Planning Infrastructure Services Lesson 2
Dynamic Host Configuration Protocol (DHCP) The Dynamic Host Configuration Protocol (DHCP) is a service that automatically configures the Internet Protocol (IP) address and other TCP/IP settings on network computers by assigning addresses from a pool (called a scope) and reclaiming them when they are no longer in use.
IP Address Allocation Methods The DHCP standards define three different IP address allocation methods: – Dynamic allocation – Automatic allocation – Manual allocation
DHCP Communications The DHCP communication protocol defines eight message types, as follows: – DHCPDISCOVER — Used by clients to request configuration parameters from a DHCP server. – DHCPOFFER — Used by servers to offer IP addresses to requesting clients. – DHCPREQUEST — Used by clients to accept or renew an IP address assignment. – DHCPACK — Used by servers to acknowledge a client’s acceptance of an offered IP address.
DHCP Communications – DHCPDECLINE — Used by clients to reject an offered IP address. – DHCPNAK — Used by servers to reject a client’s acceptance of an offered IP address. – DHCPRELEASE — Used by clients to terminate an IP address lease. – DHCPINFORM — Used by clients to obtain additional TCP/IP configuration parameters from a server.
DHCP IP Address Assignment Process
Automatic Private IP Addressing (APIPA) If a Windows DHCP client is unable to contact a DHCP server, it self-assigns an IP address using a feature called Automatic Private IP Addressing (APIPA). Computers on the same subnet can communicate using APIPA addresses, but they are not an effective solution for routed internetworks.
DHCP IP Address Renewal Process By default, the DHCP Server service in Windows Server 2008 uses dynamic allocation, leasing IP addresses to clients for six-day periods. At periodic intervals during the course of the lease, the client attempts to contact the server to renew the lease.
DHCP IP Address Renewal Process
Distributed DHCP Infrastructure
Centralized DHCP Infrastructure
DHCP Relay Agent A software component that receives the DHCP broadcast traffic on a subnet and then sends it on to particular DHCP servers on one or more other subnets. The DHCP servers then process the incoming DHCPREQUEST messages in the normal manner and transmit their replies back to the relay agent, which sends them on to the DHCP client.
DHCP Fault Tolerance (80-20)
DHCP Fault Tolerance (Failover Clustering) To ensure continued DHCP service with virtually no downtime, you can create a failover cluster in which the DHCP Server service is replicated on two or more computers. A failover cluster uses a shared storage medium, such as an iSCSI or Fibre Channel storage area network (SAN), to hold the application data, which in this case is the DHCP Server’s database.
DHCP Fault Tolerance (Standby Server) A standby server is a computer with the DHCP Server role installed and configured, but not activated. If one of the active DHCP servers should fail, an administrator manually activates the appropriate scopes on the standby server to take its place. Because the standby servers are performing other roles in the meantime, they are an inexpensive way of providing DHCP fault tolerance without splitting scopes. However, because there is no automatic failover mechanism in this method, administrators cannot take action until they are aware that a DHCP server has failed.
Reservations In a Windows DHCP server, a manually allocated address is called a reservation. You create a reservation by specifying the IP address you want to assign and associating it with the client computer’s MAC address, which is hard- coded into its network interface adapter.
Assigning IPv6 Addresses IPv6 addresses are notated as follows: – XX:XX:XX:XX:XX:XX:XX:XX Each X is a hexadecimal representation of a single byte. Some examples of IPv6 addresses are as follows: – 3FFE:2900:D005:3210:FEDC:BA98:7654:3210 – 3FFE:FFFF:0:0:8:800:200C:417A Leading zeros can be omitted from individual byte values, and repeated zero-byte values can be replaced with the “::” symbol (but only once in an address). – 3FFE:FFFF::8:800:200C:417A
Assigning IPv6 Addresses The DHCP Server service in Windows Server 2008 supports both IPv4 and IPv6 address assignments. When you install the DHCP Server role, a Configure DHCPv6 Stateless Mode page appears in the Add Roles Wizard, enabling you to choose from the following two options: – Enable DHCPv6 stateless mode for this server — IPv6 clients do not obtain addresses from the DHCP server, but they can obtain other TCP/IP configuration settings from the server. – Disable DHCPv6 stateless mode for this server — IPv6 clients obtain addresses, as well as other TCP/IP configuration settings, from the DHCP server.
Assigning IPv6 Addresses The DHCP server assumes that IPv6 clients operating in stateless mode obtain their addresses from an alternative source, typically either autoconfiguration or a manually assigned static address. In the stateless autoconfiguration configuration process, routers advertise prefixes that enable the host to assign themselves an IPv6 address on the appropriate subnet.
DNS Server TCP/IP networks use Domain Name System (DNS) servers to convert host names into IP addresses. This conversion process is referred to as name resolution. The Domain Name System is a crucial element of both Internet and Active Directory communications.
DNS Domain Hierarchy The domain name part of a DNS name is hierarchical, and consists of two or more words, separated by periods. The DNS namespace takes the form of a tree that, much like a file system, has its root at the top. Just beneath the root is a series of top-level domains, and beneath each top-level domain is a series of second-level domains. At minimum, the complete DNS name for a computer on the Internet consists of a host name, a second-level domain name, and a top-level domain name, written in that order and separated by periods. The complete DNS name for a particular computer is called its fully qualified domain name (FQDN).
DNS Domain Hierarchy
Root Name Servers At the top of the DNS hierarchy are the root name servers. The root name servers are the highest-level DNS servers in the entire namespace, and they maintain information about the top-level domains. All DNS server implementations are preconfigured with the IP addresses of the root name servers, because these servers are the ultimate source for all DNS information. When a computer attempts to resolve a DNS name, it begins at the top of the namespace hierarchy with the root name servers, and works its way down through the levels until it reaches the authoritative server for the domain in which the name is located.
Top-Level Domains Just beneath the root name servers are the top- level domains. There are seven traditional primary top-level domains in the DNS namespace, as follows: – com, net, org, edu, mil, gov and int In addition to the seven main top-level domains, there are also two-letter international domain names representing most of the countries in the world, such as it for Italy and de for Germany (Deutschland).
DNS Name Resolution Process
Name Caching
Reverse Name Resolution There are occasions when it is necessary for a computer to convert an IP address into a DNS name. To overcome this problem, the developers of the DNS created a special domain called in-addr.arpa, specifically designed for reverse name resolution.
Resolving Internet Names For Internet name resolution purposes, the only functions required of the DNS server are the ability to process incoming queries from resolvers and send its own queries to other DNS servers on the Internet. A DNS server that performs only these functions is known as a caching-only server, because it is not the authoritative source for any domain and hosts no resource records of its own.
Caching-Only DNS Server
DNS Forwarder As a general rule, if your network requires no DNS services other than name resolution, you should consider using off-site DNS servers. However, it is also possible to split the name resolution tasks between on-site and off-site servers by using a DNS forwarder. When you configure a DNS server to function as a forwarder, it receives name resolution requests from clients and sends them on to another DNS server, specified by the administrator, using recursive, not iterative, queries.
Conditional Forwarding Conditional forwarding is a variation included in Windows Server 2008 that enables you to forward requests for names in certain domains to specific DNS servers. Using conditional forwarding, you can, for example, send all requests for your Internet domain to your local, authoritative DNS server, while all other requests go to your ISP’s DNS server on the Internet.
Internet Domains If you plan to host a domain on the Internet, you must pay an annual fee to register a second-level domain name with one of the many commercial registrars and supply them with the IP addresses of your DNS servers. These servers will be the authoritative source for information about your domain. They must therefore have registered IP addresses and be accessible from the Internet at all times.
Creating Internet Domains Choose a different domain name. Register the name in a different top-level domain. Attempt to purchase the domain name from its current owner.
Active Directory and DNS If you plan to run Active Directory on your network, you must have at least one DNS server on the network that supports the Service Location (SRV) resource record, such as the DNS Server service in Windows Server When you install the Active Directory Domain Services role on a Windows Server 2008 computer, the Active Directory Domain Services Installation Wizard checks for an appropriate DNS server, and the wizard offers to install one if none is available.
DHCP and DNS To resolve a DNS name into an IP address, the DNS server must have a resource record for that name, which contains the equivalent address. The original DNS specifications call for administrators to manually create the DNS resource records. The dynamic update standard enables a DNS server to modify resource records at the request of DHCP servers and clients.
Selecting Names for your Internal Domain Keep domain names short. Avoid an excessive number of domain levels. Create a naming convention and stick to it. Avoid obscure abbreviations. Avoid names that are difficult to spell.
Creating Subdomains Owning a second-level domain that you have registered gives you the right to create any number of subdomains beneath that domain. The primary reason for creating subdomains is to delegate administrative authority for parts of the namespace.
Combining Internal and External Domains Use the same domain name internally and externally. Create separate and unrelated internal and external domains. Make the internal domain a subdomain of the external domain.
Combining Internal and External Domains
Creating Host Names Create easily remembered names. Use unique names throughout the organization. Do not use case to distinguish names. Use only characters supported by all of your DNS servers.
Creating Zones A zone is an administrative entity you create on a DNS server to represent a discrete portion of the DNS namespace. Administrators typically divide the DNS namespace into zones to store them on different servers and to delegate their administration to different people. Zones always consist of entire domains or subdomains. You can create a zone that contains multiple domains, as long as those domains are contiguous in the DNS namespace.
Creating Zones
Create a Zone Primary Zone Secondary Zone Stub Zone Active Directory Integrated
Replicating Zone Data When you create primary and secondary zones, you must configure zone transfers from the primary to the secondaries, to keep them updated. In a zone transfer, the server hosting the primary zone copies the primary master zone database file to the secondary zone so that their resource records are identical. You can configure zone transfers to occur when you modify the contents of the primary master zone database file, or at regular intervals.
Replicating Zone Data When you add a new DNS server to the network and configure it as a new secondary master name server for an existing zone, the server performs a full zone transfer (AXFR) to obtain a full copy of all resource records for the zone. Then, at specified times, the DNS server hosting the primary zone transmits the database file to all the servers hosting secondary copies of that zone.
Replicating Zone Data The Windows Server 2008 DNS Server also supports incremental zone transfer (IXFR), a revised DNS zone transfer process for intermediate changes. This zone transfer method provides a more efficient way of propagating zone changes and updates. With incremental transfers, DNS servers use an IXFR query instead.
Active Directory-Integrated Zones In Active Directory–integrated zones, the zone database is replicated automatically to other domain controllers, along with all other Active Directory data. Active Directory uses a multiple master replication system so that copies of the database are updated on all domain controllers in the domain. You can modify the DNS resource records on any domain controller hosting a copy of the zone database, and Active Directory will update all of the other domain controllers automatically. You don’t have to create secondary zones or manually configure zone transfers, because Active Directory performs all database replication activities.
Active Directory-Integrated Zones Active Directory conserves network bandwidth by replicating only the DNS data that has changed since the last replication, and by compressing the data before transmitting it over the network. The zone replications also use the full security capabilities of Active Directory, which are considerably more robust than those of file- based zone transfers.
Summary The Dynamic Host Configuration Protocol (DHCP) is a service that automatically configures the Internet Protocol (IP) address and other TCP/IP settings on network computers by assigning addresses from a pool (called a scope) and reclaiming them when they are no longer in use.
Summary DHCP consists of three components: – A DHCP server application that responds to client requests for TCP/IP configuration settings. – A DHCP client that issues requests to the server and applies the TCP/IP configuration settings it receives to the local computer. – A DHCP communications protocol that defines the formats and sequences of the messages exchanged by DHCP clients and servers.
Summary DHCP standards define three different IP address allocation methods: – Dynamic allocation, in which a DHCP server assigns an IP address to a client computer from a scope for a specified length of time. – Automatic allocation, in which the DHCP server permanently assigns an IP address to a client computer from a scope. – Manual allocation, in which a DHCP server permanently assigns a specific IP address to a specific computer on the network.
Summary In a distributed DHCP infrastructure, you install at least one DHCP server on each of your subnets so that all of your clients have access to a local DHCP server. In a centralized DHCP infrastructure, the DHCP servers are all placed in a single location, such as a server closet or data center. To enable the broadcast traffic on each subnet to reach the DHCP servers, you must install a DHCP relay agent on each subnet.
Summary TCP/IP networks today use Domain Name System (DNS) servers to convert host names into IP addresses. This conversion process is referred to as name resolution.
Summary The DNS consists of three elements: – The DNS namespace, which takes the form of a tree structure and consists of domains containing resource records that contain host names, IP addresses, and other information. – Name servers, which are applications running on server computers that maintain information about the domain tree structure. – Resolvers, which are client programs that generate DNS queries and send them to DNS servers for fulfillment.
Summary The hierarchical nature of the DNS namespace is designed to make it possible for any DNS server on the Internet to locate the authoritative source for any domain name, using a minimum number of queries. This efficiency results from the fact that the domains at each level of the hierarchy are responsible for maintaining information about the domains at the next lower level.
Summary In a recursive query, the DNS server receiving the name resolution request takes full responsibility for resolving the name. In an iterative query, the server that receives the name resolution request immediately responds with the best information it possesses at the time.
Summary For Internet name resolution purposes, the only functions required of the DNS server are the ability to process incoming queries from resolvers and to send its own queries to other DNS servers on the Internet. A DNS server that performs only these functions is known as a caching-only server because it is not the authoritative source for any domain and hosts no resource records of its own.