1. Implementing DNS Module 7 20410D 7: Implementing DNS
Presentation: 45 minutes
Lab: 40 minutes
After completing this module students will be able to:
Describe name resolution for clients and servers.
Install and manage Domain Name System (DNS) service.
Manage DNS zones.
Required Materials
To teach this module, you need the Microsoft® Office PowerPoint® file 20410D_07.pptx.
Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, all the features of the slides might not display correctly.
Preparation tasks
To prepare for this module:
Read all of the materials for this module.
Practice performing the demonstrations and the lab exercises.
Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance.
Module 7
Implementing DNS

2. Module Overview Managing DNS Zones 20410D 7: Implementing DNS
Provide a brief overview of the module content.

3. Lesson 1: Name Resolution for Windows Clients and Servers
7: Implementing DNS
Demonstration: Troubleshooting Name Resolution
This is the introductory lesson to name resolution. Some students may already be familiar with these concepts. If you have students that already understand the basics of name resolution, you can briefly review the first four topics, and then spend more time on Link‑local Multicast Name Resolution (LLMNR) and troubleshooting name resolution.

4. What Are the Computer Names Assigned to Computers?
7: Implementing DNS
A hostname is a computer name that is added to a domain name and top level to make a fully qualified domain name (FQDN)
Discuss different types of names that computers can use. Emphasize that NetBIOS names are rarely used today, and that Windows 7 and newer versions support them only for legacy applications.
Hostname
AcctDirPC
Domain
adatum
Top level
com
Fully qualified domain name = AcctDirPC.adatum.com
NetBIOS names are rarely used and are being deprecated in Windows operating systems

5. What Is DNS? DNS can be used to: Resolve host names to IP addresses
7: Implementing DNS
DNS can be used to:
Resolve host names to IP addresses
Locate domain controllers and global catalog servers
Resolve IP addresses to host names
Locate mail servers during delivery
Describe the tasks for which DNS is used.
Emphasize the need to use DNS to locate domain controllers and global catalog servers. DNS that is configured incorrectly is one of the most common causes of slow workstation logons and logon failures. In addition, Active Directory® Domain Services (AD DS) replication may fail if DNS is configured incorrectly.

6. DNS Zones and Records Zone types: Forward lookup zone
7: Implementing DNS
A DNS zone is a specific portion of DNS namespace that contains DNS records
Explain to students that a DNS zone is a specific portion of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. If students are interested, you can discuss that subdomains can be either a separate zone, or part of the same zone.
Explain to students what each type of resource record is used for:
Host (A). Resolves names to IP addresses (you can use websites as an example).
Server (SRV). Locates a domain controller.
Mail exchanger (MX). Locates a mail server.
Pointer (PTR). Resolves an IP address to a host name, when troubleshooting.
Mention that, in most cases, the DNS records required for AD DS are added automatically to the necessary zone by domain controllers and global catalog servers. In addition, workstations and servers create their own A records and PTR records automatically via dynamic updating.
Zone types:
Forward lookup zone
Reverse lookup zone
Resource records in forward lookup zones include:
A, MX, SRV, NS, SOA, and CNAME
Resource records in reverse lookup zones include:
PTR

7. How Internet DNS Names Are Resolved
7: Implementing DNS
.root DNS
Microsoft.com DNS
.com DNS
What is the IP address of 1 2 3 4
Workstation
Local DNS Server 5
The IP address is
Explain the information flow by using the steps in the student notes. Mention to students that understanding this process is important when troubleshooting name resolution issues for clients and servers. For example, when a client cannot access a web-based app or file server.
Describe the tasks DNS is used for. Emphasize the need for DNS to locate domain controllers and global catalog servers. Incorrectly configuring DNS is one of the most common causes of slow computer logons and logon failures. Also, Active Directory® replication might fail if DNS is incorrectly configured.
Explain to students that a DNS zone is a specific part of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. Mention that, in most cases, the DNS records that are required for Active Directory are added to the necessary zone automatically by domain controllers and global catalog servers. In addition, workstations and servers automatically create their own A records and pointer records, if the zone is allowing dynamic updates.

8. 20410D
What Is Split DNS?
7: Implementing DNS
External ADI DNS servers host only records that are resolved from the outside: mail and web server
Internal DNS servers host domain computer records, plus mail and web server in a perimeter subnet
Explain the split DNS process as shown in the slide as follows:
Clients and servers on the internal network send all DNS queries to DC/ADI DNS Servers.
Internal requests to perimeter subnet web and mail servers are allowed to go to those servers after resolving names from ADI DNS.
Requests to resolve resources outside of the domain and perimeter subnet are forwarded to the external DNS server, which uses iterative queries to root hints or another forwarder to resolve those queries.
Internal
Active Directory-integrated-DNS server
External
DNS Server,
mail server, and web server 1 2 3
Internal domain servers and computers

9. What Is Link-local Multicast Name Resolution?
20410D
What Is Link-local Multicast Name Resolution?
7: Implementing DNS
LLMNR is an additional method for name resolution that does not use DNS or WINS
LLMNR is designed for IPv6
Works only on Windows Vista, Windows Server 2008, and all newer Windows operating systems
Network Discovery must be enabled
Can be controlled via Group Policy
Explain the basics of LLMNR. Emphasize that this protocol is supported only on newer operating systems. In addition, explain the Network Discovery feature in Network and Sharing Center, and if possible, demonstrate how to turn it on.

10. How a Client Resolves a Name
20410D
How a Client Resolves a Name
7: Implementing DNS
LMHosts File
Local Host Name 8 1
Windows resolves host names by:
Checking whether the host name is the same as the local host name.
Searching the DNS resolver cache. The DNS resolver cache is a local cache that contains any DNS addresses that were recently requested.
Sending a DNS request to its configured DNS servers and this server attempting to resolve that request, either on its own or by forwarding that request to other DNS servers.
Using the LLMNR resolution method to resolve the host name in the local subnet using IPv6, if it is enabled.
Converting the host name to a NetBIOS name and checking the local NetBIOS name cache.
Contacting the host’s configured WINS servers.
Broadcasting as many as three NetBIOS Name Query Request messages on the subnet that is directly attached.
Searching the LMHosts file.
Explain how the name resolution process works, step-by-step. Emphasize the switch from DNS to NetBIOS methods in the process. Mention GlobalNames zone support.
DNS Resolver Cache/Hosts file content
Broadcast 7 2
WINS Server
DNS Server 6 3 5 4
NetBIOS Name Cache
LLMNR

11. Troubleshooting Name Resolution
20410D
Troubleshooting Name Resolution
7: Implementing DNS
A new Windows PowerShell DNS module with numerous cmdlets was introduced with Windows Server 2012
More cmdlets were added with Windows Server 2012 R2
Command-line tools to troubleshoot configuration issues:
Nslookup
DNSCmd
Dnslint
Ipconfig
The troubleshooting process:
Identify client DNS server with nslookup or Resolve-DnsName
Communicate via ping
Use nslookup to verify records
Discuss troubleshooting techniques for DNS.
Note that the new cmdlets from Windows Server 2012 R2 that discuss signing keys and trusts were introduced in Windows Server 2012 R2 to facilitate enhanced DNSSEC functionality; however, further discussion of them is beyond the scope of this course. Explain that, although they are listed in the course to show the new cmdlets available in Windows Server 2012 R2, they are not used in the lab.
You may want to go to the link on the Get-DnsServerStatistics cmdlet and show some of the parameters and other options for this cmdlet.

12. Demonstration: Troubleshooting Name Resolution
7: Implementing DNS
In this demonstration, you will see how to:
Use Windows PowerShell cmdlets to troubleshoot DNS
Use command-line tools to troubleshoot DNS
Discuss troubleshooting techniques for DNS.
Note that the new cmdlets from Windows Server 2012 R2 that discuss signing keys and trusts were introduced in Windows Server 2012 R2 to facilitate enhanced DNSSEC functionality; however, further discussion of them is beyond the scope of this course. Explain that, although they are listed in the course to show the new cmdlets available in Windows Server 2012 R2, they are not used in the lab.
Preparation Steps
Start 20410D-LON-DC1 and 20410D-LON-CL1.
Demonstration Steps
Use Windows PowerShell cmdlets to troubleshoot DNS
1. Sign in to LON‑DC1 and LON-CL1 as Adatum\Administrator with a password of Pa$$w0rd.
2. On LON-CL1, at the bottom of the Start screen, click the white Down Arrow icon.
3. In the Apps screen, scroll to the right, and in the Windows System category, click Windows PowerShell.
4. In Windows PowerShell, type the following cmdlet, and then press Enter:
Get-DnsClientServerAddress
Clear-DnsClientCache
Note that the DNS Server address assigned to Ethernet IPv4 is This is LON-DC1.
Explain the Interface Index number and how it is used to modify certain settings.
Note the entries labeled Ethernet in the InterfaceAlias column, and the entry labeled IPv4 in the Address Family column. In the Interface Index column, note the Interface Index number that is in the same row as Ethernet and IPv4. Write this number here:
You will use this specific Interface Index number in a later step.
In Windows PowerShell, type the following cmdlet, and then press Enter:
Resolve-DnsName lon-dc1
Note the address returned. Do not close Windows PowerShell.
Press Windows key+X, and then click Control Panel.
In Control Panel, click the Network and Internet hyperlink.
On the Network and Internet page, select and then click the Network and Sharing Center hyperlink.
On the Network and Sharing Center page, click the Ethernet hyperlink.
In the Ethernet Status window, click the Details button.
(More notes on the next slide)

13. Lesson 2: Installing a DNS Server
7: Implementing DNS
Demonstration: Installing the DNS Server Role
Briefly describe the lesson content.

14. What Are the Components of a DNS Solution?
7: Implementing DNS
DNS Servers on the Internet
DNS Servers
DNS Resolvers
Resource Record
Root “.”
.com
.edu
List the components of a DNS solution. Ask students to identify the elements that they have used already for a DNS solution.

15. Root hints contain the IP addresses for DNS root servers
What Are Root Hints?
7: Implementing DNS
microsoft
DNS Servers
DNS Server
com
Client
Root Hints
Root (.) Servers
Root hints contain the IP addresses for DNS root servers
Explain what root hints are, and how they are used in name resolving process.
Mention to students that recursive queries are discussed in more detail later in the module.

16. What Are DNS Queries? Queries are recursive or iterative
7: Implementing DNS
Queries are recursive or iterative
DNS clients and DNS servers initiate queries
DNS servers are authoritative or non-authoritative for a namespace
An authoritative DNS server for the namespace either:
Returns the requested IP address
Returns an authoritative “No, that name does not exist”
A non-authoritative DNS server for the namespace either:
Checks its cache
Uses forwarders
Uses root hints
This is slide 1 of 3. Click twice more to see the next two slides.
Explain that a DNS query is used to request name resolution, and that the query is sent to a DNS server. Briefly explain that there are two types of queries: recursive and iterative. DNS servers also can act as DNS clients and send DNS queries to other DNS servers.
Explain that a DNS server can be either authoritative or non‑authoritative for the namespace of the query.
Explain how recursive queries work.
Inform students that they should consider disabling recursive queries for specific domains. When this is done, the DNS server in question will not attempt to forward its DNS requests to another server. This is useful when you do not want a particular DNS server communicating outside of its network. Disabling recursion is performed in the DNS administrative Microsoft Management Console (MMC).
Describe the purpose of an iterative query.

17. 20410D
What Are DNS Queries?
7: Implementing DNS
DNS client
mail1.contoso.com
A recursive query is sent to a DNS server and requires a complete answer
Local DNS server
Slide 2 of 3

18. What Are DNS Queries? .com Client Root hint (.) Local contoso.com
7: Implementing DNS
Client
Local
DNS server
Recursive query
mail1.contoso.com
Root hint (.)
.com
contoso.com
Iterative query
Ask .com
Authoritative response
Ask contoso.com
Slide 3 of 3

19. 20410D
What Is Forwarding?
7: Implementing DNS
A forwarder is a DNS server designated to resolve external or offsite DNS domain names
Client
Recursive query
mail1.contoso.com
Root hint (.)
.com
contoso.com
Iterative query
Ask .com
Authoritative response
Ask contoso.com
Local
DNS server
Forwarder
In this topic, emphasize the following:
Define forwarders and explain their purpose: A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network.
Define conditional forwarding: A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query.
Go over the following example:
You can configure a DNS server to forward all of the queries that it receives for names ending with contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.
Describe how conditional forwarding works by referring to the slide.
A best practice is to use conditional forwarders when you have multiple internal namespaces. This results in faster name resolution.

20. Conditional forwarding forwards requests using a domain name condition
What Is Forwarding?
7: Implementing DNS
Conditional forwarding forwards requests using a domain name condition
Client
Query for
Local
DNS server
contoso.com DNS
ISP DNS
contoso.com
All Other DNS Domains

21. How DNS Server Caching Works
7: Implementing DNS
DNS server cache
Host name
IP address
TTL
ServerA.contoso.com
28 seconds
Explain DNS caching on server and client side. If you have enough time, demonstrate how to view cache content on server and on client.
Client1
Client2
ServerA
Where is ServerA?
ServerA is at
ServerA is at
Where is ServerA?

22. How to Install the DNS Server Role
7: Implementing DNS
DNS server installation methods:
Server Manager
Active Directory Domain Services Installation Wizard
Tools available to manage DNS Server:
DNS Manager snap-in
DNS Manager console (dnsmgmt.msc)
DNSCmd command-line tool
Windows Powershell
Remote Server Administrative Tools
Discuss the methods and tools available to install and manage the DNS server role.

23. Demonstration: Installing the DNS Server Role
7: Implementing DNS
In this demonstration, you will see how to:
Install a second DNS server
Create a forward lookup zone by using Windows PowerShell
Configure forwarding
Preparation Steps
Start 20410D‑LON‑DC1 and 20410D‑LON‑SVR1.
Demonstration Steps
Install a second DNS server
Sign in to LON‑DC1 and LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd.
On LON‑SVR1, in the Server Manager console, in the Manage tab, click Add roles and features.
On the Before you begin page, click Next.
On the Select installation type page, click Next.
On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.
On the Select server roles page, click DNS Server.
In the Add Roles and Features Wizard window, click Add Features, and then click Next.
On the Select Features page, click Next.
On the DNS Server page, click Next.
On the Confirm installation selections page, click Install.
On the Installation progress page, when a message displays that installation succeeded, click Close.
(More notes on the next slide)

24. Lesson 3: Managing DNS Zones
7: Implementing DNS
Demonstration: Creating an Active Directory– Integrated Zone
Provide a brief overview of the lesson content.

25. What Are DNS Zone Types? Zones Description Primary
7: Implementing DNS
Zones
Description
Primary
Read/write copy of a DNS database
Secondary
Read-only copy of a DNS database
Stub
Copy of a zone that contains only records used to locate name servers
Active Directory- integrated
Zone data is stored in AD DS rather than in zone files
Explain that there are four DNS zone types:
Primary
Secondary,
Stub
Active Directory–integrated
Make the following points about the zones:
Primary Zone:
DNS server is the primary source for zone information.
Primary zone stores the master copy of zone data in either a local file or in AD DS.
Primary zone file is named zone_name.dns by default, and is located in %windir%\System32\Dns.
Secondary Zone:
The server is a secondary source for zone information.
The secondary zone information must be obtained from another DNS server that also hosts the zone.
A secondary zone cannot be stored in AD DS.
Stub Zone:
Stub zones were introduced with Windows 2003 to solve several problems with large DNS namespaces and multiple-tree forests.
Active Directory–Integrated Zone:
Discuss the benefits of using the multimaster replication model to simultaneously edit zone data on more than one server.

26. What Are Dynamic Updates?
7: Implementing DNS
The client sends an SOA query
The DNS server returns an SOA resource record
The client sends dynamic update request(s) to identify the primary DNS server
The DNS server responds that it can perform an update
The client sends unsecured update to the DNS server
If the zone permits only secure updates, the update is refused
The client sends a secured update to the DNS server
Resource Records
DNS Server 1 2 3 4 5 6 7
Client
Describe how dynamic updates work.
Explain to students that when an IP address is configured (by DHCP or fixed), it is actually the DHCP client service (not to be confused with the DHCP server) that registers a client’s host records. This is triggered when an IP address is added or changed on any network connection. Registration also happens during computer startup. Remind students that you can also activate registration manually using the Windows PowerShell cmdlet Register-DNSClient, or by typing the ipconfig /registerdns command at a command prompt.
Ask students what they think would happen if dynamic updates were not enabled. They should answer that the biggest problem would be that domain controllers would not be able to register their records in DNS, so the domain controller records would have to be added manually.
Mention to students that there is an option they can set in the DHCP server so that it can dynamically update client computer resource records in DNS. Mention that, by default, Windows Server 2012 DNS servers are configured to support secure-only updates for Active Directory–integrated zones. Active Directory–integrated zones are covered in more detail in the next topic.

27. What Are Active Directory–Integrated Zones?
7: Implementing DNS
Benefits of an Active Directory–integrated zone:
Allows multimaster writes to zone
Replicates DNS zone information by using AD DS replication
Leverages efficient replication topology
Uses efficient incremental updates for Active Directory replication processes
Enables secure dynamic updates
Delegates zones, domains, resource records for increased security
Examples of contoso.com zones include:
hqdc01
filesvr01
desktop101
Explain how DNS stores data in AD DS. Briefly review the benefits.
Question
Can you think of any disadvantages to storing DNS information in AD DS?
Answer
If you want to replicate DNS data to other non‑Microsoft DNS servers, you should not store it in AD DS.

28. Demonstration: Creating an Active Directory–Integrated Zone
7: Implementing DNS
In this demonstration, you will see how to:
Promote a server as a domain controller
Create an Active Directory–integrated zone
Create a record
Verify replication to a second DNS server
Preparation Steps
You need the 20410D‑LON‑DC1, and 20410D‑LON‑SVR1, virtual machines to complete this demonstration. They should already be running from the previous demonstration.
Demonstration Steps
Promote a server as a domain controller
On LON-SVR1, in the Server Manager console, click Add roles and features.
On the Before you begin page, click Next.
On the Select installation type page, click Next.
On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.
On the Select server roles page, click Active Directory Domain Services.
When the Add Roles and Features Wizard window appears, click Add Features, and then click Next.
On the Select features page, click Next.
On the Active Directory Domain Services page, click Next.
On the Confirm installation selections page, click Install.
On the Installation progress page, when the Installation succeeded message displays, click Close.
In the Server Manager console, on the Navigation page, click AD DS.
On the title bar where Configuration required for Active Directory Domain Services at LON‑SVR1 is visible, click More.
On the All Server Task Details and Notifications page, click Promote this server to a domain controller.
(More notes on the next slide)

29. Exercise 3: Managing the DNS Server Cache
Lab: Implementing DNS
7: Implementing DNS
Exercise 3: Managing the DNS Server Cache
Before the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios give context to the lab and exercises, and help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise.
Exercise 1: Installing and Configuring DNS
Contoso is a partner organization working closely with users in the new branch office. In order to support name resolution between A Datum’s branch office and Contoso, you decide to enable DNS forwarding between the two DNS domains.
As part of configuring the infrastructure for the new branch office, you must configure a DNS server that provides name resolution for the branch office. This includes the forwarding for Contoso.com
The DNS server in the branch office will be a domain controller. The Active Directory integrated zones required to support logons will be replicated automatically to the branch office.
Exercise 2: Creating Host Records in DNS
Several new web-based apps are being implemented in the A. Datum head office. Each app requires that you configure a host record in DNS. You have been asked to create the new host records for these apps.
Exercise 3: Managing the DNS Server Cache
After you changed some host records in zones configured on LON‑DC1, you noticed that clients that use LON‑SVR1 as their DNS server were still receiving old IP addresses during the name resolving process. You want to determine which component is caching this data.
Logon Information
Virtual machines 20410D‑LON‑DC1
20410D‑LON‑SVR1
20410D‑LON‑CL1
User name Adatum\Administrator
Password Pa$$w0rd
Estimated Time: 60 minutes

30. 20410D
Lab Scenario
7: Implementing DNS
Your manager has asked you to configure the domain controller in the branch office as a DNS server.
You have also been asked to create some new host records to support a new app that is being installed.
Finally, you need to configure forwarding on the DNS server in the branch office to support Internet name resolution.

31. 20410D
Lab Review
7: Implementing DNS
How can you browse the content of the DNS resolver cache on a DNS server?
Lab Review Questions
Question
Can you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations?
Answer
Yes, you can. However, you cannot create Active Directory–integrated zones on a DNS server that is not a domain controller.
What is the most common way to carry out Internet name resolution on a local DNS?
Companies typically configure their local DNS with a forwarder. That forwarder is most often a DNS server of their ISP.
How can you browse the content of the DNS resolver cache on a DNS server?
You can browse the content of the DNS resolver cache on a DNS server by enabling the Advanced view in the DNS Manager console or by using Windows PowerShell cmdlets.

32. Module Review and Takeaways
7: Implementing DNS
Best Practices
Common Issues and Troubleshooting Tips
Tools
Module Review Questions
Point students to the appropriate section in the course so that they are able to answer the questions that this section presents.
Question
You are troubleshooting DNS name resolution from a client computer. What must you remember to do before each test?
Answer
You should clear the resolver cache before starting to troubleshoot.
You are deploying DNS servers into an Active Directory domain, and your customer requires that the infrastructure is resistant to single points of failure. What must you consider when planning the DNS configuration?
You should deploy more than one AD DS domain controller with the DNS server role installed.
What benefits do you realize by using forwarders?
Forwarders are used when your local DNS server cannot resolve a query from the client using its own local zones. You usually configure forwarders to resolve Internet names. However, you can also use forwarders to optimize performance, to optimize Internet link usage on your local DNS server, and to enhance security.
(More notes on the next slide)