Module Overview Installing the DNS Server Role Configuring the DNS Server Role Configuring DNS Zones Configuring DNS Zone Transfers Managing and Troubleshooting DNS Overview of the Windows Internet Name Service Configuring WINS Replication Migrating from WINS to DNS
Overview of the Domain Name System Role Domain Name System is a hierarchical distributed database DNS supports accessing resources by using alphanumeric names InterNIC is responsible for managing the domain namespace Root Domain Subdomain Second-Level Domain Top-Level Domain FQDN: SERVER1.sales.south.nwtraders.com south nwtraders com sales west east org net Host: SERVER1
DNS Improvements for Windows Server 2008 New or enhanced features in the Windows Server 2008 version of DNS include: Background zone loading IP version 6 support Support for read-only domain controllers Global single names DNSSEC against Spoofing and Man-in-the-middle attack Only available in R2 & IPv6 environment Three new types of records: Signature (SIG), Public Key (KEY), Next Domain (NXT)
Consideration for deploying DNS Server Role: Manually configuring the server to use a static IP address Use the DNS console or dnscmd The user account must be a member of the local administrators group or equivalent dnscmd dns_server_name /ageAllRecords /startScavenging /zoneinfo /zoneexport /info /config /statistics /zoneresettype zonename /primary [ | /secondary] /zoneresetsecondaries /zoneresetmaster zonename
What Are the Components of a DNS Solution? DNS Servers on the Internet DNS Servers DNS Clients Root “.”.com.edu Resource Record Resource Record
DNS resource records include: SOA: Start of Authority A: Host Record CNAME: Alias Record MX: Mail Exchange Record SRV: Service Resources NS: Name Servers AAAA: IPv6 DNS Record DNS Resource Records
What Are Root Hints? Root hints contain the IP addresses for DNS root servers microsoft DNS Servers DNS Server Root (.) Servers com Client Root Hints
What Is a DNS Query? Queries are recursive or iterative DNS clients and DNS servers both initiate queries DNS servers are authoritative or nonauthoritative for a namespace An authoritative DNS server for the namespace will either: Return the requested IP address Return an authoritative “No” A nonauthoritative DNS server for the namespace will either: Check its cache Use forwarders Use root hints A query is a request for name resolution and is directed to a DNS server
What Are Recursive Queries? DNS Client mail1.contoso.msft A recursive query is sent to a DNS server and requires a complete answer Database Local DNS Server
What Are Iterative Queries? An iterative query directed to a DNS server may be answered with a referral to another DNS server Client Server Local DNS Server Root Hint (.).com Recursive Query mail1.nwtraders.com Iterative Query Ask.com Ask nwtraders.com Authoritative Response Nwtraders.com
What Is a Forwarder? A forwarder is a DNS server designated to resolve external or offsite DNS domain names Nwtraders.com Root Hint (.).com Iterative Query Ask.com Ask nwtraders.com Authoritative Response Forwarder Recursive Query for mail1.nwtraders.com Recursive Query Local DNS Server Client Server
ISP DNS All other DNS domains Local DNS Contoso.msft DNS contoso.msft Query for Conditional forwarding forwards requests using a domain name condition Client Computer What Is Conditional Forwarding?
Where’s ServerA? ServerA is at Where’s ServerA? ServerA is at How DNS Server Caching Works Client1 Client2 ServerA DNS server cache Host nameIP addressTTL ServerA.contoso.msft seconds
What Is a DNS Zone?“.”“.”.com.com microsoft.com zone microsoft.com domain Internet example.microsoft.com zone DNS root domain Zone database example.microsoft.com ftp.example.microsoft.com Delegated microsoft.com ftp.microsoft.com example.microsoft.com WWW FTP FTP.example
What Are the DNS Zone Types? ZonesDescription PrimaryRead/write copy of a DNS database SecondaryRead-only copy of a DNS database Stub Copy of a zone that contains only records used to locate name servers Active Directory integrated Zone data is stored in Active Directory rather than in zone files
DNS Client2 DNS Client3 What Are Forward and Reverse Lookup Zones? Namespace: training.nwtraders.msft DNS Client1 DNS Server Authorized for training Forward zone Training DNS Client DNS Client DNS Client Reverse zone in- addr.arpa DNS Client DNS Client DNS Client3 DNS Client2 = ? = ?
With a stub zone defined, the location of the na.fabrikam.com zone is known without querying multiple DNS servers Contoso.com (Root domain) na.contoso.com sa.contoso.com ny.na.contoso.com rio.sa.contoso.com DNS server fabrikam.com DNS server na.fabrikam.com Stub zone: na.fabrikam.com Stub zone: rio.sa.contoso.com Without stub zones, the ny.na.contoso.com server must query several servers to find the server that hosts the na.fabrikam.com zone Contoso.com (Root domain) na.contoso.com sa.contoso.com ny.na.contoso.com rio.sa.contoso.com DNS server fabrikam.com DNS server na.fabrikam.com What Are Stub Zones?
DNS Zone Delegation Training.contoso.msft Sales.contoso.msft Contoso.msft
What Is a DNS Zone Transfer? A DNS zone transfer is the synchronization of authoritative DNS zone data between DNS servers SOA query for a zone SOA query answered IXFR or AXFR query for a zone IXFR or AXFR query answered (zone transferred) Secondary server Primary and Master server
How DNS Notify Works Secondary Server Primary and Master Server DNS notify Zone transfer A DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur Source ServerDestination Server Resource record is updated SOA serial number is updated
Securing Zone Transfers Primary Zone Secondary Zone Encrypt zone transfer traffic Consider using Active Directory-integrated zones Restrict zone transfer to specified servers
What Is Time to Live, Aging, and Scavenging? FeatureDescription Time to Live (TTL) Indicates how long a DNS record will remain valid Aging Occurs when records that have been inserted into the DNS server reach their expiration and are removed Scavenging Performs DNS server resource record grooming for old records in DNS
Troubleshooting DNS ToolUsed to: NslookupTroubleshoot DNS problems DnscmdEdit the DNS configuration DnslintDiagnose common DNS issues You can test the DNS server configuration by using: A simple query to ensure that the DNS service is answering A recursive query to ensure that the DNS server can communicate with the upstream DNS service Monitor DNS events in the event log to: Monitor zone transfer information Monitor computer events
What is WINS and When Is WINS Required? WINS resolves NetBIOS name (single label name) to ip address WINS is required for the following reasons: Older versions of Microsoft operating systems rely on WINS for name resolution Some applications, typically older applications, rely on NetBIOS names When you need dynamic registration of single-label names If users rely on the Network Neighborhood or My Network Places network browser features If you are not using Windows Server 2008 as your DNS infrastructure
Overview of WINS Components Subnet 1 Subnet 2 WINS Server WINS Database WINS Proxy WINS Client
WINS Client Registration and Release Process WINS Client WINS Server Name Registered Name Released WINS client sends request to register WINS server returns registration message with TTL value, indicating when the registration expires 1 1 WINS client sends request to release name WINS server sends a positive name release response 2 2
WINS Server Name Resolution Process Subnet 2 Subnet 1 Subnet 2 WINS Server A WINS Server B Client Client makes three attempts to contact WINS server, but does not receive a response 1 1 Client attempts to contact all WINS servers until contact is made 2 2 If name is resolved, IP address is returned to the client 3 3 Up to three attempts
What Are NetBIOS Node Types? Node type Description Registry value B-node Uses broadcasts for name registration and resolution 1 P-node Uses a NetBIOS name server, such as WINS, to resolve NetBIOS names 2 M-node Combines B-node and P-node, but functions as a B-node by default 4 H-node Combines P-node and B-node, but functions as a P-node by default 8 A NetBIOS node type determines the method that a computer uses to resolve a NetBIOS name
Compacting the WINS Database Maintain WINS database integrity by using: Dynamic compacting. Automatically occurs while the database is in use Offline compacting. Administrator stops the WINS server and uses the Jetpack.exe command-line tool Compacting recovers unused space in a WINS database
Notification sent 2 2 Replication request 3 3 Replicas sent 4 4 ServerB What Is Push Replication? A push partner notifies replication partners based on the number of changes in its database Push replication maintains a high level of synchronization ServerA reaches set threshold of 50 changes in its database 1 1 ServerA notifies ServerB that the threshold is reached 2 2 ServerB responds to ServerA with a replication request 3 3 ServerA sends replicas of its new database entries 4 4 ServerA Subnet 1 Subnet 2 50 changes occur in database 1 1
Replicas sent 2 Requests changes every eight hours 1 1 ServerB What Is Pull Replication? A pull partner requests replication based on a time interval Pull replication limits frequency of replication traffic across slow links ServerA requests database changes every 8 hours 1 1 ServerB sends replicas of its new database entries 2 2 ServerA Subnet 1 Subnet 2
What Is Push/Pull Replication? Push/pull replication ensures that the databases on multiple WINS servers are nearly identical at any given time by: Notifying replication partners whenever the database reaches a set threshold of changes Requesting replication based on a set time
Name Resolution for a Single-Label Name IPv6 does not support WINS Windows Server 2008 introduces a new zone type for DNS called GlobalNames Zone IPv6 does not support WINS Windows Server 2008 introduces a new zone type for DNS called GlobalNames Zone Resolves single-label names in the enterprise without using WINS Mitigates the management and maintenance of DNS suffix search lists Relies on static record creation Requires the zone be available on DNS servers throughout the forest
The GlobalNames zone: What Is the GlobalNames Zone? Enables Single-Label name resolution for IPV6 enabled networks Uses CNAME records to point to the FQDN of the computer that hosts the resource Is recommended to be integrated in Active Directory with forest-wide replication Can be a used as a method to decommission WINS servers Requires no additional client configuration because the client resolves the name in standard DNS query form
Setup GlobalNames Zone Functions of Content Advisor include: Requires authoritative name servers running Windows Server 2008 Configure forest-wide, Active Directory-integrated replication of the GlobalNames zone Create static CNAME records that point to FQDN records Disable dynamic updates on the GlobalNames zone Enable single-label GlobalNames zone support on all DNS servers that host the zone Use the following command to enable support for the GlobalNames zone on all DNS servers hosting the zone: dnscmd /config /EnableGlobalNamessupport 1