1 Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008 Create standard DNS zones Manage your Domain Name System (DNS) environment Troubleshoot your DNS environment Describe the new features of DNS in Server 2008

2 Domain Name System Translate human-readable host names to IP Address Assists the flow of –Provides mail exchanger records that tell a Simple Mail Transfer Protocol (SMTP) server where to send an message

DNS Terminology DNS namespace –Organized into the following domains: root domain (.), top- level domain (TLD), second-level domain, and so on DNS domain –The portion of the namespace to the right of the host name Fully qualified domain names –The entire name: host_name.domain_name Hosts: Computers on internet hosting resources. Host name: Not necessary to be the compute name DNS zone: Groups records into zones DNS records: Information in DNS database. 3

4 Host name portion of DNS Domain Domain Portion of DNS Domain

DNS Queries in Windows Server 2008 Iterative query: –Get an answer or Referral Recursive queries: –Get an answer or No answer 5

Configuring DNS Clients DNS Client service to perform DNS queries on behalf of the client DNS servers –Which server client contacts to resolve a name Server 2008 Supports dynamic updates –Automatically update DNS records –Win 2000, XP & Vista clients perform their own Dynamic DNS updates –During the boot process, the clients contact their DNS server to perform a dynamic update 6

7 Dynamic DNS and DHCP DHCP Server can perform dynamic updates for clients Configured via Scope Properties Deletes records of clients removed from the domain or whose DHCP leases expire Scavenging –Remove stale records

DNS Suffix –DNS domain appended to all unqualified name queries, or a query that contains only a host name

Installing DNS in Windows Server 2008 DNS –A role that can be installed on Windows Server 2008 Cache-only DNS server –Server that has the DNS role installed –Does not hold a DNS zone so it is not authoritative for any DNS zones –Does it maintain any DNS records Root hints –Provide IP address pointers to top-level DNS servers –Provide referral answers to queries in a DNS server’s quest to resolve an unknown domain name request Forwarders –Servers used to resolve names 9

DNS Zones Zones: Building blocks of your DNS infrastructure DNS zones –Fall into two categories Standard and Active Directory Standard Zones –zone.dns Used to store DNS records Found in the %systemroot%\system32\DNS folder –Berkeley Internet Name Domain (BIND) Industry standard of DNS servers on the Internet and networks running DNS on UNIX/Linux systems 10

Standard DNS Zone Types Primary DNS zone –The zone that is authoritative for a specific domain and its name records Secondary DNS zone –Read-only version of the DNS records for a zone Stub zone –Read-only copy of a zone that obtains its resource records from the name servers that are authoritative for a particular zone Start of Authority Name Server (NS) records Host records of all name servers authoritative for the zone 11

12 Stub Zones

Standard DNS Zone Transfers Master server –Server hosts Primary Zone. Slave server –Server hosts Secondary Zone Zone transfers from the master to the secondary server come in two varieties –Incremental zone transfers (IXFRs) –Full zone transfers (AXFRs) 13

14 Active Directory-Integrated Zones An Active Directory-integrated zone stores information in Active Directory The DNS server must be a domain controller in order to store information in Active Directory Advantages Using Active Directory- Integrated zone Automatically backup of zone information Multi-master replication Increased security Can be stored in two areas of Active Directory:  The domain directory partition (replicate to all DCs)  The application directory partition (new since Replicated to selected servers)

Direction of DNS Zones Forward lookup DNS zones –Allow a DNS client to resolve an FQDN to an IP address Reverse lookup DNS zone –Maps IP addresses to host names 15

DNS Resource Records Start of Authority (SOA) –Record is the starting point for information related to a zone Name server (NS) record –Identifies a DNS server that is authoritative for a zone Host (A) record –Provides host name–to–IP address resolution for DNS clients Host (AAAA) Records for IPv6 –Records map a host name to an IPv6 address Mail exchanger (MX) record –Specifies the server that is responsible for handling Alias records –Used to create an alias for a specific host 16

DNS Resource Records (continued) Pointer records –Resolves IP address to host names for DNS clients Service locator records –Provides the following information Location of services it needs Network protocol needed to access the previously mentioned services Domain services it provides (gc, ldap, kerberos, etc.) 17

18 Managing DNS Servers Configure DNS Server options - Server Properties –Configure aging and scavenging –Update server data files Write data to zone file on disk Only used for Standard zone –Clear cache –Configure bindings –Configure forwarding –Edit the root hints –Configure event and debug logging –Set advanced options –Configure security

19 Configure Bindings The DNS Service listens on all IP addresses that are bound to the server it is running on You can configure DNS to respond on certain IP addresses that are bound to the server The Interfaces tab (DNS server Properties) allows you to configure the IP addresses to which the DNS service listens

20 Root Hints Servers that are used to perform recursive lookups You can configure one of your internal DNS servers to act as a root server  NO Internet connection You should not change Root Hints on your DNS server that is connected to Internet

21 Forwarding A DNS server that cannot perform a record lookup queries several servers to find the information Forwarding queries from clients to another DNS server Used with internal DNS server that does not have Internet access Conditional Forwarding Forwarding based on a specific domain name

22

23 Logging Event logging records errors, warnings, and information to the event log – No events – Errors only – Errors and warnings – No events Debug logging records much more detailed information – Packet direction – Transport protocol – Packet contents – Packet type

24 Advanced Options Several options can be configured on the Advanced tab of the server properties dialog box: –Disable recursion (also disables forwarders) –BIND secondaries (when using w/non-Windows old DNS) ­ Disable fast zone transfers –Fail on load if zone data is bad –Enable round robin –Enable netmask ordering – Return the results close to client –Secure cache against pollution – Only cache host from requested domain Round robin DNS occurs when more than one record exists for a DNS query – e.g multiple web servers have the same host name

25 Security You can view and modify which users and groups can modify the configuration of the DNS server By default, the Domain Admins group, Enterprise Admins group, and DnsAdmins group are allowed to manage DNS

26 Managing Zones

27 Managing Zones Configure Zone options –Reload zone information – Use Text editor to mass edit zone file and load into DNS (no need today with dynamic updates) Create a new delegation –Change the type of zone and replication (General tab) –Configure aging and scavenging  at zone level Modify the Start of Authority (SOA) record –Name servers  Authoritative DNS for the zone – Used in recursive lookup and dynamic update –Enable WINS resolution  Find hostname via NetBIOS name –Enable zone transfers  Transfer zone file to Secondary zone –Configure security – Zone security (permission) on A.D. Integrated zone

28 Create a New Delegation You may need more than one zone to hold all of the DNS information Windows provides a wizard to delegate the authority for a subdomain (child domain) to another server (child domain’s DNS server) To access the wizard, right-click the original zone and then click New Delegation

29 Modify the Start of Authority Record Configured in the Start of Authority (SOA) tab of the zone properties Options to specify include: –Refresh Interval –Retry Interval –Expires After –Minimum TTL

30 DNScmd –Command-line tool for performing configuration and maintenance tasks on a DNS server –Can be used to: Create and delete DNS zones Add and delete View information about DNS zones and records Change the zone type DNS Commands

New DNS Features DNS on Server Core Support for IPv6 –Windows Server 2008 DNS supports the IPv6 address numbering scheme along with the AAAA resource records Link-local multicast name resolution (LLMNR) –Clients exchange simple messages to verify that they have a unique name on the local subnet –Resolve names on a local network segment when a DNS server is not available Primary Read-Only Zone –Read-only domain controllers (RODCs): contain a copy of the AD DS database and can answer client requests 31

New DNS Features (continued) DNS client changes –Periodically perform a check to ensure that they are authenticating with a local DC Background zone loading –Allows DNS server to handle client requests immediately instead of waiting until the entire DNS zone is loaded GNZ (GlobalName Zone) –Allows you to resolve single-label: host computer name–to–IP address resolution records in their Windows Server 2008 DNS zone –Aid retirement of WINS 32

33 Troubleshooting DNS Most problems are a result of incorrectly configured client computers (unlikely with DHCP) Problems can occur due to mis-configured DNS records Use the Monitoring tab of the DNS server properties dialog box to test the functionality of a DNS server Check DNS server logs

DNS Server Logs –Global Logs folder: contains a subset of the event logs relating specifically to DNS called DNS Events –General Tab: log file size default is 16,384 KB –Filter Tab: Filter by Event type, source, category, & time 34

Command-Line Utilities Ping: Ping a server by host name or FQDN Ipconfig –Commands and switches: ipconfig /all, ipconfig /flushdns, ipconfig /displaydns, ipconfig /registerdns DCDiag –Allows you to perform diagnostic queries of your DCs Nslookup –Perform queries for DNS record from the command line –Noninteractive - Perform a single query in a single command with all parameters entered. –Interactive - Launch nslookup in a command-line shell where you can define parameters one by one –Used with debug parameter; provides more detailed information 35