fully qualified domain names fqdns. dns database a distributed, hierarchical database resolves fully...
TRANSCRIPT
Fully Qualified Domain Names
FQDNs
DNS Database
• A distributed, hierarchical database • Resolves Fully Qualified Domain Names
(FQDNs) to IP addresses–Distributed: Each DNS server is responsible
(authoritative) for only part of the DNS database–Hierarchical: Organized in levels
FQDNsClient1.tech.sales.Company.com.
Host .(root)TopLevel
2nd LevelSub-domain
• FQDNs: The name of the host (the device assigned an IP address) and its location in the DNS “tree”
• Includes the name of the host and all DNS domains back to the .(root)
FQDNs ContinuedClient1.tech.sales.Company.com.
Host .(root)TopLevel
2nd LevelSub-domain
• Name on the far left is the host• The period (.) on the far right represents the
.(root) of the DNS “tree”
Tips
• A DNS domain is a section of the DNS “tree.”• Do not confuse with an Active Directory
domain which is container in AD.• Example: Company.com might be one AD
domain but it would be two DNS domains.
Recap
• FQDN is the name of the host and its position in DNS tree
• Host name on the far left• .(root) server on the right• Every time you cross a period, it’s a different
DNS domain
Client Name Resolution
Client Name Resolution
1. Cache2. DNS Server
www.yahoo.com
Name Resolution Continued
• Client checks to see if there is an entry in its DNS cache–View the DNS cache: ipconfig /displaydns–Clear the DNS cache: ipconfig /flushdns
DNS Cache
DNS Cache Continued
Hosts File
• All Windows clients have a Hosts file.• Located in the “c:\windows\system32\drivers\
etc” folder• Should only be edited with Notepad• Entries in the Hosts file pre-populate the
client DNS cache
Hosts File Continued
Hosts File Continued
Tips
• To save changes to Hosts file, open in an elevated copy of Notepad
• If you flush the DNS cache and an entry remains, check the Hosts file
Tips Continued• Any time a client needs a different IP for a host
than all other clients, use the Hosts file.DNS Server Intranet.Company.com
192.168.1.10
Intranet.Company.com
192.168.2.10
Production Network
Development Network
Name Resolution Continued
• FQDN not in client cache, client forwards query to primary DNS server
• Client only contacts secondary DNS server if no response from primary
Recap
• Clients check their cache before querying DNS• If a client needs a different “answer” than
contained in DNS, use the Hosts file
Server Name Resolution
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative
DNS Server Name Resolution
1. DNS server checks its cache– To clear the DNS server cache use
dnscmd /clearcache2. DNS server determines if it is authoritative
for DNS domain–Authoritative servers host the records for
the domain
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative3. Conditional Forwarding
Name Resolution Continued
3. DNS server checks for Conditional Forwarding –DNS forward request if it matches a
condition, ie: a particular domain name– Example: forward all queries for
Microsoft.com to IP address 12.34.56.78
Note: Conditional Forwarding will be covered more in-depth later.
Conditional Forwarding
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative3. Conditional Forwarding4. Forwarding
Name Resolution Continued
4. DNS server checks for Forwarding– Forwards all requests for which server is
not authoritative to another DNS server– This may be done for:• Security • Server is a caching only server: Not
authoritative for any domains
Forwarding Continued
Internal NetworkInternet
DMZ
Forwarding Continued
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative3. Conditional Forwarding4. Forwarding5. Root Hints
.(root)
Name Resolution Continued
5. DNS server uses Root Hints– “Root Hints” tab contains names and IP
addresses of all.(root) servers
Note: Visit www.root-servers.org for a list and map of all .(root) servers.
Root Hints
.(root) Servers• .(root) servers are authoritative for the .(root)
domain.
Tips• When a DNS server has a .(root) zone
“Forwarders” and “Root Hints” are disabled.
Tips Continued
• If server hosts a .(root) zone: – “Forwarders” and “Root Hints” disabled– Server will not be able to resolve
Internet names –Delete the .(root) zone to resolve names on
the Internet
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative3. Conditional Forwarding4. Forwarding5. Root Hints
.(root)
Name Resolution Continued
• .(root) servers have delegations for top level domains
• Delegations identify name and IP address of authoritative DNS server for sub-domain
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
1. Cache2. Authoritative3. Conditional Forwarding4. Forwarding5. Root Hints
.(root).com IN NS dns.comdns.com IN A 34.56.78.90
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
.(root)
yahoo.com IN NS dns.yahoo.comdns.yahoo.com IN A 56.12.34.78
dns.com
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
.(root)
yahoo.com IN NS dns.yahoo.comdns.yahoo.com IN A 56.12.34.78
dns.com
dns.yahoo.com
www.yahoo.com IN A 56.12.34.78
Name Resolution Continued
1. Cache2. DNS Server
www.yahoo.com
.(root)
yahoo.com IN NS dns.yahoo.comdns.yahoo.com IN A 56.12.34.78
dns.com
dns.yahoo.com
www.yahoo.com IN A 56.12.34.78
56.12.34.78
Name Resolution Continued
• DNS server obtains the IP address and stores it in server cache
• Forwards IP to client• Client stores it in client cache• Client initiates contact using IP address
Tips
• Hosts only communicate using IP addresses• DNS only matches host names to IP addresses;
it is not used in the actual communication• If you can ping a computer by IP address but
not by name, the problem is DNS
Recap
• Servers resolve names by:1. Cache2. Authoritative3. Conditional Forwarding4. Forwarding5. Root Hints
Recap Continued
• For Internet resolution: use Forwarding or Root Hints– Internet name resolution not working,
check for and delete .(root) zone• DNS servers have delegations used to locate
authoritative servers lower in the database
Conditional Forwarding and Stub Zones
Name Resolution Continued
Corp.Company.com Int.Partner.com
Corp.Company.com and Int.Partner.com are not resolvable from the Internet.
After a company merger, clients in each forest must be able to resolve names in the other forest.
Name Resolution Continued
Corp.Company.com Int.Partner.com
Since the domains are not resolvable using Root Hints, the DNS servers in each forest must be configured to directly contact the DNS servers in the other forest.
Name Resolution Continued
In a complicated forest, DNS resolution can become challenging.Suppose clients in C.B.A needed to resolve names for resources in E.D.A.
C.B.A
B.A
A
D.A
E.D.A
Name Resolution Continued
A
B.A
C.B.A
D.A
E.D.A
Name Resolution Continued
A
B.A
C.B.A
D.A
E.D.A
Name Resolution Continued
A
B.A
C.B.A
D.A
E.D.A
Name Resolution Continued
C.B.A
B.A
A
D.A
E.D.A
It would be faster if DNS servers in C.B.A could send requests right to the DNS servers in E.D.A.
Stub Zone
• Copy of the zone that contains only DNS server records
Conditional Forwarding
• Pro: does not require permission.• Pro: no transfer of records.• Con: static.
Stub Zones• Con: does require permission.• Con: some transfer of records.• Pro: dynamic.
Recap
• Conditional Forwarding/Stub Zones used to:–Resolve domains not available
through .(root)– Speed up internal name resolution in
complex AD• Conditional Forwarding (+no permission, +no
transfer of records, -static)• Stub zones (-needs permission, -minimal
transfer of records, +dynamic)