Zone Properties
Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period of time Aging and Scavenging must be set on both zone and server to work
Zone Properties Continued
“Security” tab gives permission to make changes to the zone
Zone Properties Continued
Recap SOA contains information about the zone – Refresh Interval – zone transfer frequency – Expires After – how long without a zone transfer – Aging and Scavenging Old or Stale Records Set on server and zone
Single-label/NetBIOS Names
Single-Label Names The host name is a single-label name – Example: “ping client2” – “client2” is a single-label name because it is not an FQDN
Single-Label Names Continued The computer first tries to resolve the name by appending “Primary DNS Suffix” – Name of domain to which it belongs
Single-Label Names Continued Client then tries “DNS Devolution” – Allows client to try all DNS domains above it in the DNS “tree” – Example: client in sales.west.Company.com attempts to contact “client2:” client2.sales.west.Company.com client2.west.Company.com client2.Company.com
Tips Support for NetBIOS/single-label names: – In your own domain: a GlobalNames zone. – In other domains: “DNS Suffix Search List” in Group Policy. DNS Devolution can be disabled using Group Policy.
GlobalNames Zones Continued To implement a GlobalNames zone: 1.Create a new zone named GlobalNames 2.Run dnscmd /enableGlobalNamesSupport 1 command 3.Create records for NetBIOS clients
DNS Suffix Search List The DNS Suffix Search List: – Used to provide a list of DNS suffixes to be tried with single-label names – Example: Computer that attempts to contact “client2” might need to try: client2.Company.com client2.partner.com client2.vendor.com
DNS Suffix Search List Continued Configure the DNS Suffix Search List using Group Policy.
DNS Suffix Search List Continued
Recap Support for NetBIOS/single-label names: – In your own domain: a GlobalNames zone Create a GlobalNames zone and run dnscmd – In other domains: “DNS Suffix Search List” in Group Policy.
DNS Server Properties
DNS Server Properties Continued “Enable round robin” is used when there are duplicate records for a host The DNS server will cycle though the records as queries come in from clients
DNS Server Properties Continued “Enable netmask ordering” is used when there are duplicate records for a host The DNS server will provide the record that best matches the client’s IP address
Duplicate Records If a server has two records for the same host, Netmask Ordering and Round Robin can both be used If both are enabled, Netmask Ordering takes precedence
Duplicate Records Continued If the client’s IP address is Class A, Netmask Ordering will return the record. If the client’s IP address is Class C, Netmask Ordering will return the record. Round Robin will alternate between the records as client requests are processed.
Recap Extra logging, enable Debug Logging Duplicate records: – Netmask Ordering – Round Robin Unix DNS = enable BIND Secondaries
DNS Records
“A” records map an FQDN to an IPv4 address. “AAAA” records map an FQDN to an IPv6 address.
DNS Records Continued “CNAME” records provide alias’s for servers. Commonly used for servers that host multiple web sites.
DNS Records Continued “MX” records identify servers. The lower the priority the more preferred the server.
DNS Records Continued “PTR” (pointer) records map either an IPv4 or an IPv6 address to an FQDN.
DNS Records Continued “SRV” records identify services on the network. The default priority is 0. If there are multiple records, preference is given to the server with the lower priority.
DNS Records Continued “NS” records identify authoritative DNS servers for the zone. “SOA” (Start of Authority) records are the first record in any zone and contain settings for the zone.
DNS Records Continued Active Directory records are kept in an “_msdcs.domain” zone. – For example, “_msdcs.Company.com.”
Recap A – Name to IPv4 AAAA – Name to IPv6 PTR – IPv4 or IPv6 to Name CNAME – Alias MX – , priority – lower gets more traffic SRV – Services NS – DNS servers
DNSCMD
DNSCMD is used to administer DNS from the command line.
DNSCMD Switches CommandDescription /ageallrecords Sets the current time on all time stamps in a zone or node. /clearcache Clears the DNS server cache. /createbuiltindirectorypartitions Creates the built-in DNS application directory partitions. /createdirectorypartition Creates a DNS application directory partition.
DNSCMD Switches CommandDescription /deletedirectorypartition Deletes a DNS application directory partition. /directorypartitioninfo Lists information about a DNS application directory partition. /enlistdirectorypartition Adds a DNS server to the replication set of a DNS application directory partition. /recordadd Adds a resource record to a zone. /recorddelete Removes a resource record from a zone.
DNSCMD Switches Continued CommandDescription /zonechangedirectorypartition Changes the directory partition on which a zone resides. Used to change the replication scope for an ADI zone. /zonedeleteDeletes a zone from the DNS server. /zoneexport Writes the resource records of a zone to a text file for auditing purposes. /zoneadd Creates a new zone on the DNS server: /primary = Standard Primary /Secondary = Standard Secondary /dsprimary = ADI
DNSCMD Switches Continued CommandDescription /zonerefresh Forces a refresh of the secondary zone from the master zone. /zoneresettypeChanges the zone type. /zoneupdatefromds Updates an Active Directory– integrated zone with data from Active Directory Domain Services (AD DS).
DNSCMD Switches Continued CommandDescription /resetlistenaddresses Can be used to limit DNS servers to responding to DNS queries only on particular addresses. Example, only IPv6 clients. /startscavengingInitiates server scavenging.
DNSCMD Switches Exampled To set the replication scope on an ADI zone to all DNS servers in the forest: Dnscmd server /zonechangedirectorypartition zonename /forest
Recap Don’t memorize dnscmd switches unless they are very odd