1 / 41

Module 2: Configuring and Troubleshooting DNS

Module 2: Configuring and Troubleshooting DNS. Module Overview. Installing the DNS Server Role Configuring the DNS Server Role Configuring DNS Zones Configuring DNS Zone Transfers Managing and Troubleshooting DNS. Lesson 1: Installing the DNS Server Role.

maddox
Télécharger la présentation

Module 2: Configuring and Troubleshooting DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 2: Configuring and Troubleshooting DNS

  2. Module Overview • Installing the DNS Server Role • Configuring the DNS Server Role • Configuring DNS Zones • Configuring DNS Zone Transfers • Managing and Troubleshooting DNS

  3. Lesson 1: Installing the DNS Server Role • Overview of the Domain Name System Role • Overview of the DNS Namespace • DNS Improvements for Windows Server 2008 • Demonstration: Installing the DNS Server Role • Considerations for Deploying the DNS Server Role

  4. Overview of the Domain Name System Role Domain Name System is a hierarchical distributed database • DNS is the foundation of the Internet naming scheme • DNS supports accessing resources by using alphanumeric names • InterNIC is responsible for managing the domain namespace • DNS was created to support the Internet’s growing number of hosts

  5. Overview of the DNS Namespace Root Domain Top-Level Domain com net org Second-Level Domain nwtraders Subdomain west south east sales FQDN: SERVER1.sales.south.nwtraders.com Host: SERVER1

  6. DNS Improvements for Windows Server 2008 New or enhanced features in the Windows Server 2008 version of DNS include: • Background zone loading • IP version 6 support • Support for read-only domain controllers • Global single names

  7. Demonstration: Installing the DNS Server Role In this demonstration, you will see how to install the DNS Server role

  8. Considerations for Deploying the DNS Server Role The user account must be a member of the local administrators group or equivalent ü Manually configuring the server to use a static IP address is recommended ü Manually editing the server and boot files is not recommended ü Use the DNS console or dnscmd ü Active Directory-integrated DNS zones cannot be administered using a text editor ü

  9. Lesson 2: Configuring the DNS Server Role • What Are the Components of a DNS Solution? • DNS Resource Records • What Are Root Hints? • What Is a DNS Query? • What Are Recursive Queries? • What Are Iterative Queries? • What Is a Forwarder? • What Is Conditional Forwarding? • How DNS Server Caching Works • Demonstration: Configuring the DNS Server Role

  10. What Are the Components of a DNS Solution? DNS Clients DNS Servers DNS Servers on the Internet Root “.” Resource Record .com .edu Resource Record

  11. DNS Resource Records DNS Resource Records DNS resource records include: • SOA: Start of Authority • A: Host Record • CNAME: Alias Record • MX: Mail Exchange Record • SRV: Service Resources • NS: Name Servers • AAAA: IPv6 DNS Record

  12. What Are Root Hints? Root hints contain the IP addresses for DNS root servers Root (.) Servers DNS Servers Root Hints com DNS Server microsoft Client

  13. What Is a DNS Query? A query is a request for name resolution and is directed to a DNS server • Queries are recursive or iterative • DNS clients and DNS servers both initiate queries • DNS servers are authoritative or nonauthoritative for a namespace • An authoritative DNS server for the namespace will either: • Return the requested IP address • Return an authoritative “No” • A nonauthoritative DNS server for the namespace will either: • Check its cache • Use forwarders • Use root hints

  14. What Are Recursive Queries? 172.16.64.11 A recursive query is sent to a DNS server and requires a complete answer mail1.contoso.msft Database Local DNS Server DNS Client

  15. What Are Iterative Queries? An iterative query directed to a DNS server may be answered with a referral to another DNS server Iterative Query Root Hint (.) Local DNS Server Ask .com Iterative Query .com Ask nwtraders.com Recursive Query mail1.nwtraders.com Iterative Query 172.16.64.11 Authoritative Response Nwtraders.com Client Server

  16. What Is a Forwarder? A forwarder is a DNS server designated to resolve external or offsite DNS domain names Iterative Query Forwarder Root Hint (.) Ask .com Iterative Query .com Ask nwtraders.com Recursive Query 172.16.64.11 Iterative Query Authoritative Response 172.16.64.11 Recursive Query for mail1.nwtraders.com Nwtraders.com Local DNS Server Client Server

  17. What Is Conditional Forwarding? Conditional forwarding forwards requests using a domain name condition All other DNS domains Local DNS ISP DNS contoso.msft Query for www.contoso.msft Client Computer Contoso.msft DNS

  18. How DNS Server Caching Works Where’s ServerA? ServerA is at 192.168.8.44 ServerA Client1 ServerA is at 192.168.8.44 Where’s ServerA? Client2

  19. Demonstration: Configuring the DNS Server Role In this demonstration, you will see how to: • Update root hints on a DNS server • Configure a DNS server to use a forwarder • Clear the DNS server cache by using the DNS console • Clear the DNS server cache by using the DNSCmd command

  20. Lesson 3: Configuring DNS Zones • What Is a DNS Zone? • What Are the DNS Zone Types? • What Are Forward and Reverse Lookup Zones? • What are Stub Zones? • Demonstration: Creating Forward and Reverse Lookup Zones • DNS Zone Delegation

  21. What Is a DNS Zone? Internet “.” DNS root domain .com microsoft.com domain microsoft.com zone WWW FTP Zone database Delegated example.microsoft.com zone WWW.example FTP.example Zone database

  22. What Are the DNS Zone Types?

  23. What Are Forward and Reverse Lookup Zones? Namespace: training.nwtraders.msft DNS Server Authorized for training DNS Client2 = ? 192.168.2.46 = ? DNS Client3 DNS Client1 DNS Client2

  24. What Are Stub Zones? Without stub zones, the ny.na.contoso.com server must query several servers to find the server that hosts the na.fabrikam.com zone With a stub zone defined, the location of the na.fabrikam.com zone is known without querying multiple DNS servers DNS server DNS server DNS server DNS server Contoso.com (Root domain) Contoso.com (Root domain) fabrikam.com fabrikam.com DNS server DNS server DNS server DNS server DNS server DNS server na.contoso.com na.contoso.com sa.contoso.com sa.contoso.com na.fabrikam.com na.fabrikam.com DNS server DNS server DNS server DNS server Stub zone: na.fabrikam.com Stub zone: rio.sa.contoso.com ny.na.contoso.com ny.na.contoso.com rio.sa.contoso.com rio.sa.contoso.com

  25. Demonstration: Creating Forward and Reverse Lookup Zones In this demonstration, you will see how to: • Create a forward lookup zone • Create a reverse lookup zone

  26. DNS Zone Delegation Contoso.msft Sales.contoso.msft Training.contoso.msft

  27. Lesson 4: Configuring DNS Zone Transfers • What Is a DNS Zone Transfer? • How DNS Notify Works • Securing Zone Transfers • Demonstration: Configuring DNS Zone Transfers

  28. What Is a DNS Zone Transfer? A DNS zone transfer is the synchronization of authoritative DNS zone data between DNS servers SOA query for a zone 1 SOA query answered 2 IXFR or AXFR query for a zone 3 IXFR or AXFR query answered (zone transferred) 4 Secondary server Primary and Master server

  29. How DNS Notify Works A DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur Resource record is updated 1 Destination Server Source Server SOA serial number is updated 2 DNS notify 3 Zone transfer 4 Secondary Server Primary and Master Server

  30. Securing Zone Transfers • Restrict zone transfer to specified servers • Encrypt zone transfer traffic • Consider using Active Directory-integrated zones Primary Zone Secondary Zone

  31. Demonstration: Configuring DNS Zone Transfers In this demonstration, you will see how to: • Configure DNS zone transfers • Configure a secondary zone

  32. Lesson 5: Managing and Troubleshooting DNS • What Is Time to Live, Aging, and Scavenging? • Demonstration: Managing DNS Records • Testing the DNS Server Configuration • Tools That Identify Problems With DNS • Demonstration: Testing the DNS Server Configuration • Monitoring DNS Using the DNS Event Log and Debug Logging

  33. What Is Time to Live, Aging, and Scavenging?

  34. Demonstration: Managing DNS Records In this demonstration, you will see how to: • Configure TTL • Enable Scavenging • Configure Aging

  35. Testing the DNS Server Configuration You can test the DNS server configuration by using: • A simple query to ensure that the DNS service is answering • A recursive query to ensure that the DNS server can communicate with the upstream DNS service

  36. Tools That Identify Problems With DNS

  37. Demonstration: Testing the DNS Server Configuration In this demonstration, you will see how to test the DNS server configuration by using: • Simple queries • Recursive queries • Nslookup • Dnscmd • Dnslint

  38. Monitoring DNS Using the DNS Event Log and Debug Logging • Monitor DNS events in the event log to: • Monitor zone transfer information • Monitor computer events • Enable DNS debug logging to view granular verbose information about DNS activities

  39. Lab: Configuring and Verifying a DNS Solution • Exercise 1: Configuring a DNS Infrastructure • Exercise 2: Monitoring and Troubleshooting DNS Logon information Estimated time: 60 minutes

  40. Lab Review • When you added a DNS zone on NYC-DC1, why were you able to choose Active Directory-integrated zones? • What type of DNS zone transfer would take place between NYC-SRV1 and NYC-DC1? • When using NS lookup, what record type would you use to find a mail server? How would you configure NS lookup to request this record type? • When using Dnslint to verify name server records, you ran the DNSLint command to generate a DNSLint report for the nwtraders.msft domain and used the /s switch. Why was it important to use this switch?

  41. Module Review and Takeaways • Review Questions • Common Issues and Troubleshooting Tips • Real-world Issues and Scenarios • Best Practices • The DNS Console • Command-line Tools • Monitoring Tools

More Related