550 likes | 554 Vues
Chapter 6. Domain Name System. Objectives. Describe the functions of the Domain Name System Install DNS Explain the function of DNS zones Configure a caching-only server to speed hostname resolution Integrate Active Directory and DNS, including Dynamic DNS Configure and manage a DNS server
E N D
Chapter 6 Domain Name System
Objectives • Describe the functions of the Domain Name System • Install DNS • Explain the function of DNS zones • Configure a caching-only server to speed hostname resolution • Integrate Active Directory and DNS, including Dynamic DNS • Configure and manage a DNS server • Manage DNS zones • Troubleshoot DNS
Functions of the Domain Name System • Domain Name System (DNS) • Essential service for a network that uses Active Directory • Has the ability to store DNS information in Active Directory • Once DNS information is stored in Active Directory, it is automatically replicated to all domain controllers • Storing DNS data in Active Directory allows security control for Dynamic DNS
Functions of the Domain Name System (Continued) • Used internally to resolve hostnames to IP addresses • Can be integrated with the worldwide system for resolving hostnames to IP addresses • Can be used as a repository for service information and perform reverse lookups to convert IP addresses to host names
Hostname Resolution • Windows Sockets (WinSock) and NetBIOS • Two standard methods Windows applications can use to access network resources • Name accessed through WinSock is known as a hostname • Steps followed to resolve hostnames • Hostname • Server first checks if hostname being resolved is its own • If it is, then it uses its own IP address and resolution process stops
Hostname Resolution (Continued) • Steps (Continued) • Hosts file is loaded into cache • HOSTS file is used to list hostnames and IP addresses for resolution • Contents of the HOSTS file are placed in DNS cache • DNS cache • Contents are evaluated • If hostname being resolved is in DNS cache, then IP address in the cache is used • DNS • If required hostname is not the hostname of this server and has not been found in DNS cache, then Windows Server 2003 submits a request to a DNS server for resolution
HOSTS File • Simple text file that stores hostname information • Must be located in C:\WINDOWS\system32\drivers\etc • Contents are a list of IP addresses and hostnames
Forward Lookup • Resolves hostnames to IP addresses • Two-packet process • First packet is request from DNS client to DNS server containing hostname to be resolved • Second packet is response from server containing the IP address of requested hostname
Forward Lookup (Continued) • Root servers • 13 root serversthat control overall DNS lookup process • ICANN DNS Root Server System Advisory Committee is main body responsible for maintenance • If servers become unavailable, much of the Internet would be inaccessible • Recursive lookup • DNS query that is resolved through other DNS servers until requested information is located
Registering a Domain • Top-level domain names • Organized by either country or category • Category names defined by the Internet Corporation for Assigned Names and Numbers (ICANN) • To merge with worldwide DNS lookup system you must register your domain name with a registrar • Registrars • Have ability to put domain information into top-level domain DNS servers
Reverse Lookup • Resolves IP addresses to hostnames • Often performed for the system logs of Internet services • Web server can be configured to perform reverse lookup of all clients accessing a Web site • Reverse lookup DNS information maintained by ISP
DNS Record Types • Created on a DNS server to resolve queries • Each type of record holds different information about • A service • Hostname • IP address • Domain • DNS has ability to hold many different record types
Domain Name System (DNS) and Berkeley Internet Name Domain (BIND) • BIND • The de facto standard for DNS implementation on UNIX and Linux systems • Other implementations of DNS reference BIND version numbers for feature compatibility
Installing DNS • Windows Server 2003 has the ability to act as a DNS server • Small organizations • During installation of Active Directory, if no DNS server has been configured for the domain, DCPROMO asks whether it should install DNS • Large organizations • DNS is often installed on multiple servers
DNS Zones • The part of a DNS namespace for which a DNS server is responsible • Forward lookup zone • A zone that holds records for forward lookups • Reverse lookup zone • A zone that holds records for reverse lookups
Primary and Secondary Zones • Used to automatically synchronize DNS information between DNS servers • Primary zone • First to be created • DNS records created here • Secondary zone • Takes copies of primary zone information • Cannot be copied
Primary and Secondary Zones (Continued) • For fault tolerance and to reduce network traffic • Keep copies of DNS domain information on more than one server • Servers must automatically synchronize information between them • Zone Transfer • Moving information from primary zone to secondary zone • Incremental Zone Transfer • Copies information that has changed from the primary zone
Active Directory Integrated Zone • Stores information in Active Directory rather than in a file on the local hard drive • Advantages of Storing DNS information in Active Directory • Automatic backup of zone information • Multimaster replication • Increased security
DNS Zone Storage in Active Directory • Two areas DNS zones can be stored in Active Directory • Domain directory partition • Holds information about objects specific to a particular Active Directory domain • Replicated to all domain controllers in an Active Directory domain • Cannot be replicated to domain controllers in other Active Directory domains
DNS Zone Storage in Active Directory (Continued) • Application directory partition • Allows information to be stored in Active Directory but be replicated only among a defined set of domain controllers • Domain must be in the same Active Directory forest but can be in different Active Directory domains
Storing a zone on all DNS servers in an Active Directory forest
Merging Active Directory Integrated Zones with Traditional DNS • Active Directory integrated zones • Interact with traditional zones by acting as a primary zone to traditional secondary zones • Situations where a DNS server cannot participate in an Active Directory integrated zone • DNS server is pre-Windows 2000 • DNS server is Windows 2000 and Active Directory integrated zone is stored in an application directory partition • DNS server is a non-Windows server • DNS server is a member server, but not a domain controller • DNS server is in a different forest
Stub Zones • A DNS zone that holds only NS records for a domain • NS records • Define the name servers that are responsible for a domain
Caching-only Server • Does not have zones configured on it • Exists only to be a local DNS server for client computers • On very slow WAN links • Caching-only servers may create less network traffic than storing Active Directory integrated zones or secondary zones locally • To create a caching-only server • Install the DNS Service and do not create any zones
Active Directory and DNS • Active Directory requires DNS to function properly • Most important function DNS performs for Active Directory is locating services
Active Directory and DNS (Continued) • Dynamic DNS • Used to simplify management of DNS records for Active Directory • System in which records can be updated on a DNS server automatically • Defined by RFC 2136 • Service records for domain controllers are placed in DNS zone using Dynamic DNS • Windows 2000/XP clients perform their own Dynamic DNS updates
Configuring a Zone for Dynamic DNS • Can be done during creation process or by modifying properties of the zone after configuration • “Allow only secure dynamic updates” option • Available only if the zone is Active Directory integrated • “Allow only dynamic updates” option • If selected, then any client can update records • Do not allow dynamic updates option • Stops this zone from accepting dynamic updates
Dynamic update options when creating an Active Directory integrated zone
Managing DNS Servers • Aging and Scavenging • New feature of DNS in Windows Server 2003 • Allows DNS records created by Dynamic DNS to be removed after a certain period of time if they have not been updated • Must be enabled on the Advanced tab of the DNS server properties
Managing DNS Servers (Continued) • Update Server Data Files • Option is available when you right-click on the server • Clear Cache • DNS server automatically caches all lookups that it performs • Must clear cache to force a DNS server to perform a new lookup before the record times out
Managing DNS Servers (Continued) • Configure Bindings • You can configure DNS to only respond on certain IP addresses that are bound to server • Forwarding • Allows you to configure local DNS server to forward queries from clients to another DNS server
Root Hints • Servers used to perform recursive lookups • Root Hints tab • Automatically populated with names and IP addresses of DNS root servers on the Internet • Possible to configure one of your internal DNS servers to act as a root server • Create a forward lookup zone named “.” • DNS server with zone named “.” is considered a root server
Logging • Event logging • Records errors, warnings, and information to event log • Debug logging • Records packet-by-packet information about queries the DNS server is receiving • Can reduce information recorded by specifying • Packet direction • Transport protocol • Packet contents • Packet type
Advanced Options • Configurable options on Advanced tab of server properties • Disable recursion (also disables forwarders) • BIND secondaries • Fail on load if bad zone data • Enable round robin • Enable netmask ordering • Secure cache against pollution
Managing Zones • Options that can be configured for a zone • Reload zone information • Create a new delegation • Change the type of zone and replication • Configure aging and scavenging • Modify the Start of Authority (SOA) record • Name servers • Enable WINS resolution • Enable zone transfers • Configure security
Troubleshooting DNS • Most DNS problems are a result of incorrectly configured DNS records • Iterative query • DNS server looks only in the zones for which it is responsible • NSLOOKUP • Queries DNS records • Allows you to confirm that each DNS server is configured with the correct information • Can be used from a command prompt to resolve hostnames • Most powerful in interactive mode