1. Managing Name Resolution
Network Services
Managing Name Resolution

2. Nội dung Moving from Workgroups to Domain Environments
TCP/IP for AD Transport, Access, and Support
Using Group Policy to Manage Network Protocols

3. Introduction to NetBIOS Name Resolution
16-character name
first 15 characters
identify a unique host
16th character
identifies a service or application running on host such as Workstation or Server service.

4. Introduction to WINS Installing WINS Configuring a WINS Server
WINS Replication
Configuring WINS Replication
Forcing Replication

5. Install WINS

6. Install WINS

7. Exploring WINS & DNS Integration

8. Exploring WINS & DNS Integration

10. Examining WINS Replication

11. Examining WINS Replication

12. Examining WINS Replication

13. WINS replication partners

15. Upgrading a WINS Environment

16. Upgrading a WINS Environment

17. Active Directory Global Catalog

18. Configuring WINS Clients
configure DHCP server to assign IP Address of WINS server to DHCP clients
Open DHCP management console
highlight Server Options in left pane
select Action/ Configure
044 WINS/NBNS Servers
Specifies IP address of WINS servers available to clients.
046 WINS/NBT Node Type
Specifies name resolution type. available options include 1 = B-node (broadcast), 2 = P-node (peer), 4 = M-node (mixed), 8 = H-node (hybrid).

19. Configuring WINS Clients
Windows XP client for WINS
Open Local Area Connection/ Properties.
select Internet Protocol (TCP/IP), click Properties.
select Advanced tab and WINS tab.
Click Add, type IP address for WINS server.
Repeat process for additional WINS servers
other configurable options
Enable LMHOSTS Lookup
enables client to use LMHOSTS file
Enable NetBIOS over TCP/IP
uses NetBIOS over TCP/IP and WINS
Disable NetBIOS over TCP/IP
disables NetBIOS over TCP/IP and WINS for LAN
Use NetBIOS Setting from DHCP Server
client obtain WINS information from a DHCP server.

20. Configuring Static Mappings
Case
clients are unable to dynamically update NetBIOS name with a WINS server
 use static mapping
Open WINS management console,
Rclick Active Registrations, select New Static Mapping.
type in computer name (NetBIOS name) for host.
If required, type in NetBIOS scope.
select type of entry created.
Type in IP address of host.

21. DNS on a Windows Server 2008 R2

22. configure role Expand DNS Server, select DNS server
Select Action/Config DNS Server
Select Create Forward and Reverse Lookup Zones
Select Create a Forward Lookup Zone
Select type of zone
Primary Zone
Type FQDN in Zone Name

23. select Create a Reverse Lookup Zone
Select Primary Zone
Type in network ID of reverse lookup zone

25. Creating Resource Records
list of common resource records
Host Address (A)
Maps a DNS name to IP address
Start of Authority (SOA)
Identifies primary DNS server for zone
first resource record in a zone file
Mail Exchanger (MX)
Routes messages to a specified mail exchanger
Pointer (PTR)
map an IP address to a DNS name (reverse lookups).
Alias (CNAME)
another name for name referenced in another record.
Service Locator (SRV)
used to locate domain controllers in Active Directory domain

26. sample SOA record

27. Host (A) Records

28. Service (SRV) Records

29. Service (SRV) Records

30. Other DNS Record Types

31. DNS Zones
a portion of a DNS namespace that is controlled by a particular DNS server or group of servers.
establish boundaries over which a particular server can resolve requests.

32. Top level domain

33. Zone Types Forward Lookup Zones Reverse Lookup Zones
resolves names to IP addresses and resource information
Reverse Lookup Zones
exact opposite operation as a forward lookup zone.

34. Zone Types primary zone secondary zone Active Directoryintegrated zone
maintains master writable copy of zone in a text file
secondary zone
stores a copy of existing zone in read-only text file.
To create a secondary zone, primary zone must already exist, must specify a master name server
Active Directoryintegrated zone
stores zone information within Active Directory
configured on WS 2008 domain controllers run DNS
Stub zone
only a list of authoritative name servers for a particular zone.
Ensure: DNS servers hosting a parent zone are aware of authoritative DNS servers for its child zones

35. Stub zone

36. Create stub zone

37. Entering stub master servers

38. Performing Zone Transfers
Copying DNS database from server to another
pulled by secondary servers from primary servers
Primary DNS servers can be configured to notify secondary DNS servers of changes to a zone

39. Config secondary server to pull zone transfers from a forward lookup zone

41. create secondary zone & begin zone transfers

42. Initiating Incremental Zone Transfers
asynchronous zone transfer

43. Recursive and iterative queries

44. Other DNS Componentss Time to Live
time (in seconds) that a resolver or name server will keep a cached DNS request before requesting it again from original name server.
modified via SOA record.

45. Changing TTL

46. Aging and Scavenging for DNS
scavenging those records removes them from a database after their original owners do not update them
not turned on, by default

47. Scavenging

48. Scavenging

49. forwarder

50. forwarder

51. Active Directory-Integrated Zones
zones were stored in Active Directory, as opposed to a text file as in standard DNS.
Windows Server 2008, utilizes AD-integrated zones,

52. DNS in Windows Server 2008 R2 Application Partition
Active Directory-integrated zones are stored in application partition of AD
Automatic Creation of Zones
Forest Root Zone for _msdcs
In AD, all client logons and lookups are directed to local DC and global catalog servers through references to SRV records in DNS.

53. Forest Root Zone for _msdcs

54. Troubleshooting DNS DNS Event Viewer to Diagnose
Client-Side Cache and HOST Resolution Problems
NSLOOKUP Command
IPCONFIG Command
TRACERT Command
DNSCMD Command

55. DNS Event Viewer to Diagnose - enable Debug logging

56. log file
dns.log
in c:\windows\system32\dns\

58. Client-Side Cache and HOST Resolution Problems
When requesting lookups, client resolver
First parses this cache
Then contact name server
Items remain in cache until
TTL expires,
machine is rebooted,
cache is flushed.
 flush cache
ipconfig /flushdns

59. NSLOOKUP
view MX and SOA records associated with a specific domain

60. IPCONFIG ipconfig /flushdns ipconfig /registerdns ipconfig /displaydns
forces client to dynamically reregister itself in DNS
ipconfig /displaydns
displays contents of client-side cache

61. TRACERT
gives you an idea of path that a DNS query takes when being sent over a network.

62. DNSCMD

63. Secure DNS with DNSSEC

64. DNSSEC Components DNSSEC relies on signed zones
records are signed as defined by RFC 4035
signed zone contains new DNSEC record types
DNSKEY, NSEC, RRSIG, DS records
Use Zone Signing Key (ZSK)
Key Signing Key (KSK) is key used to sign ZSK

65. DNSEC record DNSKEY NSEC used to store a public key
prove non-existence of a DNS name
DNS clients to be sure that if a record is not retrieved in a DNS lookup, record does not exist in DNSSEC zone

66. DNSEC record RRSIG Delegation Signer (DS)
hold signature for a DNS record
Map: A record - RRSIG record
Delegation Signer (DS)
secure delegations to other DNS servers and confirm their validity

67. Config a DNSSEC Zone using dnscmd Scenario
zone secure.companyabc.com will be encrypted
generate signing certificates
ZSK and KSK certificates.
sign zone file and records
reload zone file into DNS server.

68. generate signing certificates

69. KSK and ZSK certificates

70. sign zone file and records

71. reload zone file into DNS server

72. Encrypted zone records

73. config to request secure DNS entries
Allow clients use DNSSEC properties of DNS zone
 config a Name Resolution Policy Table (NRPT) policy for clients
NRPT policy can be configured through group policy

74. create NRPT group policy for secure.companyabc.com zone