Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

Similar presentations


Presentation on theme: "70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System."— Presentation transcript:

1 70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System

2 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 2 Objectives Describe the functions of the Domain Name System Install DNS Explain the function and types of DNS zones Configure DNS zones and zone replication Configure a caching-only server to speed host name resolution

3 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 3 Objectives (continued) Discuss the integration of Active Directory and DNS, including Dynamic DNS Configure and manage a DNS server Manage DNS zones Troubleshoot the DNS service

4 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 4 Features of the DNS Service The most common method used to resolve host names to IP addresses Essential service for a network that uses Active Directory Windows 2000/XP client computers use DNS to find domain controllers BIND is the de facto standard for DNS implementation on UNIX and Linux systems Microsoft offers three versions of DNS: the Windows NT4 DNS service, the Windows 2000 DNS service, and the Windows 2003 DNS service

5 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 5 Installing DNS Most organizations using Active Directory use Windows for their DNS server If no DNS server has been configured for the domain, then the Active Directory Installation wizard asks whether it should install DNS DNS is not automatically added when member servers are promoted to domain controllers

6 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 6 DNS Zones DNS zones are part of the DNS namespace for which a DNS server is responsible Once inside a zone, you can create DNS records You designate whether a zone will hold records for forward lookups or reverse lookups A forward lookup zone holds records for forward lookups A reverse lookup zone holds records for reverse lookups

7 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 7 Primary and Secondary Zones Keep copies of DNS domain information on more than one server It is essential that DNS servers automatically synchronize information between them Primary and secondary zones are traditionally used to automatically synchronize DNS information A primary zone is the first zone to be created A secondary zone has copies of primary zone information

8 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 8 Active Directory-Integrated Zones An Active Directory-integrated zone stores information in Active Directory The DNS server must be a domain controller in order to store information in Active Directory Storing DNS information in Active Directory offers advantages over traditional primary and secondary zones DNS zones can be stored in two areas of Active Directory: The domain directory partition The application directory partition

9 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 9 Stub Zones A DNS server contacts a root server on the Internet if it cannot resolve a host name A stub zone is a DNS zone that holds only NS records for a domain NS records define the name servers that are responsible for a domain

10 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 10 Stub Zones (continued)

11 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 11 Caching-Only DNS Servers These servers do not have any zones configured on them They exist only to be a local DNS server for client computers They cache first-time lookups They use cached information for subsequent client requests To create a caching-only server, install the DNS Service and do not create any zones

12 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 12 Active Directory and DNS Active Directory requires DNS to function properly The most important function that DNS performs for Active Directory is locating services, such as domain controllers To simplify management of DNS records for Active Directory, implement Dynamic DNS

13 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 13 Dynamic DNS Allows records to be updated on a DNS server automatically Windows 2000/XP clients perform their own Dynamic DNS updates During the boot process, the clients contact their DNS server to perform a dynamic update

14 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 14 Dynamic DNS and DHCP The Dynamic DNS information updated by Windows 2000/XP is negotiated with the DHCP server during the lease process By default, a DHCP server running on Windows Server 2003 updates DNS records only for Windows 2000/XP clients if requested

15 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 15 Configuring a Zone for Dynamic DNS A zone can be configured for Dynamic DNS during creation or after configuration Options include: Allowing only secure dynamic updates Allowing both secure and nonsecure dynamic updates Disallowing dynamic updates

16 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 16 Managing DNS Servers Many DNS options can be configured at the server level Configure aging and scavenging Update server data files Clear cache Configure bindings Configure forwarding Edit the root hints Configure event and debug logging Set advanced options Configure security

17 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 17 Aging and Scavenging With aging and scavenging, DNS records created by Dynamic DNS can be removed after a certain period of time if they have not been updated Prevents out-of-date information from being stored in a zone For scavenging to occur, it must be enabled on the Advanced tab of the DNS server properties

18 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 18 Update Server Data Files The Update Server Data Files option is available in the DNS snap-in If a primary zone is not Active Directory-integrated, all DNS changes in memory are written to the zone file on disk

19 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 19 Clear Cache A DNS server automatically caches all lookups that it performs To force a DNS server to perform a new lookup before the record in cache times out, you must clear the cache To clear the cache, right-click the server and select Clear Cache

20 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 20 Configure Bindings The DNS Service listens on all IP addresses that are bound to the server it is running on You can configure DNS to respond on certain IP addresses that are bound to the server The Interfaces tab allows you to configure the IP addresses to which the DNS service listens

21 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 21 Forwarding A DNS server that cannot perform a record lookup queries several servers to find the information Forwarding allows you to configure a local DNS server to forward queries from clients to another DNS server DNS servers that forward requests to other DNS servers are sometimes called slave DNS servers

22 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 22 Root Hints Servers that are used to perform recursive lookups You can configure one of your internal DNS servers to act as a root server

23 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 23 Logging DNS servers are capable of event logging and debug logging Event logging records errors, warnings, and information to the event log Debug logging records much more detailed information

24 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 24 Logging (continued) Event logging options include: No events Errors only Errors and warnings No events Debug logging options include: Packet direction Transport protocol Packet contents Packet type

25 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 25 Advanced Options Several options can be configured on the Advanced tab of the server properties dialog box: Disable recursion (also disables forwarders) BIND secondaries Fail on load if zone data is bad Enable round robin Enable netmask ordering Secure cache against pollution Round robin DNS occurs when more than one record exists for a DNS query

26 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 26 Security You can view and modify which users and groups can modify the configuration of the DNS server By default, the Domain Admins group, Enterprise Admins group, and DnsAdmins group are allowed to manage DNS

27 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 27 Managing Zones A variety of options that can be configured for a zone include: Reload zone information Create a new delegation Change the type of zone and replication Configure aging and scavenging Modify the Start of Authority (SOA) record Name servers Enable WINS resolution Enable zone transfers Configure security

28 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 28 Reload Zone Information You may edit the zone file rather than using the DNS snap-in for mass-editing After editing a zone file, you must restart the DNS service or tell the service to reload the zone file

29 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 29 Create a New Delegation You may need more than one zone to hold all of the DNS information Windows Server 2003 provides a wizard to guide you through the process of delegating the authority for a subdomain to another server To access the wizard, right-click the original zone and then click New Delegation

30 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 30 Changing the Type of Zone and Replication You must choose whether a zone is a primary zone, secondary zone, or stub zone upon its creation The zone type and replication for an existing zone can be modified on the General tab of the zone properties dialog box

31 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 31 Configure Aging and Scavenging Aging/scavenging properties must be configured at the zone level To enable the deletion of old DNS records, select the Scavenge stale resource records option The no-refresh interval option lets you specify how often a DNS record can be refreshed The Refresh interval option is the period of time that must pass after the no-refresh interval has expired before DNS records are deleted

32 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 32 Modify the Start of Authority Record An SOA record for a domain defines a number of characteristics for a zone Configured in the Start of Authority (SOA) tab of the zone properties Options to specify include: Refresh Interval Retry Interval Expires After Minimum TTL

33 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 33 Name Servers Name servers configured for a zone are the authoritative DNS servers for the zone Used in the recursive lookup process to resolve requests for the domain Used by Dynamic DNS clients for dynamic updates

34 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 34 WINS Resolution A DNS zone can be configured with a WINS server to help resolve names If a DNS zone receives a query for a host name for which it has no A record, it forwards the request to a WINS server

35 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 35 Zone Transfers Used to copy zone information from a primary zone to a secondary zone By default, zone transfers are allowed It is good security practice to ensure that zone transfers only occur to known DNS servers

36 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 36 Security You can control the permissions to modify the records for a zone The security tab is only available for Active Directory-integrated zones

37 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 37 Troubleshooting DNS Most problems are a result of incorrectly configured client computers Problems can occur due to misconfigured DNS records Use the Monitoring tab of the DNS server properties dialog box to test the functionality of a DNS server

38 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 38 Summary DNS is the most commonly used method for name resolution Once the DNS service has been added, you must create zones to hold resource records Traditional primary and secondary zones are stored in a zone file on the hard drive of the DNS server

39 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 39 Summary (continued) Active Directory-integrated zones Stored in Active Directory Can act as primary zones to secondary zones A stub zone contains name server records that are used for recursive lookups A caching-only server reduces the network traffic generated by DNS queries

40 70-291: MCSE Guide to Managing a Microsoft Windows Server Network 40 Summary (continued) Dynamic DNS allows records to be automatically updated on a DNS server Aging and scavenging remove outdated records created by Dynamic DNS The root hints are used for recursive lookups; they are loaded from the file cache.dns Event logging and debug logging can be used to troubleshoot DNS problems A WINS server can help resolve host names if a DNS server does not have an A record that matches a query


Download ppt "70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System."

Similar presentations


Ads by Google