DNS DNS overview DNS operation DNS zones

DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address information for a given portion of the domain namespace in a file Portion of namespace containing names and addresses that are contained in a single file is called a zone File containing names and addresses within a zone is called zone file

DNS operation The scenario Recursive vs iterative queries The lookup process

The Scenario Workstation configuration Resolver software Local DNS server Root servers Authoritative servers

Recursive vs Iterative Queries Recursive query Iterative query

The lookup process Workstation sends recursive query for Local DNS server sends iterative query to root server Root server responds with address of.com server Local DNS server sends iterative query to.com server.com server responds with address of microsoft.com server Local DNS server sends iterative query to microsoft.com server microsoft.com server responds with address of host named www Local DNS server sends address of www host to workstation Preferred DNS server caches all address information returned by other DNS servers Client caches information

Resolving a Forward Lookup Query

Name Server Caching

Time to Live (TTL) Use shorter TTL values to help ensure that data about the domain namespace is more current across the network. Shorter TTL values increase the load on name servers. Longer TTL values decrease the time required to resolve information. If a change occurs, the client will not receive the updated information until the TTL expires and a new query to that portion of the domain namespace is resolved.

DNS Zones Forward lookup Contains names with associated IP addresses Enable forward lookup queries. At least one forward lookup zone must be configured for the DNS service to work. Active Directory Installation Wizard can automatically create a forward lookup zone based on the DNS name you specified for the server. Reverse lookup Contains IP addresses with associated DNS names

Zone Name A zone is typically named after the highest domain in the hierarchy that the zone encompasses; the root domain for the zone. For a zone that encompasses both microsoft.com and sales.microsoft.com, the zone name would be microsoft.com.

Zone File A zone file must be specified for the standard primary forward lookup zone type. The zone file is the zone database file name, which defaults to the zone name with a.dns extension. An existing zone file can be imported when migrating a zone from another server. Place the existing file in the systemroot\System32\DNS directory on the target computer before creating the new zone.

Primary vs secondary zones Primary zone contains records in file Secondary zone receives records from another server Zone transfer causes transfer from master server to secondary Master server can be other secondary

Zone Type: Standard Primary Master copy of a new zone stored in a standard text file Administered and maintained on the computer on which the zone is created

Zone Type: Standard Secondary Replica of an existing zone. Read-only; stored in standard text files. Primary zone must be configured to create a secondary zone. Must specify DNS server, called the master server, that will transfer zone information to the name server containing the standard secondary zone. Create a secondary zone to provide redundancy and to reduce the load on the name server containing the primary zone database file.

Reasons to Use Additional Zones A need exists to delegate management of part of the DNS namespace to another location or department within the organization. A need exists to divide one large zone into smaller zones for distributing traffic loads among multiple servers, improve DNS name resolution performance, or create a more fault-tolerant DNS environment. A need exists to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site.

Zone Transfers Incremental vs full - Originally DNS only supported full transfer. Microsoft supports incremental transfer. Initial transfer is full

Reverse Zones Based on IP addresses, not domain names Named using the IP address reversed added to the name In-addr.arpa

In-addr.arpa Domain Follows the same hierarchical naming scheme as the rest of the domain namespace. Subdomains are named after the numbers in the dotted-decimal representation of IP addresses. Order of the IP address octets is reversed. Companies administer subdomains of the in- addr.arpa domain based on their assigned IP addresses and subnet mask.

Reverse Zone File Must be specified for the standard primary reverse lookup zone type. Network ID and subnet mask determine the default zone file name. DNS reverses the IP octets and adds the in-addr.arpa suffix. For a network ID of , the reverse lookup zone for the network becomes in- addr.arpa.dns. The existing zone file may be imported when migrating a zone from another server. The existing zone file must be placed in the systemroot\System32\DNS directory.

Reverse Lookup Query Maps an IP address to a name. NSLOOKUP command-line DNS utility uses reverse lookup queries to report back host names. Certain applications implement security based on the ability to connect to names, not IP addresses. DNS is indexed by name, not by IP address. A reverse lookup query would require an exhaustive search of every domain name because the DNS distributed database is indexed by name and not IP address. Special second-level domain called in-addr.arpa was created to solve the problem of finding a name that matches an IP address.

Active Directory Integrated Zone Information stored in AD Replicated with AD AD integrated zones are multimaster Can be sent to all DCs Can be sent to all DNS servers in domain Can be sent to all DNS servers in forest Sent encrypted

Benefits of Active Directory–Integrated Zones Fault tolerance Security - control access as to who can modify zones Zones are replicated and synchronized to new domain controllers automatically whenever a new zone is added to an Active Directory domain. By integrating storage of your DNS namespace in Active Directory, you simplify planning and administration for both DNS and Active Directory. Directory replication is faster and more efficient than standard DNS replication.

Frequently Used Resource Record Types Host (A): Lists host name-to-IP address mappings Alias (CNAME): Creates alias or canonical name Mail Exchanger (MX): Identifies mail exchanger Name Server (NS): Lists name servers for domain Pointer (PTR): Points to another part of the domain Service (SRV): Identifies servers hosting services Start of Authority (SOA): Identifies authoritative source

DNS Security Options Allowing only secure dynamic updates Zone transfer Only to servers listed in NS resource records Only to specified IP addresses Notify list

Managing DNS Using DNS console Using nslookup Command prompt mode Interactive mode

Thank You Md Shaifullah Palash MCTS, MCSA, MCSE (Infra, Messaging, Communication)