Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS and Active Directory Integration

Published byWillis Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "DNS and Active Directory Integration"— Presentation transcript:

1 DNS and Active Directory Integration
Understanding DNS Name Resolution Understanding and Configuring Zones Zone Replication and Transfer Monitoring and Troubleshooting DNS for Active Directory

2 Understanding DNS Name Resolution
Forward Lookup Query Name Server Caching Reverse Lookup Query

3 IP Addressing Name resolution is the process of resolving DNS names to IP addresses. An IP address identifies each host that communicates by using TCP/IP. An IP address is a 32-bit binary number that is separated internally into two parts: a network ID and a host ID. IP addresses are expressed in dotted decimal notation. The 32-bit address is segmented into four 8-bit octets. Octets are converted to decimal (base-10 numbering system) and separated by periods.

4 IP Addressing: Network ID
Also known as a network address Identifies a single network segment within a larger TCP/IP internetwork Used to uniquely identify each network within the larger internetwork

5 IP Addressing: Host ID Also known as the host address
Identifies a TCP/IP node within each network Identifies a single system uniquely within its own network

6 Lookup Queries DNS name servers resolve forward and reverse lookup queries. Forward lookup query: Resolves a name to an IP address. Reverse lookup query: Resolves an IP address to a name. A name server can resolve a query only for an authorized zone. If a name server can’t resolve the query, it passes it to other name servers that can resolve it. The name server caches the query results to reduce the DNS traffic on the network. The DNS service uses a client/server model for name resolution.

7 Resolving a Forward Lookup Query

8 Name Server Caching

9 Time to Live (TTL) Use shorter TTL values to help ensure that data about the domain namespace is more current across the network. Shorter TTL values increase the load on name servers. Longer TTL values decrease the time required to resolve information. If a change occurs, the client will not receive the updated information until the TTL expires and a new query to that portion of the domain namespace is resolved.

10 Reverse Lookup Query Maps an IP address to a name.
NSLOOKUP command-line DNS utility uses reverse lookup queries to report back host names. Certain applications implement security based on the ability to connect to names, not IP addresses. DNS is indexed by name, not by IP address. A reverse lookup query would require an exhaustive search of every domain name because the DNS distributed database is indexed by name and not IP address. Special second-level domain called in-addr.arpa was created to solve the problem of finding a name that matches an IP address.

11 In-addr.arpa Domain Follows the same hierarchical naming scheme as the rest of the domain namespace. Based on IP addresses, not domain names. Subdomains are named after the numbers in the dotted-decimal representation of IP addresses. Order of the IP address octets is reversed. Companies administer subdomains of the in-addr.arpa domain based on their assigned IP addresses and subnet mask.

12 An in-addr.arpa Domain Example IP Address 169.254.16.200

13 An in-addr.arpa Domain Example (con’t.)
Assigned IP address range of to Subnet mask Authority over in-addr.arpa domain

14 Understanding and Configuring Zones
Zone Planning Forward Lookup Zones Reverse Lookup Zones Resource Records Delegating Zones Configuring Dynamic DNS Practice: Configuring Zones

15 Zone Overview DNS service provides the option of dividing up the namespace into one or more zones. Zones can be stored, distributed, and replicated to other DNS servers. The DNS namespace represents the logical structure of the network resources. DNS zones provide physical storage of these resources.

16 Reasons to Use Additional Zones
A need exists to delegate management of part of the DNS namespace to another location or department within the organization. A need exists to divide one large zone into smaller zones for distributing traffic loads among multiple servers, improve DNS name resolution performance, or create a more fault-tolerant DNS environment. A need exists to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site.

17 Forward Lookup Zones Enable forward lookup queries.
At least one forward lookup zone must be configured for the DNS service to work. Active Directory Installation Wizard can automatically create a forward lookup zone based on the DNS name you specified for the server.

18 Zone Type: Active Directory Integrated
Master copy of a new zone Uses Active Directory to store and replicate zone files

19 Zone Type: Standard Primary
Master copy of a new zone stored in a standard text file Administered and maintained on the computer on which the zone is created

20 Zone Type: Standard Secondary
Replica of an existing zone. Read-only; stored in standard text files. Primary zone must be configured to create a secondary zone. Must specify DNS server, called the master server, that will transfer zone information to the name server containing the standard secondary zone. Create a secondary zone to provide redundancy and to reduce the load on the name server containing the primary zone database file.

21 Benefits of Active Directory–Integrated Zones
Multimaster update and enhanced security based on the capabilities of Active Directory. Zones are replicated and synchronized to new domain controllers automatically whenever a new zone is added to an Active Directory domain. By integrating storage of your DNS namespace in Active Directory, you simplify planning and administration for both DNS and Active Directory. Directory replication is faster and more efficient than standard DNS replication.

22 Zone Name A zone is typically named after the highest domain in the hierarchy that the zone encompasses; the root domain for the zone. For a zone that encompasses both microsoft.com and sales.microsoft.com, the zone name would be microsoft.com.

23 Zone File A zone file must be specified for the standard primary forward lookup zone type. The zone file is the zone database file name, which defaults to the zone name with a .dns extension. An existing zone file can be imported when migrating a zone from another server. Place the existing file in the systemroot\System32\DNS directory on the target computer before creating the new zone.

24 Reverse Lookup Zones Enable reverse lookup queries
Are not required, except to run troubleshooting tools, such as NSLOOKUP, and to record a name instead of an IP address in IIS log files

25 Zone File Must be specified for the standard primary reverse lookup zone type. Network ID and subnet mask determine the default zone file name. DNS reverses the IP octets and adds the in-addr.arpa suffix. For a network ID of , the reverse lookup zone for the network becomes in-addr.arpa.dns. The existing zone file may be imported when migrating a zone from another server. The existing zone file must be placed in the systemroot\System32\DNS directory.

26 Resource Records Entries in the zone database file that associate DNS domain names to related data for a given network resource. Many different types of resource records. When a zone is created, DNS automatically creates the Start of Authority (SOA) and the Name Server (NS) resource records.

27 Frequently Used Resource Record Types
Host (A): Lists host name-to-IP address mappings Alias (CNAME): Creates alias or canonical name Host Information (HINFO): Identifies OS and CPU Mail Exchanger (MX): Identifies mail exchanger Name Server (NS): Lists name servers for domain Pointer (PTR): Points to another part of the domain Service (SRV): Identifies servers hosting services Start of Authority (SOA): Identifies authoritative source

28 Delegating Zones

29 Delegating Zones A zone starts as a storage database for a single DNS domain name. If other domains are added below the domain used to create the zone, these domains can be part of either the same zone or another zone. Once a subdomain is added, it can then be Managed and included as part of the original zone records. Delegated away to another zone created to support the subdomain. SOA resource records must be created and must point to the authoritative DNS server for the new zone. The New Delegation Wizard is available to assist in delegation of zones.

30 Dynamic DNS (DDNS) Updates

31 DDNS Overview DDNS is the DNS service that includes dynamic update capability. Name servers and clients within a network automatically update the zone database files.

32 Dynamic Updates A list of authorized servers can be configured to initiate dynamic updates. This list can include secondary name servers, domain controllers, and other servers that perform network registration for clients, such as servers running DHCP service or Microsoft WINS.

33 DDNS and DHCP These services interact to maintain synchronized name-to-IP mappings for network hosts. By default, DHCP service allows clients to add their own Host (A) records to the zone; the DHCP service adds the PTR resource record to the zone. DHCP service cleans up both the A and PTR resource records in the zone when the lease expires.

34 Zone Replication and Transfer
Zone Replication and Zone Transfers DNS Notification The DNS Notify Process

35 Zone Replication and Zone Transfers
Zones play an important role in DNS; their availability from more than one DNS server on the network is needed to provide fault tolerance when resolving name queries. If a single server is used and that server is not responding, queries for names in the zone can fail. Zone transfers are required to replicate and synchronize all copies of the zone used at each server configured to host the zone. A full zone transfer (AXFR) is performed when a new DNS server is added to the network and configured as a new secondary server for an existing zone. Earlier DNS server implementations used a full transfer (AXFR) for incremental changes to the zone. For Microsoft Windows 2000 Server, the DNS service supports incremental zone transfer (IXFR).

36 Reasons to Use Additional DNS Servers
Provide zone redundancy Reduce DNS network traffic Reduce load on primary server

37 Incremental Zone Transfers (IXFR)
Provide a more efficient method of propagating zone changes and updates. Allow the secondary server to pull only those zone changes it needs to synchronize its copy of the zone with its source. Source can be either a primary or secondary copy of the zone maintained by another DNS server. For an IXFR query to succeed and changes to be sent, the source DNS server for the zone must keep a history of incremental zone changes to use when answering these queries. IXFR requires substantially less traffic on a network, and zone transfers are completed much faster.

38 Incremental Zone Transfers (IXFR) (con’t.)
Differences between the source and replicated versions of the zone are determined as follows: If the zones are identified to be the same version, as indicated by the serial number field in the SOA resource record of each zone, no transfer is made. If the source serial number is greater than the requesting secondary server, a transfer is made of only those changes to resource records for each incremental version of the zone.

39 Zone Transfer Process

40 Zone Transfer Security
The DNS console permits you to specify the servers allowed to participate in zone transfers. This helps to prevent an undesired attempt by an unknown or unapproved DNS server to pull or request zone updates.

41 Zone Transfers Tab

42 DNS Notification Updated revision to the DNS standard specification (RFC 1996). Implements a push mechanism for notifying a select set of secondary servers for a zone when a zone is updated. Notified servers can then initiate the zone transfer process and pull changes from the notifying server to update the zone. Use DNS notification only to notify DNS servers that are operating as secondary servers for a zone. Not needed for replication of directory-integrated zones.

43 Notify Dialog Box

44 Typical DNS Notify Process
Local zone is updated. Source server sends notify message to other servers. Secondary servers initiate a zone transfer.

45 Monitor and Troubleshoot DNS for Active Directory
Monitoring DNS Servers DNS Troubleshooting Scenarios

46 Two Options for Monitoring DNS Servers
Default logging of DNS server event messages to the DNS server log Optional debug options for trace logging to a text file on the DNS server computer

47 DNS Server Event Logging
DNS server event messages are kept separate from events raised by other applications and services in the DNS server log. DNS server log contains basic predetermined events logged by the DNS server service, such as when the DNS server starts and stops. Use Event Viewer to view and monitor client-related DNS events. These events appear in the system log and are written by the DNS client service at any computers running Windows 2000 (all versions).

48 Debug Options The DNS console allows you to set additional logging options to create a temporary trace log as a text-based file for DNS server activity. DNS.LOG is stored in the systemroot\System32\Dns folder. By default, all debug logging options are disabled. DNS server service can perform additional trace-level logging of selected types of events or messages for general troubleshooting and debugging of the server. Debug logging can be resource-intensive, affecting overall server performance and consuming disk space. Debug logging should be used only temporarily, when more detailed information about server performance is needed.

Download ppt "DNS and Active Directory Integration"

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System

Implementing Domain Name System
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Chapter 9: Configuring DNS for Active Directory

Chapter 9: Configuring DNS for Active Directory
4.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Network Protocols Transmission Control Protocol/Internet Protocol (TCP/IP) Asynchronous Transfer Mode (ATM) NWLink NetBIOS Enhanced User Interface (NetBEUI)

Network Protocols Transmission Control Protocol/Internet Protocol (TCP/IP) Asynchronous Transfer Mode (ATM) NWLink NetBIOS Enhanced User Interface (NetBEUI)
Chapter 10 Configuring DNS

Chapter 10 Configuring DNS
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
1 Chapter Overview Understanding Windows Name Resolution Using WINS.

1 Chapter Overview Understanding Windows Name Resolution Using WINS.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update

Similar presentations

Ads by Google