Docstoc

DNS server DNS server - carrieclasses

Document Sample
DNS server DNS server - carrieclasses Powered By Docstoc
					Module Overview
• Installing the DNS Server Role

• Configuring the DNS Server Role

• Configuring DNS Zones

• Configuring DNS Zone Transfers

• Managing and Troubleshooting DNS

• Overview of the Windows Internet Name Service

• Configuring WINS Replication

• Migrating from WINS to DNS
Overview of the Domain Name System Role
• DNS supports accessing resources by using
  alphanumeric names

• InterNIC is responsible for managing the
  domain namespace
Root Domain
Top-Level
Domain                      net        com        org

Second-Level
Domain                              nwtraders

Subdomain
                           west       south       east



              FQDN:                 sales       Host: SERVER1
SERVER1.sales.south.nwtraders.com


Domain Name System is a hierarchical distributed database
DNS Improvements for Windows Server 2008

 New or enhanced features in the Windows Server 2008
 version of DNS include:

   • Background zone loading

   • IP version 6 support

   • Support for read-only domain controllers

   • Global single names


   • DNSSEC against Spoofing and Man-in-the-middle attack
       Only available in R2 & IPv6 environment
       Three new types of records:
         Signature (SIG), Public Key (KEY), Next Domain (NXT)
Consideration for deploying DNS Server Role:

    Manually configuring the server to use a static IP address

    Use the DNS console or dnscmd

     The user account must be a member of the local
    administrators group or equivalent

    dnscmd dns_server_name
         /ageAllRecords
         /startScavenging
         /zoneinfo
         /zoneexport
         /info
         /config
         /statistics
         /zoneresettype zonename /primary [ | /secondary]
         /zoneresetsecondaries
         /zoneresetmaster zonename
What Are the Components of a DNS Solution?




                                         Root “.”
                        Resource
                         Record

                                                    .com




                                            .edu
                        Resource
                         Record


   DNS Clients   DNS Servers   DNS Servers on the Internet
DNS Resource Records


 DNS resource records include:

   • SOA: Start of Authority

   • A: Host Record

   • CNAME: Alias Record

   • MX: Mail Exchange Record

   • SRV: Service Resources

   • NS: Name Servers

   • AAAA: IPv6 DNS Record
What Are Root Hints?


  Root hints contain the IP addresses for DNS root servers


                                    Root (.) Servers

   DNS Servers

                       Root Hints




                                                       com
                           DNS Server



    Client                                       microsoft
 What Is a DNS Query?

A query is a request for name resolution and is directed to a
DNS server


 • Queries are recursive or iterative

 • DNS clients and DNS servers both initiate queries

 • DNS servers are authoritative or nonauthoritative for
   a namespace

 • An authoritative DNS server for the namespace will either:
     • Return the requested IP address
     • Return an authoritative “No”

 • A nonauthoritative DNS server for the namespace will either:
     • Check its cache
     • Use forwarders
     • Use root hints
What Are Recursive Queries?


 A recursive query is sent to a DNS server and requires a
 complete answer


                     mail1.contoso.msft




                                                   Database
                        172.16.64.11

      DNS Client                          Local DNS Server
What Are Iterative Queries?

     An iterative query directed to a DNS server may be
     answered with a referral to another DNS server

                             Iterative Query   Root Hint (.)
Local DNS Server
                                Ask .com

                                                 .com




                                                  Nwtraders.com




             Client Server
 What Is a Forwarder?

       A forwarder is a DNS server designated to resolve
       external or offsite DNS domain names

                         Iterative Query
    Forwarder                                       Root Hint (.)
                             Ask .com


                                                     .com




                                                      Nwtraders.com

Local DNS Server                    Client Server
What Is Conditional Forwarding?

    Conditional forwarding forwards requests using a domain
    name condition

                     All other DNS domains
   Local DNS                                       ISP DNS




         Client Computer
                                   Contoso.msft DNS
How DNS Server Caching Works


                 DNS server cache
     Host name           IP address          TTL
ServerA.contoso.msft   192.168.8.44   28 seconds




           Where’s
         ServerA is at
           ServerA?
         192.168.8.44




                                         ServerA
      Client1
                             ServerA is at
                               Where’s
           Client2           192.168.8.44
                               ServerA?
  What Is a DNS Zone?
                              Internet
                                                 “.”      DNS root domain


                                         .com
   microsoft.com
      domain
                                                              microsoft.com
                                                           www.microsoft.com
         microsoft.com zone
                                                            ftp.microsoft.com
                                                          example.microsoft.com
                                 Zone database

example.microsoft.com
                 zone

                                                       example.microsoft.com
                                                  www.example.microsoft.com
                              Zone database        ftp.example.microsoft.com
What Are the DNS Zone Types?


     Zones                 Description

 Primary       Read/write copy of a DNS database

 Secondary     Read-only copy of a DNS database

               Copy of a zone that contains only
 Stub
               records used to locate name servers
 Active
               Zone data is stored in Active
 Directory
               Directory rather than in zone files
 integrated
 What Are Forward and Reverse Lookup Zones?

                   Namespace: training.nwtraders.msft


                                                   DNS Client1    192.168.2.45
DNS Server Authorized   Forward
     for training                    Training      DNS Client2    192.168.2.46
                          zone
                                                   DNS Client3    192.168.2.47
                                                   192.168.2.45   DNS Client1
                        Reverse   2.168.192.in-
                                                   192.168.2.46   DNS Client2
                         zone       addr.arpa
                                                   192.168.2.47   DNS Client3


DNS Client2 = ?

             192.168.2.46 = ?


                                                DNS Client3

     DNS Client1
                                DNS Client2
  What Are Stub Zones?
    Without stub zones, the ny.na.contoso.com server must
    With a stub zone defined, the location of the
    query several servers is known server querying the
    na.fabrikam.com zone to find thewithout that hostsmultiple
    na.fabrikam.com zone
    DNS servers

                    DNS server

                                                                                         DNS server
                                     Contoso.com
                                    (Root domain)

                                                                               fabrikam.com
      DNS server                                           DNS server

                                                                                                   DNS server

                   na.contoso.com               sa.contoso.com

                                                                                        na.fabrikam.com
DNS server                                                            DNS server



       ny.na.contoso.com                                 rio.sa.contoso.com
DNS Zone Delegation




                       Contoso.msft




      Training.contoso.msft       Sales.contoso.msft
What Is a DNS Zone Transfer?


      A DNS zone transfer is the synchronization of
      authoritative DNS zone data between DNS servers




                   1   SOA query for a zone


                   2   SOA query answered


                   3   IXFR or AXFR query for a zone

                       IXFR or AXFR query answered
                   4
                            (zone transferred)
Secondary server                                       Primary and
                                                       Master server
How DNS Notify Works


     A DNS notify is an update to the original DNS
     protocol specification that permits notification to
     secondary servers when zone changes occur

                                  Resource record
                              1   is updated
Destination Server                                      Source Server
                                  SOA serial number
                              2   is updated


                        3   DNS notify

                            Zone transfer
                        4
  Secondary Server                                   Primary and
                                                    Master Server
Securing Zone Transfers


    • Restrict zone transfer to specified servers


    • Encrypt zone transfer traffic


    • Consider using Active Directory-integrated zones




         Primary Zone                 Secondary Zone
What Is Time to Live, Aging, and Scavenging?



     Feature                 Description
  Time to Live   Indicates how long a DNS record will
  (TTL)          remain valid
                 Occurs when records that have been
  Aging          inserted into the DNS server reach
                 their expiration and are removed
                 Performs DNS server resource record
  Scavenging
                 grooming for old records in DNS
Troubleshooting DNS
      Tool                        Used to:
 Nslookup         Troubleshoot DNS problems

 Dnscmd           Edit the DNS configuration

 Dnslint          Diagnose common DNS issues

  You can test the DNS server configuration by using:

   • A recursive query to ensure that the DNS server
     can communicate with the upstream DNS service

   • A simple query to ensure that the DNS service
     is answering

    • Monitor DNS events in the event log to:
       • Monitor zone transfer information
       • Monitor computer events
What is WINS and When Is WINS Required?

WINS resolves NetBIOS name (single label name) to
 ip address
WINS is required for the following reasons:
• Older versions of Microsoft operating systems rely on
 WINS for name resolution
• Some applications, typically older applications, rely
 on NetBIOS names
• When you need dynamic registration of single-label
 names
• If users rely on the Network Neighborhood or My
 Network Places network browser features
• If you are not using Windows Server 2008 as your
 DNS infrastructure
Overview of WINS Components



                                               WINS Server
                             Subnet 2              WINS
                                                  Database




                                 WINS Client

     Subnet 1



                WINS Proxy
WINS Client Registration and Release Process

                                                      Name Registered

                                                      Name Released




         WINS Client                    WINS Server


1 • WINS client sends request to register
  • WINS server returns registration message with TTL value,
    indicating when the registration expires


2 • WINS client sends request to release name
  • WINS server sends a positive name release response
WINS Server Name Resolution Process
                      Up to three attempts
                                                           WINS Server A

       Client                  1

                                             Subnet 2

           Subnet 1
                         2
                                               WINS Server B

                         3                      Subnet 2



  Client makes three attempts to contact WINS server,
1 but does not receive a response

2 Client attempts to contact all WINS servers until contact is made

3 If name is resolved, IP address is returned to the client
What Are NetBIOS Node Types?


 A NetBIOS node type determines the method that a
 computer uses to resolve a NetBIOS name


   Node                                            Registry
                       Description
   type                                             value
           Uses broadcasts for name registration
 B-node                                               1
           and resolution
           Uses a NetBIOS name server, such as
 P-node                                               2
           WINS, to resolve NetBIOS names
           Combines B-node and P-node, but
 M-node                                               4
           functions as a B-node by default
           Combines P-node and B-node, but
 H-node                                               8
           functions as a P-node by default
Compacting the WINS Database


   Compacting recovers unused space in a WINS database



Maintain WINS database integrity by using:

 • Dynamic compacting. Automatically occurs while the
   database is in use

 • Offline compacting. Administrator stops the WINS server
   and uses the Jetpack.exe command-line tool
What Is Push Replication?
 • A push partner notifies replication partners based on the number
   of changes in its database
 • Push replication maintains a high level of synchronization

      ServerA              4 Replicas sent
                           3 Replication sent
                           2 Notification request          ServerB


      Subnet 1         1
                                                          Subnet 2
                  50 changes occur
                     in database




  1 ServerA reaches set threshold of 50 changes in its database

  2 ServerA notifies ServerB that the threshold is reached

  3 ServerB responds to ServerA with a replication request

  4 ServerA sends replicas of its new database entries
What Is Pull Replication?

 • A pull partner requests replication based on a time interval
 • Pull replication limits frequency of replication traffic across
   slow links

                         1
                         2   Requests changes
                             Replicas sent
      ServerA                every eight hours                ServerB


       Subnet 1
                                                             Subnet 2




  1 ServerA requests database changes every 8 hours

  2 ServerB sends replicas of its new database entries
What Is Push/Pull Replication?


   Push/pull replication ensures that the databases on
   multiple WINS servers are nearly identical at any
   given time by:

    • Notifying replication partners whenever the
      database reaches a set threshold of changes


    • Requesting replication based on a set time
Name Resolution for a Single-Label Name

IPv6 does not support WINS

Windows Server 2008 introduces a new zone type for DNS
called GlobalNames Zone



• Resolves single-label names in the enterprise without
  using WINS

• Mitigates the management and maintenance of DNS suffix
  search lists


• Relies on static record creation


• Requires the zone be available on DNS servers throughout
  the forest
What Is the GlobalNames Zone?

The GlobalNames zone:

 • Enables Single-Label name resolution for IPV6
   enabled networks

 • Uses CNAME records to point to the FQDN of the computer
   that hosts the resource

 • Is recommended to be integrated in Active Directory
   with forest-wide replication


 • Can be a used as a method to decommission WINS servers


 • Requires no additional client configuration because the
   client resolves the name in standard DNS query form
Setup GlobalNames Zone

     Requires authoritative name servers running
    Windows Server 2008
     Configure forest-wide, Active Directory-integrated
    replication of the GlobalNames zone

             Functions of Content that point to FQDN records
  Create static CNAME records Advisor include:
  Disable dynamic updates on the GlobalNames zone
     Enable single-label GlobalNames zone support on all
    DNS servers that host the zone


 Use the following command to enable support for the GlobalNames
 zone on all DNS servers hosting the zone:
 dnscmd /config /EnableGlobalNamessupport 1

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/5/2013
language:Unknown
pages:35