Chapter 2 Configuring and Troubleshooting DNS

Chapter 2 Configuring and Troubleshooting DNS12.1 Installing the DNS Server RoleOverview of the Domain Name System RoleOverview of the DNS NamespaceDNS Improvements for Windows Server 2008Considerations for Deploying the DNS Server Role2Overview of the Domain Name System roleDomain Name System (DNS) is a name-resolution service that resolves names to numbersDNS is a hierarchical distributed database, this means that the database is separated logically, allowing many different servers to host the worldwide database of DNS namesDNS is a system for naming computers and network services that is organized into a hierarchy of domainsDNS is the foundation of the Internet naming schemeDNS supports accessing resources by using alphanumeric namesInterNIC & MyNIC are responsible for managing the domain namespaceDNS was created to support the Internets growing number of hosts3Overview of the DNS NamespaceThe DNS Namespace facilitates how a DNS client locates a computerIt is organized hierarchically or in layers to distribute information across many servers

4

5DNS Improvements for Windows Server 2008New or enhanced features in the Windows Server 2008 version of DNS include:Background zone loadingIP version 6 supportSupport for read-only domain controllerGlobal single names6Considerations for Deploying the DNS Server RoleThe DNS Server role is critical in the configuration of Active Directory and Windows Network infrastructureWhen planning to deploy DNS, there are several considerations that need to be reviewed:Server capacity planningWhere to place DNS serversService availability

72.2 Configuring the DNS Server RoleWhat are the components of a DNS solutionsDNS Resource RecordsWhat are Root HintsWhat is a DNS QueryWhat are Recursive QueriesWhat are Iterative QueriesWhat is a ForwarderWhat is Conditional ForwardingHow DNS Sever Caching works8What are the components of a DNS solutionThe components of a DNS solution include DNS servers, DNS servers on the Internet, and DNS clients9

10DNS Resource RecordsDNS resource records include :SOA: Start of AuthorityA: Host recordCNAME: Alias recordMX: Mail Exchange recordSRV: Service resourcesNS: Name ServersAAAA: IPv6 DNS record

11What are Root HintsRoot Hints contain the IP addresses for DNS root serversRoot Hints are the list of 13 servers on the Internet that the Internet Assigned Numbers Authority (IANA) maintains and that the DNS server uses if it cannot resolve a DNS query by using DNS forwarder or its own cacheThe Root Hints are the highest servers in the DNS hierarchy and can provide the necessary information for a DNS server to perform an iterative query to the next lowest layer of the DNS namespace12

13What is a DNS QueryA query is a request for name resolution and is directed to a DNS serverQueries are recursive or iterativeDNS clients and DNS servers both initiate queriesDNS servers are authoritative or nonauthoritative for a namespaceAn authoritative DNS server for the namespace will either:Return the requested IP addressReturn an authoritative NoA nonauthoritative DNS server for the namespace will either:Check its cacheUse forwardersUse root hints

14What are Recursive QueriesA recursive query is sent to a DNS server and requires a complete answerA recursive query can have 2 possible results:It returns the IP address of the host requestedThe DNS server cannot resolve an addressFor security reasons, it sometimes is necessary to disable recursive queries on a DNS server15

16What are Iterative QueriesAn iterative query directed to a DNS server may be answered with a referral to another DNS serverIterative queries provide a mechanism for accessing domain name information that resides across the DNS system, and enable servers to quickly and efficiently resolve names across many servers17

18What is a ForwarderA forwarder is a DNS server designated to resolve external or offsite DNS domain namesA forwarder is a network DNS server that forwards DNS queries for external DNS names to DNS servers outside that network

19

20What is Conditional ForwardingConditional forwarding forwards requests using a domain name conditionConditional forwarding forwarder is a DNS server on a network that forwards DNS queries according to the querys DNS domain name21

22How DNS Server Caching worksDNS caching increases the performance of the organizations DNS system by decreasing the time it takes to provide DNS lookupsWhen a DNS server resolves a DNS name successfully, it adds the name to its cacheOver time, this builds a cache of domain names and their associates IP addresses for the most common domains that the organization uses or accesses232.3 Configuring DNS ZonesWhat is a DNS ZoneWhat are the DNS Zone typesWhat are Forward and Reverse Lookup ZonesWhat are Stub ZonesDNS Zone Delegation

24What is a DNS ZoneA DNS zone hosts all or a portion of a domain and its subdomains

25What are the DNS Zone TypesZonesDescriptionPrimaryRead/write copy of a DNS databaseSecondaryRead-only copy of a DNS databaseStubCopy of a zone that contains only records used to locate name serversActive Directory integratedZone data is stored in Active Directory rather than in zone files26What are Forward and Reverse Lookup ZonesThe forward lookup zone resolves host names to IP addresses and hosts the common resources records: A, CNAMES, SRV, MX, SOA and NSThe reverse lookup zone resolves an IP address to a domain name and hosts SOA, NS and PTR records27

28What are Stub ZonesA stub zone is a copy of a zone that contains only those resource records necessary to identify that zones authoritative DNS serversA stub zone resolves names between separate DNS namespaces, which may be necessary when a corporate merger requires that the DNS servers for 2 separate DNS namespaces resolve names for clients in both namespaces29

30DNS Zone DelegationDNS is a hierarchical system and zone delegation connects the DNS layers togetherA zone delegation points to the next hierarchical level down and identifies the name servers responsible for lower-level domain31

322.4 Configuring DNS Zone TransferWhat is a DNS Zone TransferHow DNS Notify worksSecuring Zone Transfers

33What is a DNS Zone TransferA DNS zone transfer is the synchronization of authoritative DNS zone data between DNS serversA zone transfer occur when you transfer the DNS zone that is on one server to another DNS serverZone transfer synchronize primary and secondary DNS server zones.Discrepancies in primary and secondary zones can cause service outages and host names that are resolved incorrectly34

35How DNS Notify worksA DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occurThis is useful in a time-sensitive environment, where data accuracy is important36

37Securing Zone TransfersZone information provides organizational data, so you should take precautions to ensure it is secure from malicious access and that it cannot be overwritten with bad data (known as DNS poisoning)One way in which you can protect the DNS infrastructure is to secure the zone transfers and use secure dynamic updates382.5 Managing and Troubleshooting DNSWhat is Time to Live, Aging and ScavengingDemonstration: Managing DNS RecordsTesting the DNS server configurationTools that identify problems with DNSMonitoring DNS using the DNS Event Log and Debug Logging39What is Time to Live, Aging and ScavengingFeaturesDescriptionTime to Live (TTL)Indicates how long a DNS record will remain validAgingOccurs when records that have been inserted into the DNS server reach their expiration and are removedScavengingPerforms DNS server resource record grooming for old records in DNS40Testing the DNS Server ConfigurationYou can test the DNS server configuration by using:A simple query to ensure that the DNS service is answeringA recursive query to ensure that the DNS server can communicate with the upstream DNS service41Tools that Identify Problems with DNSIssues can occur when you do not configure the DNS server and its zones and resource records properlyWhen resource records are causing issues, it can sometimes be more difficult to identify the issue because configuration problems are not always obvious

ToolUsed to:NslookupTroubleshoot DNS problemsDnscmdEdit the DNS configurationDnslintDiagnose common DNS issues42Monitoring DNS using the DNS Event Log and Debug LoggingMonitor DNS events in the event log to:Monitor zone transfer informationMonitor computer eventsEnable DNS debug logging to view granular verbose information about DNS activities

43End of Chapter 244