1 / 55

Chapter 6

Chapter 6. Domain Name System. Objectives. Describe the functions of the Domain Name System Install DNS Explain the function of DNS zones Configure a caching-only server to speed hostname resolution Integrate Active Directory and DNS, including Dynamic DNS Configure and manage a DNS server

kerrye
Télécharger la présentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 Domain Name System

  2. Objectives • Describe the functions of the Domain Name System • Install DNS • Explain the function of DNS zones • Configure a caching-only server to speed hostname resolution • Integrate Active Directory and DNS, including Dynamic DNS • Configure and manage a DNS server • Manage DNS zones • Troubleshoot DNS

  3. Functions of the Domain Name System • Domain Name System (DNS) • Essential service for a network that uses Active Directory • Has the ability to store DNS information in Active Directory • Once DNS information is stored in Active Directory, it is automatically replicated to all domain controllers • Storing DNS data in Active Directory allows security control for Dynamic DNS

  4. Functions of the Domain Name System (Continued) • Used internally to resolve hostnames to IP addresses • Can be integrated with the worldwide system for resolving hostnames to IP addresses • Can be used as a repository for service information and perform reverse lookups to convert IP addresses to host names

  5. Hostname Resolution • Windows Sockets (WinSock) and NetBIOS • Two standard methods Windows applications can use to access network resources • Name accessed through WinSock is known as a hostname • Steps followed to resolve hostnames • Hostname • Server first checks if hostname being resolved is its own • If it is, then it uses its own IP address and resolution process stops

  6. Hostname Resolution (Continued) • Steps (Continued) • Hosts file is loaded into cache • HOSTS file is used to list hostnames and IP addresses for resolution • Contents of the HOSTS file are placed in DNS cache • DNS cache • Contents are evaluated • If hostname being resolved is in DNS cache, then IP address in the cache is used • DNS • If required hostname is not the hostname of this server and has not been found in DNS cache, then Windows Server 2003 submits a request to a DNS server for resolution

  7. HOSTS File • Simple text file that stores hostname information • Must be located in C:\WINDOWS\system32\drivers\etc • Contents are a list of IP addresses and hostnames

  8. HOSTS file

  9. Forward Lookup • Resolves hostnames to IP addresses • Two-packet process • First packet is request from DNS client to DNS server containing hostname to be resolved • Second packet is response from server containing the IP address of requested hostname

  10. Forward Lookup (Continued) • Root servers • 13 root serversthat control overall DNS lookup process • ICANN DNS Root Server System Advisory Committee is main body responsible for maintenance • If servers become unavailable, much of the Internet would be inaccessible • Recursive lookup • DNS query that is resolved through other DNS servers until requested information is located

  11. DNS Lookup Process

  12. Registering a Domain • Top-level domain names • Organized by either country or category • Category names defined by the Internet Corporation for Assigned Names and Numbers (ICANN) • To merge with worldwide DNS lookup system you must register your domain name with a registrar • Registrars • Have ability to put domain information into top-level domain DNS servers

  13. Top-level domains

  14. Reverse Lookup • Resolves IP addresses to hostnames • Often performed for the system logs of Internet services • Web server can be configured to perform reverse lookup of all clients accessing a Web site • Reverse lookup DNS information maintained by ISP

  15. DNS Record Types • Created on a DNS server to resolve queries • Each type of record holds different information about • A service • Hostname • IP address • Domain • DNS has ability to hold many different record types

  16. DNS records types

  17. Domain Name System (DNS) and Berkeley Internet Name Domain (BIND) • BIND • The de facto standard for DNS implementation on UNIX and Linux systems • Other implementations of DNS reference BIND version numbers for feature compatibility

  18. BIND versions and features

  19. Installing DNS • Windows Server 2003 has the ability to act as a DNS server • Small organizations • During installation of Active Directory, if no DNS server has been configured for the domain, DCPROMO asks whether it should install DNS • Large organizations • DNS is often installed on multiple servers

  20. DNS Zones • The part of a DNS namespace for which a DNS server is responsible • Forward lookup zone • A zone that holds records for forward lookups • Reverse lookup zone • A zone that holds records for reverse lookups

  21. Primary and Secondary Zones • Used to automatically synchronize DNS information between DNS servers • Primary zone • First to be created • DNS records created here • Secondary zone • Takes copies of primary zone information • Cannot be copied

  22. Primary and Secondary Zones (Continued) • For fault tolerance and to reduce network traffic • Keep copies of DNS domain information on more than one server • Servers must automatically synchronize information between them • Zone Transfer • Moving information from primary zone to secondary zone • Incremental Zone Transfer • Copies information that has changed from the primary zone

  23. Active Directory Integrated Zone • Stores information in Active Directory rather than in a file on the local hard drive • Advantages of Storing DNS information in Active Directory • Automatic backup of zone information • Multimaster replication • Increased security

  24. DNS Zone Storage in Active Directory • Two areas DNS zones can be stored in Active Directory • Domain directory partition • Holds information about objects specific to a particular Active Directory domain • Replicated to all domain controllers in an Active Directory domain • Cannot be replicated to domain controllers in other Active Directory domains

  25. DNS Zone Storage in Active Directory (Continued) • Application directory partition • Allows information to be stored in Active Directory but be replicated only among a defined set of domain controllers • Domain must be in the same Active Directory forest but can be in different Active Directory domains

  26. Storing a zone in the domain directory partition

  27. Storing a zone on all DNS servers in an Active Directory forest

  28. Merging Active Directory Integrated Zones with Traditional DNS • Active Directory integrated zones • Interact with traditional zones by acting as a primary zone to traditional secondary zones • Situations where a DNS server cannot participate in an Active Directory integrated zone • DNS server is pre-Windows 2000 • DNS server is Windows 2000 and Active Directory integrated zone is stored in an application directory partition • DNS server is a non-Windows server • DNS server is a member server, but not a domain controller • DNS server is in a different forest

  29. Stub Zones • A DNS zone that holds only NS records for a domain • NS records • Define the name servers that are responsible for a domain

  30. DNS lookup using a stub zone

  31. Caching-only Server • Does not have zones configured on it • Exists only to be a local DNS server for client computers • On very slow WAN links • Caching-only servers may create less network traffic than storing Active Directory integrated zones or secondary zones locally • To create a caching-only server • Install the DNS Service and do not create any zones

  32. Active Directory and DNS • Active Directory requires DNS to function properly • Most important function DNS performs for Active Directory is locating services

  33. Active Directory and DNS (Continued) • Dynamic DNS • Used to simplify management of DNS records for Active Directory • System in which records can be updated on a DNS server automatically • Defined by RFC 2136 • Service records for domain controllers are placed in DNS zone using Dynamic DNS • Windows 2000/XP clients perform their own Dynamic DNS updates

  34. DNS records for Active Directory

  35. Configuring a Zone for Dynamic DNS • Can be done during creation process or by modifying properties of the zone after configuration • “Allow only secure dynamic updates” option • Available only if the zone is Active Directory integrated • “Allow only dynamic updates” option • If selected, then any client can update records • Do not allow dynamic updates option • Stops this zone from accepting dynamic updates

  36. Dynamic update options when creating an Active Directory integrated zone

  37. Changing the dynamic update option

  38. Managing DNS Servers • Aging and Scavenging • New feature of DNS in Windows Server 2003 • Allows DNS records created by Dynamic DNS to be removed after a certain period of time if they have not been updated • Must be enabled on the Advanced tab of the DNS server properties

  39. Managing DNS Servers (Continued) • Update Server Data Files • Option is available when you right-click on the server • Clear Cache • DNS server automatically caches all lookups that it performs • Must clear cache to force a DNS server to perform a new lookup before the record times out

  40. Managing DNS Servers (Continued) • Configure Bindings • You can configure DNS to only respond on certain IP addresses that are bound to server • Forwarding • Allows you to configure local DNS server to forward queries from clients to another DNS server

  41. The DNS Server Properties Interfaces Tab

  42. Root Hints • Servers used to perform recursive lookups • Root Hints tab • Automatically populated with names and IP addresses of DNS root servers on the Internet • Possible to configure one of your internal DNS servers to act as a root server • Create a forward lookup zone named “.” • DNS server with zone named “.” is considered a root server

  43. The DNS Server Properties Forwarders tab

  44. The DNS Server Properties Root Hints Tab

  45. Logging • Event logging • Records errors, warnings, and information to event log • Debug logging • Records packet-by-packet information about queries the DNS server is receiving • Can reduce information recorded by specifying • Packet direction • Transport protocol • Packet contents • Packet type

  46. DNS Server Properties Event Logging Tab

  47. Advanced Options • Configurable options on Advanced tab of server properties • Disable recursion (also disables forwarders) • BIND secondaries • Fail on load if bad zone data • Enable round robin • Enable netmask ordering • Secure cache against pollution

  48. The DNS Server Properties Advanced Tab

  49. Managing Zones • Options that can be configured for a zone • Reload zone information • Create a new delegation • Change the type of zone and replication • Configure aging and scavenging • Modify the Start of Authority (SOA) record • Name servers • Enable WINS resolution • Enable zone transfers • Configure security

  50. Troubleshooting DNS • Most DNS problems are a result of incorrectly configured DNS records • Iterative query • DNS server looks only in the zones for which it is responsible • NSLOOKUP • Queries DNS records • Allows you to confirm that each DNS server is configured with the correct information • Can be used from a command prompt to resolve hostnames • Most powerful in interactive mode

More Related