module 2: configuring and troubleshooting dns

8/14/2019 Module 2: Configuring and Troubleshooting DNS

1/47


2/47

Module Overview

Installing the DNS Server Role

Configuring the DNS Server Role

Configuring DNS Zones

Configuring DNS Zone Transfers

Managing and Troubleshooting DNS


3/47

Lesson 1: Installing the DNS Server Role

Overview of the Domain Name System Role

Overview of the DNS Namespace

DNS Improvements for Windows Server 2008

Demonstration: Installing the DNS Server Role

Considerations for Deploying the DNS Server Role


4/47

Overview of the Domain Name System Role

Domain Name System is a hierarchical distributed database

Domain Name System is a hierarchical distributed database

DNS is the foundation of the Internet naming scheme

DNS supports accessing resources by usingalphanumeric names

InterNIC is responsible for managing thedomain namespace

DNS was created to support the Internets growingnumber of hosts


5/47

Overview of the DNS Namespace

Root DomainRoot Domain

SubdomainSubdomain

Second-LevelSecond-Level

DomainDomain

Top-Level DomainTop-Level Domain

FQDN:SERVER1.sales.south.nwtraders.com

south

south

nwtraders

nwtraders

com

com

sales

sales

west

west east

east

org

orgnet

net

Host: SERVER1


6/47

Notes Page Over-flow Slide. Do Not Print Slide.See Notes pane.


7/47

DNS Improvements for Windows Server 2008

New or enhanced features in the Windows Server 2008 version ofDNS include:

Background zone loading

IP version 6 support

Support for read-only domain controllers

Global single names


8/47

Demonstration: Installing the DNS Server Role

In this demonstration, you will see how to install the DNS

Server role


9/47

Considerations for Deploying theDNS Server Role

The user account must be a member of the localadministrators group or equivalent

Manually configuring the server to use a static IP addressis recommended

Manually editing the server and boot files is notrecommended

Use the DNS console or dnscmd

Active Directory-integrated DNS zones cannot beadministered using a text editor


10/47

Lesson 2: Configuring the DNS Server Role

What Are the Components of a DNS Solution?

DNS Resource Records

What Are Root Hints?

What Is a DNS Query?

What Are Recursive Queries?

What Are Iterative Queries?

What Is a Forwarder?

What Is Conditional Forwarding?

How DNS Server Caching Works

Demonstration: Configuring the DNS Server Role


11/47

What Are the Components of a DNS Solution?

DNS Servers on the InternetDNS ServersDNS Clients

Root .

.com

.eduResourceRecord

ResourceRecord


12/47

DNS resource records include:

SOA: Start of Authority

A: Host Record

CNAME: Alias Record

MX: Mail Exchange Record

SRV: Service Resources

NS: Name Servers

AAAA: IPv6 DNS Record

DNS Resource RecordsDNS Resource Records


13/47

What Are Root Hints?

Root hints contain the IP addresses for DNS root serversRoot hints contain the IP addresses for DNS root servers

microsoft

DNS Servers

DNS Server

Root (.) Servers

com

Client

Root Hints


14/47

What Is a DNS Query?

Queries are recursive or iterative

DNS clients and DNS servers both initiate queries

DNS servers are authoritative or nonauthoritative fora namespace

An authoritative DNS server for the namespace will either:

Return the requested IP address

Return an authoritative No

A nonauthoritative DNS server for the namespace will either:

Check its cache

Use forwarders

Use root hints

A queryis a request for name resolution and is directed to aDNS server

A queryis a request for name resolution and is directed to aDNS server


15/47

What Are Recursive Queries?

DNS Client

mail1.contoso.msft

172.16.64.11

A recursive queryis sent to a DNS server and requires acomplete answerA recursive queryis sent to a DNS server and requires acomplete answer

Database

Local DNS Server


16/47

What Are Iterative Queries?

An iterative query directed to a DNS server may be

answered with a referral to another DNS server

An iterative query directed to a DNS server may be

answered with a referral to another DNS server

Client Server

Local DNS ServerRoot Hint (.)

.com

Recursiv

eQuery

mail1

.nwtr

aders

.com

172

.16

.64

.11

Iterative Query

IterativeQuery

IterativeQuery

Ask .com

Asknwtraders.com

AuthoritativeResponse

Nwtraders.com


17/47

What Is a Forwarder?

A forwarderis a DNS server designated to resolve

external or offsite DNS domain names

A forwarderis a DNS server designated to resolve

external or offsite DNS domain names

Nwtraders.com

Root Hint (.)

.com

Iterative Query

IterativeQuery

IterativeQuery

Ask .com

Asknwtraders.com

AuthoritativeResponse

Forwarder

RecursiveQueryformail1.nwtraders.com

172.16.64.11

172

.16

.64

.11

Recu

rsiv

eQu

ery

Local DNS Server Client Server


18/47

ISP DNS

All other DNS domains

Local DNS

Contoso.msft DNS

contoso.msft

Qu

eryfo

r

www

.conto

so.msft

Conditional forwarding forwards requests using a domain

name condition

Conditional forwarding forwards requests using a domain

name condition

Client Computer

What Is Conditional Forwarding?


19/47

WheresServerA?

ServerA is at192.168.8.44

WheresServerA?

ServerA is at192.168.8.44

How DNS Server Caching Works

Client1

Client2

ServerA

DNS server cacheHost name IP address TTL

ServerA.contoso.msft 192.168.8.44 28 seconds


20/47

Demonstration: Configuring the DNS Server Role

In this demonstration, you will see how to:

Update root hints on a DNS server

Configure a DNS server to use a forwarder

Clear the DNS server cache by using the DNS console

Clear the DNS server cache by using the DNSCmdcommand


21/47

Lesson 3: Configuring DNS Zones

What Is a DNS Zone?

What Are the DNS Zone Types?

What Are Forward and Reverse Lookup Zones?

What are Stub Zones?

Demonstration: Creating Forward and Reverse LookupZones

DNS Zone Delegation


22/47

What Is a DNS Zone?

....

.com.com.com.com

microsoft.com zone

microsoft.comdomain

Internet

example.microsoft.comzone

DNS root domain

Zone database

Zone database

example.microsoft.com

www.example.microsoft.com

ftp.example.microsoft.com

Dele

gate

d

microsoft.com

www.microsoft.com

ftp.microsoft.com

example.microsoft.com

WWW

FTP

WWW.exampleFTP.example


23/47

What Are the DNS Zone Types?

Zones Description

Primary Read/write copy of a DNS database

Secondary Read-only copy of a DNS database

Stub Copy of a zone that contains onlyrecords used to locate name servers

Active Directoryintegrated

Zone data is stored in Active Directoryrather than in zone files


24/47

DNS Client2

DNS Client3

What Are Forward and Reverse Lookup Zones?

Namespace: training.nwtraders.msft

DNS Client1

DNS Server Authorizedfor training

Forward

zone

Training DNS Client1 192.168.2.45

DNS Client2 192.168.2.46

DNS Client3 192.168.2.47

Reversezone

1.168.192.in-

addr.arpa

192.168.2.45 DNS Client1

192.168.2.46 DNS Client2

192.168.2.47 DNS Client3

DNS Client2 = ?

192.168.2.46 = ?


25/47

With a stub zone defined, the location of the na.fabrikam.com zone

is known without querying multiple DNS servers

With a stub zone defined, the location of the na.fabrikam.com zone

is known without querying multiple DNS servers

Contoso.com(Root

domain)

na.contoso.com

sa.contoso.com

ny.na.contoso.com

rio.sa.contoso.com

DNS server

DNS server

DNS server

DNS server

DNS server

fabrikam.com

DNS server

DNS server

na.fabrikam.com

Stubzone:na.fabrikam.com

Stubzone:rio.sa.contoso.com

Without stub zones, the ny.na.contoso.com server must queryseveral servers to find the server that hosts the na.fabrikam.com

zone

Without stub zones, the ny.na.contoso.com server must queryseveral servers to find the server that hosts the na.fabrikam.com

zone

Contoso.com(Root

domain)

na.contoso.com

sa.contoso.com

ny.na.contoso.com

rio.sa.contoso.com

DNS server

DNS server

DNS server

DNS server

DNS server

fabrikam.com

DNS server

DNS server

na.fabrikam.com

What Are Stub Zones?

Demonstration: Creating Forward and Reverse


26/47

Demonstration: Creating Forward and ReverseLookup Zones


Create a forward lookup zone

Create a reverse lookup zone


27/47

DNS Zone Delegation

Training.contoso.msft Sales.contoso.msft

Contoso.msft


28/47

Lesson 4: Configuring DNS Zone Transfers

What Is a DNS Zone Transfer?

How DNS Notify Works

Securing Zone Transfers

Demonstration: Configuring DNS Zone Transfers


29/47

What Is a DNS Zone Transfer?

A DNS zone transferis the synchronization ofauthoritative DNS zone data between DNS servers

A DNS zone transferis the synchronization ofauthoritative DNS zone data between DNS servers

SOA query for a zone

SOA query answered

IXFR or AXFR query for a zone

IXFR or AXFR query answered

(zone transferred)

1

2

3

4

Secondary server Primary andMaster server


30/47

How DNS Notify Works

Secondary Server Primary andMaster Server

DNS notify

Zone transfer

A DNS notifyis an update to the original DNS protocolspecification that permits notification to secondaryservers when zone changes occurA DNS notifyis an update to the original DNS protocolspecification that permits notification to secondaryservers when zone changes occur

Source ServerDestination Server

1

2

3

4

Resource record isupdated

SOA serial number isupdated


31/47

Securing Zone Transfers

Primary Zone Secondary Zone

Encrypt zone transfer traffic

Consider using Active Directory-integrated zones

Restrict zone transfer to specified servers


32/47

Demonstration: Configuring DNS Zone Transfers


Configure DNS zone transfers

Configure a secondary zone


33/47

Lesson 5: Managing and Troubleshooting DNS

What Is Time to Live, Aging, and Scavenging?

Demonstration: Managing DNS Records

Testing the DNS Server Configuration

Tools That Identify Problems With DNS

Demonstration: Testing the DNS Server Configuration

Monitoring DNS Using the DNS Event Log and DebugLogging


34/47

What Is Time to Live, Aging, and Scavenging?

Feature Description

Time to Live(TTL)

Indicates how long a DNS record willremain valid

Aging Occurs when records that have beeninserted into the DNS server reachtheir expiration and are removed

Scavenging Performs DNS server resource recordgrooming for old records in DNS


35/47

Demonstration: Managing DNS Records


Configure TTL

Enable Scavenging

Configure Aging


36/47

Testing the DNS Server Configuration

You can test the DNS server configuration by using:

A simple query to ensure that the DNS serviceis answering

A recursive query to ensure that the DNS servercan communicate with the upstream DNS service


37/47

Tools That Identify Problems With DNS

Tool Used to:

Nslookup Troubleshoot DNS problems

Dnscmd Edit the DNS configuration

Dnslint Diagnose common DNS issues

Demonstration: Testing the DNS Server


38/47

Demonstration: Testing the DNS ServerConfiguration

In this demonstration, you will see how to test the DNS

server configuration by using:

Simple queries

Recursive queries

Nslookup Dnscmd

Dnslint

Monitoring DNS Using the DNS Event Log and


39/47

Monitoring DNS Using the DNS Event Log andDebug Logging

Monitor DNS events in the event log to:

Monitor zone transfer information

Monitor computer events

Enable DNS debug logging to view granularverbose information about DNS activities


40/47

Lab: Configuring and Verifying a DNS Solution

Exercise 1: Configuring a DNS Infrastructure

Exercise 2: Monitoring and Troubleshooting DNS

Logon information

Virtual machines NYC-DC1, NYC-SVR1

User name AdministratorPassword Pa$$w0rd

Estimated time: 60 minutes

Notes Page Over-flow Slide. Do Not Print Slide.


41/47

gSee Notes pane.


42/47

Lab Review

When you added a DNS zone on NYC-DC1, why were youable to choose Active Directory-integrated zones?

What type of DNS zone transfer would take place betweenNYC-SRV1 and NYC-DC1?

When using NS lookup, what record type would you use tofind a mail server? How would you configure NS lookup to

request this record type? When using Dnslint to verify name server records, you ranthe DNSLint command to generate a DNSLint report forthe nwtraders.msft domain and used the /s switch. Whywas it important to use this switch?


43/47

Module Review and Takeaways

Review Questions

Common Issues and Troubleshooting Tips

Real-world Issues and Scenarios

Best Practices

The DNS Console

Command-line Tools

Monitoring Tools



44/47

gSee Notes pane.



45/47

gSee Notes pane.



46/47

gSee Notes pane.



47/47

gSee Notes pane.

module 2: configuring and troubleshooting dns

Documents