Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System

2 Objectives Describe the functions of the Domain Name System Install DNS Explain the function of DNS zones Configure a caching-only server to speed hostname resolution Integrate Active Directory and DNS, including Dynamic DNS Configure and manage a DNS server Manage DNS zones Troubleshoot DNS

3 Functions of the Domain Name System Domain Name System (DNS) –Essential service for a network that uses Active Directory –Has the ability to store DNS information in Active Directory –Once DNS information is stored in Active Directory, it is automatically replicated to all domain controllers –Storing DNS data in Active Directory allows security control for Dynamic DNS

4 Functions of the Domain Name System (Continued) –Used internally to resolve hostnames to IP addresses –Can be integrated with the worldwide system for resolving hostnames to IP addresses –Can be used as a repository for service information and perform reverse lookups to convert IP addresses to host names

5 Hostname Resolution Windows Sockets (WinSock) and NetBIOS –Two standard methods Windows applications can use to access network resources –Name accessed through WinSock is known as a hostname Steps followed to resolve hostnames –Hostname Server first checks if hostname being resolved is its own If it is, then it uses its own IP address and resolution process stops

6 Hostname Resolution (Continued) Steps (Continued) –Hosts file is loaded into cache HOSTS file is used to list hostnames and IP addresses for resolution Contents of the HOSTS file are placed in DNS cache –DNS cache Contents are evaluated If hostname being resolved is in DNS cache, then IP address in the cache is used –DNS If required hostname is not the hostname of this server and has not been found in DNS cache, then Windows Server 2003 submits a request to a DNS server for resolution

7 HOSTS File Simple text file that stores hostname information Must be located in C:\WINDOWS\system32\drivers\etc Contents are a list of IP addresses and hostnames

8 HOSTS file

9 Forward Lookup Resolves hostnames to IP addresses Two-packet process –First packet is request from DNS client to DNS server containing hostname to be resolved –Second packet is response from server containing the IP address of requested hostname

10 Forward Lookup (Continued) Root servers –13 root servers that control overall DNS lookup process –ICANN DNS Root Server System Advisory Committee is main body responsible for maintenance –If servers become unavailable, much of the Internet would be inaccessible Recursive lookup –DNS query that is resolved through other DNS servers until requested information is located

11 DNS Lookup Process

12 Registering a Domain Top-level domain names –Organized by either country or category –Category names defined by the Internet Corporation for Assigned Names and Numbers (ICANN) –To merge with worldwide DNS lookup system you must register your domain name with a registrar Registrars –Have ability to put domain information into top- level domain DNS servers

13 Top-level domains

14 Reverse Lookup Resolves IP addresses to hostnames Often performed for the system logs of Internet services Web server can be configured to perform reverse lookup of all clients accessing a Web site Reverse lookup DNS information maintained by ISP

15 DNS Record Types Created on a DNS server to resolve queries Each type of record holds different information about –A service –Hostname –IP address –Domain DNS has ability to hold many different record types

16 DNS records types

17 Domain Name System (DNS) and Berkeley Internet Name Domain (BIND) BIND –The de facto standard for DNS implementation on UNIX and Linux systems –Other implementations of DNS reference BIND version numbers for feature compatibility

18 BIND versions and features

19 Installing DNS Windows Server 2003 has the ability to act as a DNS server Small organizations –During installation of Active Directory, if no DNS server has been configured for the domain, DCPROMO asks whether it should install DNS Large organizations –DNS is often installed on multiple servers

20 DNS Zones The part of a DNS namespace for which a DNS server is responsible Forward lookup zone –A zone that holds records for forward lookups Reverse lookup zone –A zone that holds records for reverse lookups

21 Primary and Secondary Zones Used to automatically synchronize DNS information between DNS servers Primary zone –First to be created –DNS records created here Secondary zone –Takes copies of primary zone information –Cannot be copied

22 Primary and Secondary Zones (Continued) For fault tolerance and to reduce network traffic –Keep copies of DNS domain information on more than one server –Servers must automatically synchronize information between them Zone Transfer –Moving information from primary zone to secondary zone Incremental Zone Transfer –Copies information that has changed from the primary zone

23 Active Directory Integrated Zone Stores information in Active Directory rather than in a file on the local hard drive Advantages of Storing DNS information in Active Directory –Automatic backup of zone information –Multimaster replication –Increased security

24 DNS Zone Storage in Active Directory Two areas DNS zones can be stored in Active Directory –Domain directory partition Holds information about objects specific to a particular Active Directory domain Replicated to all domain controllers in an Active Directory domain Cannot be replicated to domain controllers in other Active Directory domains

25 DNS Zone Storage in Active Directory (Continued) –Application directory partition Allows information to be stored in Active Directory but be replicated only among a defined set of domain controllers Domain must be in the same Active Directory forest but can be in different Active Directory domains

26 Storing a zone in the domain directory partition

27 Storing a zone on all DNS servers in an Active Directory forest

28 Merging Active Directory Integrated Zones with Traditional DNS Active Directory integrated zones –Interact with traditional zones by acting as a primary zone to traditional secondary zones Situations where a DNS server cannot participate in an Active Directory integrated zone –DNS server is pre-Windows 2000 –DNS server is Windows 2000 and Active Directory integrated zone is stored in an application directory partition –DNS server is a non-Windows server –DNS server is a member server, but not a domain controller –DNS server is in a different forest

29 Stub Zones A DNS zone that holds only NS records for a domain NS records –Define the name servers that are responsible for a domain

30 DNS lookup using a stub zone

31 Caching-only Server Does not have zones configured on it Exists only to be a local DNS server for client computers On very slow WAN links –Caching-only servers may create less network traffic than storing Active Directory integrated zones or secondary zones locally To create a caching-only server –Install the DNS Service and do not create any zones

32 Active Directory and DNS Active Directory requires DNS to function properly Most important function DNS performs for Active Directory is locating services

33 Active Directory and DNS (Continued) Dynamic DNS –Used to simplify management of DNS records for Active Directory –System in which records can be updated on a DNS server automatically –Defined by RFC 2136 –Service records for domain controllers are placed in DNS zone using Dynamic DNS –Windows 2000/XP clients perform their own Dynamic DNS updates

34 DNS records for Active Directory

35 Configuring a Zone for Dynamic DNS Can be done during creation process or by modifying properties of the zone after configuration “Allow only secure dynamic updates” option –Available only if the zone is Active Directory integrated “Allow only dynamic updates” option –If selected, then any client can update records Do not allow dynamic updates option –Stops this zone from accepting dynamic updates

36 Dynamic update options when creating an Active Directory integrated zone

37 Changing the dynamic update option

38 Managing DNS Servers Aging and Scavenging –New feature of DNS in Windows Server 2003 –Allows DNS records created by Dynamic DNS to be removed after a certain period of time if they have not been updated –Must be enabled on the Advanced tab of the DNS server properties

39 Managing DNS Servers (Continued) Update Server Data Files –Option is available when you right-click on the server Clear Cache –DNS server automatically caches all lookups that it performs –Must clear cache to force a DNS server to perform a new lookup before the record times out

40 Managing DNS Servers (Continued) Configure Bindings –You can configure DNS to only respond on certain IP addresses that are bound to server Forwarding –Allows you to configure local DNS server to forward queries from clients to another DNS server

41 The DNS Server Properties Interfaces Tab

42 Root Hints Servers used to perform recursive lookups Root Hints tab –Automatically populated with names and IP addresses of DNS root servers on the Internet Possible to configure one of your internal DNS servers to act as a root server –Create a forward lookup zone named “.” –DNS server with zone named “.” is considered a root server

43 The DNS Server Properties Forwarders tab

44 The DNS Server Properties Root Hints Tab

45 Logging Event logging –Records errors, warnings, and information to event log Debug logging –Records packet-by-packet information about queries the DNS server is receiving –Can reduce information recorded by specifying Packet direction Transport protocol Packet contents Packet type

46 DNS Server Properties Event Logging Tab

47 Advanced Options Configurable options on Advanced tab of server properties –Disable recursion (also disables forwarders) –BIND secondaries –Fail on load if bad zone data –Enable round robin –Enable netmask ordering –Secure cache against pollution

48 The DNS Server Properties Advanced Tab

49 Managing Zones Options that can be configured for a zone –Reload zone information –Create a new delegation –Change the type of zone and replication –Configure aging and scavenging –Modify the Start of Authority (SOA) record –Name servers –Enable WINS resolution –Enable zone transfers –Configure security

50 Troubleshooting DNS Most DNS problems are a result of incorrectly configured DNS records Iterative query –DNS server looks only in the zones for which it is responsible NSLOOKUP –Queries DNS records –Allows you to confirm that each DNS server is configured with the correct information –Can be used from a command prompt to resolve hostnames –Most powerful in interactive mode

51 DNS Server Properties Monitoring Tab

52 Summary Hostname resolution –Check if hostname being resolved matches hostname of local computer –Load HOSTS file into DNS cache –Check DNS cache for third step –DNS is used if required Forward lookup –Resolves hostnames to IP addresses Reverse lookup –Resolves IP address to hostname

53 Summary (Continued) Recursive lookup –Performed when local DNS server queries root servers on the Internet on behalf of a DNS client Common DNS record types –A, MX, CNAME, NS –SOA, SRV,AAAA, and PTR DNS zones –Hold records for a portion of DNS namespace –Primary and secondary zones stored in a zone file –Active Directory integrated zones stored in Active Directory –Stub zone contains name server records

54 Summary (Continued) Caching-only server –Reduces network traffic generated by DNS queries Dynamic DNS –Allows records to be automatically updated on a DNS server Aging and scavenging –Remove outdated records created by Dynamic DNS Root hints –Used for recursive lookups

55 Summary (Continued) Event logging and debug logging –Used to troubleshoot DNS problems WINS server –Used to help resolve hostnames NSLOOKUP –Used to verify that DNS server is properly configured