone’s resource records Forwarder - a DNS server to which other DNS servers send requests they can’t resolve themselves Conditional forwarder - a DNS Server to which other DNS servers send requests targeted for a specific domain Caching-only server - does not have zones and it’s job is to field DNS queries, do recursive lookups to root servers or send requests to forwarders, and then cache the results DNS Server Roles DNS Servers can perform one or more of the following roles for a zone: Authoritative server - holds a complete copy of a zone’s resource records Forwarder - a DNS server to which other DNS servers send requests they can’t resolve themselves Conditional forwarder - a DNS Server to which other DNS servers send requests targeted for a specific domain Caching-only server - does not have zones and it’s job is to field DNS queries, do recursive lookups to root servers or send requests to forwarders, and then cache the results MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Installing and Configuring DNS A correctly configured and efficiently functioning DNS service is essential for a well-functioning network When domain controllers replicate with one another and when trusts are created between domains in different forests, DNS is required to resolve names and services to IP addresses Installing and Configuring DNS A correctly configured and efficiently functioning DNS service is essential for a well-functioning network When domain controllers replicate with one another and when trusts are created between domains in different forests, DNS is required to resolve names and services to IP addresses MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Installing DNS DNS installation begins by installing the DNS Server role with Server Manager or PowerShell If the DNS server is intended to manage domain name services for Active Directory, DNS Server role should be installed on a domain controller Windows automatically detects whether or not the server is configured as a domain controller, then integrates DNS zones with Active Directory Installing DNS DNS installation begins by installing the DNS Server role with Server Manager or PowerShell If the DNS server is intended to manage domain name services for Active Directory, DNS Server role should be installed on a domain controller Windows automatically detects whether or not the server is configured as a domain controller, then integrates DNS zones with Active Directory MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Creating DNS Zones You may need to create a zone manually in DNS Manager if you: Don’t install DNS at the time you install Active Directory Install DNS on a server that’s not a domain controller Create a stub zone Create a secondary zone for a primary zone Create a primary or secondary zone for an Internet domain Creating DNS Zones You may need to create a zone manually in DNS Manager if you: Don’t install DNS at the time you install Active Directory Install DNS on a server that’s not a domain controller Create a stub zone Create a secondary zone for a primary zone Create a primary or secondary zone for an Internet domain MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Forward and Reverse Lookup Zones Before creating a zone, you must decide whether it’s a forward lookup zone or a reverse lookup zone: Forward lookup zone (FLZ) – contains records that translate names to IP addresses, such as A, AAAA, and MX records Reverse lookup zone (RLZ) – contains PTR records that map IP addresses to names and is named after the IP network address (IPv4 or IPv6) of the computers whose records it contains Forward and Reverse Lookup Zones Before creating a zone, you must decide whether it’s a forward lookup zone or a reverse lookup zone: Forward lookup zone (FLZ) – contains records that translate names to IP addresses, such as A, AAAA, and MX records Reverse lookup zone (RLZ) – contains PTR records that map IP addresses to names and is named after the IP network address (IPv4 or IPv6) of the computers whose records it contains MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Zone Type Three different types of zones: Primary zone - contains a read/write master copy of all resource records for the zone; it is considered authoritative for the zone Secondary zone - contains a read-only copy of all resource records for the zone; it is considered authoritative for the zone Stub zone - contains a read-only copy of only the SOA and NS records for a zone and the necessary A records to resolve NS records; not authoritative Zone Type Three different types of zones: Primary zone - contains a read/write master copy of all resource records for the zone; it is considered authoritative for the zone Secondary zone - contains a read-only copy of all resource records for the zone; it is considered authoritative for the zone Stub zone - contains a read-only copy of only the SOA and NS records for a zone and the necessary A records to resolve NS records; not authoritative MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Active Directory-Integrated Zones Active Directory-Integrated zone - not a new zone type but it is a primary or stub zone with the DNS database stored in an Active Directory partition The only valid zone type options are primary and stub zones If you select a secondary zone, the option to store the zone in Active Directory is disabled Active Directory-Integrated Zones Active Directory-Integrated zone - not a new zone type but it is a primary or stub zone with the DNS database stored in an Active Directory partition The only valid zone type options are primary and stub zones If you select a secondary zone, the option to store the zone in Active Directory is disabled MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Standard Zones Standard zone - a primary, secondary, or stub zone that isn’t Active Directory-integrated Standard zones are stored in a text file called zone-name.dns, which is located in the %systemroot%\system32\dns folder Mostly installed on stand-alone servers that need to provide name resolution services for network resources outside the domain Or in networks that don’t use Active Directory, such as Linux or UNIX-based networks Standard Zones Standard zone - a primary, secondary, or stub zone that isn’t Active Directory-integrated Standard zones are stored in a text file called zone-name.dns, which is located in the %systemroot%\system32\dns folder Mostly installed on stand-alone servers that need to provide name resolution services for network resources outside the domain Or in networks that don’t use Active Directory, such as Linux or UNIX-based networks MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Zone Replication Zone replication - the transfer of zone changes from one DNS server to another For a standard zone, zone replication is called “zone transfer” Active Directory-integrated zones have the following advantages over a standard zone: Automatic zone replication Multimaster replication and update Secure updates Efficient replication Zone Replication Zone replication - the transfer of zone changes from one DNS server to another For a standard zone, zone replication is called “zone transfer” Active Directory-integrated zones have the following advantages over a standard zone: Automatic zone replication Multimaster replication and update Secure updates Efficient replication MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Active Directory Zone Replication Scope After selecting the zone type and specifying the zone is to be stored in Active directory, you are asked to select the zone replication scope with one of these options: To all DNS servers in this forest To all DNS servers running on domain controllers in this domain To all domain controllers in this domain (for Windows 2000 compatibility) To all domain controllers specified in the scope of this directory partition Active Directory Zone Replication Scope After selecting the zone type and specifying the zone is to be stored in Active directory, you are asked to select the zone replication scope with one of these options: To all DNS servers in this forest To all DNS servers running on domain controllers in this domain To all domain controllers in this domain (for Windows 2000 compatibility) To all domain controllers specified in the scope of this directory partition MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Figure 10-6 Selecting a zone replication scope MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Zone Name The next step is to give the zone a name For an FLZ, it’s the FQDN For an RLZ, specify whether it’s an IPv4 or IPv6 zone Then, enter the network ID portion of the zone The zone name is created automatically by using the network ID’s octets in reverse order and appending “in-addr.arpa” to the name Zone Name The next step is to give the zone a name For an FLZ, it’s the FQDN For an RLZ, specify whether it’s an IPv4 or IPv6 zone Then, enter the network ID portion of the zone The zone name is created automatically by using the network ID’s octets in reverse order and appending “in-addr.arpa” to the name MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Dynamic Updates The final step allows you to choose whether and how to use dynamic updates, which can be configured in one of three ways: Allow only secure dynamic updates Allow both nonsecure and secure dynamic updates Do not allow dynamic updates Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur Dynamic Updates The final step allows you to choose whether and how to use dynamic updates, which can be configured in one of three ways: Allow only secure dynamic updates Allow both nonsecure and secure dynamic updates Do not allow dynamic updates Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Creating Resource Records in Zones Resource records can be created dynamically or as static records Dynamic records are created by the resource or with a DHCP server Static records are created manually by an administrator or automatically by Windows Creating Resource Records in Zones Resource records can be created dynamically or as static records Dynamic records are created by the resource or with a DHCP server Static records are created manually by an administrator or automatically by Windows MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Creating Dynamic DNS Records Dynamic DNS records are created and updated by the resource or by the DHCP server when an IP address is leased or renewed Each time a dynamic record is created or updated, a time-to-live (TTL) value and timestamp are added to the record The TTL specifies how long the record should remain in the DNS database If the record expires, it’s deleted from the database Creating Dynamic DNS Records Dynamic DNS records are created and updated by the resource or by the DHCP server when an IP address is leased or renewed Each time a dynamic record is created or updated, a time-to-live (TTL) value and timestamp are added to the record The TTL specifies how long the record should remain in the DNS database If the record expires, it’s deleted from the database MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Creating Static DNS Records Static DNS records do not expire and are created manually by an administrator To create a static record in DNS Manager: Right-click the zone and select the record type In an FLZ, the most common type of record is a New Host record Enter a name to create the FQDN automatically If you select the “Create associated pointer (PTR) record” check box, a PTR record is created if a suitable RLZ exists for the IP address entered Creating Static DNS Records Static DNS records do not expire and are created manually by an administrator To create a static record in DNS Manager: Right-click the zone and select the record type In an FLZ, the most common type of record is a New Host record Enter a name to create the FQDN automatically If you select the “Create associated pointer (PTR) record” check box, a PTR record is created if a suitable RLZ exists for the IP address entered MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Configuring DNS Zones Zones can be viewed and changed in DNS Manager DNS Manager provides the following options: Status Type Replication Dynamic updates Aging Configuring DNS Zones Zones can be viewed and changed in DNS Manager DNS Manager provides the following options: Status Type Replication Dynamic updates Aging MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Start of Authority Records SOA records are found in every zone and contain information that identifies the server primarily responsible for the zone as well as some operation properties for the zone The SOA record contains the following information: Serial number Primary server Responsible person Refresh interval Retry interval Expires after Minimum (default) TTL Start of Authority Records SOA records are found in every zone and contain information that identifies the server primarily responsible for the zone as well as some operation properties for the zone The SOA record contains the following information: Serial number Primary server Responsible person Refresh interval Retry interval Expires after Minimum (default) TTL MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Name Server Records NS records specify FQDNs and IP addresses of authoritative servers for a zone NS records are also used to refer DNS queries to a name server that has been delegated authority for a subdomain Glue A records are A records containing a name server’s IP address, and are used to resolve NS record information On Windows DNS servers, glue records are created automatically by a DNS lookup on the NS record’s FQDN Name Server Records NS records specify FQDNs and IP addresses of authoritative servers for a zone NS records are also used to refer DNS queries to a name server that has been delegated authority for a subdomain Glue A records are A records containing a name server’s IP address, and are used to resolve NS record information On Windows DNS servers, glue records are created automatically by a DNS lookup on the NS record’s FQDN MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Using Stub Zones Stub zones are a special type of zone that contain only an SOA record, one or more NS records, and the necessary glue A records to resolve NS records Reasons for using stub zones: Maintenance of zone delegation information In lieu of conditional forwarders Faster recursive queries Distribution of zone information Using Stub Zones Stub zones are a special type of zone that contain only an SOA record, one or more NS records, and the necessary glue A records to resolve NS records Reasons for using stub zones: Maintenance of zone delegation information In lieu of conditional forwarders Faster recursive queries Distribution of zone information MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Zone Transfers A zone transfer copies all or part of a zone from one DNS server to another and occurs as a result of a second server requesting the transfer from another server Zone transfers can be initiated in two ways: Refresh interval DNS notify Zone transfers are configured in the Zone Transfers tab of a zone’s Properties dialog box, which has the following options: Allow zone transfers To any server Only to servers listed on the Name Servers tab Only to the following servers Notify Zone Transfers A zone transfer copies all or part of a zone from one DNS server to another and occurs as a result of a second server requesting the transfer from another server Zone transfers can be initiated in two ways: Refresh interval DNS notify Zone transfers are configured in the Zone Transfers tab of a zone’s Properties dialog box, which has the following options: Allow zone transfers To any server Only to servers listed on the Name Servers tab Only to the following servers Notify MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Incremental Zone Transfers Two types of zone transfer: Full zone transfers Incremental zone transfers Both master and slave DNS servers must support incremental zone transfers to use them During the initiation of an incremental zone transfer, the serial number decides whether the slave or the master determines the differences between its current zone data and the zone data on the other server Incremental Zone Transfers Two types of zone transfer: Full zone transfers Incremental zone transfers Both master and slave DNS servers must support incremental zone transfers to use them During the initiation of an incremental zone transfer, the serial number decides whether the slave or the master determines the differences between its current zone data and the zone data on the other server MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Using the GlobalNames Zone GlobalNames zone (GNZ) allows administrators to add single-label names to DNS, giving client computers the ability to resolve these names without including a DNS suffix in the query Entries must be made manually Can assist mobile users by dropping the need for remembering a resource’s FQDN Using the GlobalNames Zone GlobalNames zone (GNZ) allows administrators to add single-label names to DNS, giving client computers the ability to resolve these names without including a DNS suffix in the query Entries must be made manually Can assist mobile users by dropping the need for remembering a resource’s FQDN Use the following Powershell cmdlet to enable GNZ: Set -DnsServerGlobalNameZone -Enable $true MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Advanced DNS Server Settings DNS server settings to configure an optimal DNS environment: Forwarders Root hints Round Robin Recursion Debug logging Advanced DNS Server Settings DNS server settings to configure an optimal DNS environment: Forwarders Root hints Round Robin Recursion Debug logging MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Forwarders Referring a DNS query to a forwarder can be more efficient under some situations: When the DNS server address for the target domain is known When only one DNS server in a network should make external queries When a forest trust is created When the target domain is external to the network and an external DNS server’s address is known Conditional forwarding allows queries for particular domains to particular name servers and all other unresolved queries to a different server DNS Forwarders Referring a DNS query to a forwarder can be more efficient under some situations: When the DNS server address for the target domain is known When only one DNS server in a network should make external queries When a forest trust is created When the target domain is external to the network and an external DNS server’s address is known Conditional forwarding allows queries for particular domains to particular name servers and all other unresolved queries to a different server MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Configuring Traditional Forwarders To configure a traditional forwarder, right click the server node in DNS Manager, click Properties, and click the Forwarders tab If more than one server is specified, they are queried in the order in which they’re listed Additional servers are only queried if the first server provides no response No response from any forwarders triggers a normal recursive lookup process, starting with a root server Configuring Traditional Forwarders To configure a traditional forwarder, right click the server node in DNS Manager, click Properties, and click the Forwarders tab If more than one server is specified, they are queried in the order in which they’re listed Additional servers are only queried if the first server provides no response No response from any forwarders triggers a normal recursive lookup process, starting with a root server MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Figure 10-15 Configuring traditional forwarders MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Configuring Conditional Forwarders Conditional forwarders are configured in the Conditional Forwarders node in DNS Manager With forwarders and/or conditional forwarders configured, the DNS server attempts to resolve DNS queries in this order: 1. From locally stored zone resource records 2. From the DNS cache 3. From conditional forwarders 4. From traditional forwarders 5. Recursively by using root hints Configuring Conditional Forwarders Conditional forwarders are configured in the Conditional Forwarders node in DNS Manager With forwarders and/or conditional forwarders configured, the DNS server attempts to resolve DNS queries in this order: 1. From locally stored zone resource records 2. From the DNS cache 3. From conditional forwarders 4. From traditional forwarders 5. Recursively by using root hints MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Root Hints Root hints consist of a list of name servers preconfigured on Windows DNS servers that point to Internet root servers These servers contain lists of name servers that are responsible for top-level domains Root hints data comes from the Cache.dns file located in the %systemroot%\System32\DNS folder Internal DNS servers can be configured as root servers if the network is isolated from the public Internet Root Hints Root hints consist of a list of name servers preconfigured on Windows DNS servers that point to Internet root servers These servers contain lists of name servers that are responsible for top-level domains Root hints data comes from the Cache.dns file located in the %systemroot%\System32\DNS folder Internal DNS servers can be configured as root servers if the network is isolated from the public Internet MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Round Robin Load sharing can be configured among servers running mirrored services Accomplished by creating multiple A records with the server’s name in the records, but with each entry configured with a different IP address DNS will then respond to queries by sending all addresses associated with the server’s name, but will also vary their order This process is called round robin because each IP address is placed first in the list an equal number of times Round Robin Load sharing can be configured among servers running mirrored services Accomplished by creating multiple A records with the server’s name in the records, but with each entry configured with a different IP address DNS will then respond to queries by sending all addresses associated with the server’s name, but will also vary their order This process is called round robin because each IP address is placed first in the list an equal number of times MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Recursive Queries Recursion is enabled on Windows DNS servers by default, but there are two ways to change this setting First involves configuring forwarders Second is the “Disable recursion (also disables forwarders)” option in the Advanced tab of the DNS server’s Properties dialog box You might want to disable recursion when you have a public DNS server containing resource records for your publicly available servers Recursive Queries Recursion is enabled on Windows DNS servers by default, but there are two ways to change this setting First involves configuring forwarders Second is the “Disable recursion (also disables forwarders)” option in the Advanced tab of the DNS server’s Properties dialog box You might want to disable recursion when you have a public DNS server containing resource records for your publicly available servers MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Event and Debug Logging When DNS is installed, a new event log is created to record informational, error, and warning events generated by the DNS server Common events include zone serial number changes, zone transfer requests, and DNS server startup and shutdown events Debug logging can be enabled in the server’s Properties dialog box Debug logging records selected packets coming from and going to the DNS server in a text file Event and Debug Logging When DNS is installed, a new event log is created to record informational, error, and warning events generated by the DNS server Common events include zone serial number changes, zone transfer requests, and DNS server startup and shutdown events Debug logging can be enabled in the server’s Properties dialog box Debug logging records selected packets coming from and going to the DNS server in a text file MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Figure 10-17 The Event Logging tab MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Table 10-3 PowerShell cmdlets for DNS server settings MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Monitoring and Troubleshooting DNS To troubleshoot a DNS problem, you need to know that DNS is actually used for name resolution After determining that DNS is part of the process, you can begin monitoring DNS If the problem is performance related Or, you can troubleshoot DNS queries and zone activities when there are query failures Monitoring and Troubleshooting DNS To troubleshoot a DNS problem, you need to know that DNS is actually used for name resolution After determining that DNS is part of the process, you can begin monitoring DNS If the problem is performance related Or, you can troubleshoot DNS queries and zone activities when there are query failures MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Troubleshooting Windows has several tools to administer, monitor, and troubleshoot DNS server operation, including: DNS Manager dcdiag /test:dns dnscmd.exe PowerShell Event Viewer dnslint nslookup ipconfig Performance Monitor Protocol analyzer DNS Troubleshooting Windows has several tools to administer, monitor, and troubleshoot DNS server operation, including: DNS Manager dcdiag /test:dns dnscmd.exe PowerShell Event Viewer dnslint nslookup ipconfig Performance Monitor Protocol analyzer MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Troubleshooting In order to troubleshoot DNS queries you need a clear picture in your mind of the DNS lookup process, which involves the following steps: 1. Check the local DNS cache 2. Query the DNS server with a recursive lookup 3. Check the local zone data 4. Check locally cached data 5. Query root server or configured forwarders DNS Troubleshooting In order to troubleshoot DNS queries you need a clear picture in your mind of the DNS lookup process, which involves the following steps: 1. Check the local DNS cache 2. Query the DNS server with a recursive lookup 3. Check the local zone data 4. Check locally cached data 5. Query root server or configured forwarders MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Troubleshooting To verify DNS configuration, use these ipconfig options: /all - displays IP addresses of the configured DNS servers as well as the DNS suffix search list /displaydns - displays the local DNS cache /flushdns - deletes the local DNS cache After these steps, double-check the Hosts file to make sure you didn’t miss something when you displayed the local cache DNS Troubleshooting To verify DNS configuration, use these ipconfig options: /all - displays IP addresses of the configured DNS servers as well as the DNS suffix search list /displaydns - displays the local DNS cache /flushdns - deletes the local DNS cache After these steps, double-check the Hosts file to make sure you didn’t miss something when you displayed the local cache MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

DNS Troubleshooting If everything checks out on the client, you’ll need to analyze the DNS server the client uses, including the examining the following: Locally cached data DNS Server log Verify Active Directory replication Verify SRV records Verify zone transfers Verify zone delegations Ping Verify PTR records DNS Troubleshooting If everything checks out on the client, you’ll need to analyze the DNS server the client uses, including the examining the following: Locally cached data DNS Server log Verify Active Directory replication Verify SRV records Verify zone transfers Verify zone delegations Ping Verify PTR records MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Summary DNS is based on a hierarchical naming structure and a distributed database DNS can be described as an inverted tree with the root domain at the top, TLDs branch- ing off the root, and domains and subdomains branching off TLDs The DNS database is composed of zones containing resource records, such as Start of Authority (SOA), Host (A), and Service (SRV) records DNS lookups involve iterative and recursive queries Summary DNS is based on a hierarchical naming structure and a distributed database DNS can be described as an inverted tree with the root domain at the top, TLDs branch- ing off the root, and domains and subdomains branching off TLDs The DNS database is composed of zones containing resource records, such as Start of Authority (SOA), Host (A), and Service (SRV) records DNS lookups involve iterative and recursive queries MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Summary DNS servers can perform one or more of the following roles: authoritative server, for- warder, conditional forwarder, and caching-only server A zone can be a forward lookup zone or a reverse lookup zone DNS databases consist of the following types: primary zone, secondary zone, and stub zone Active Directory–integrated zones have the advantages of automatic replication, multimaster replication and update, secure updates, and efficient replication Summary DNS servers can perform one or more of the following roles: authoritative server, for- warder, conditional forwarder, and caching-only server A zone can be a forward lookup zone or a reverse lookup zone DNS databases consist of the following types: primary zone, secondary zone, and stub zone Active Directory–integrated zones have the advantages of automatic replication, multimaster replication and update, secure updates, and efficient replication MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410

Summary Resource records can be dynamically created or static records SOA records contain information about a zone, including its serial number and a number of timers used for zone transfers Advanced DNS settings include configuring forwarders, root hints, round robin, recursive queries, and logging Tools for monitoring and troubleshooting DNS include dcdiag, dnscmd, dnslint, nslookup, ipconfig, PowerShell cmdlets, Performance Monitor, and protocol analyzers Summary Resource records can be dynamically created or static records SOA records contain information about a zone, including its serial number and a number of timers used for zone transfers Advanced DNS settings include configuring forwarders, root hints, round robin, recursive queries, and logging Tools for monitoring and troubleshooting DNS include dcdiag, dnscmd, dnslint, nslookup, ipconfig, PowerShell cmdlets, Performance Monitor, and protocol analyzers MCSA Guide to Installing and Configuring Windows Server 2012/R2, Exam 70-410