1 / 35

Module Overview

Module Overview. Installing the DNS Server Role Configuring the DNS Server Role Configuring DNS Zones Configuring DNS Zone Transfers Managing and Troubleshooting DNS Overview of the Windows Internet Name Service Configuring WINS Replication Migrating from WINS to DNS.

edita
Télécharger la présentation

Module Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module Overview • Installing the DNS Server Role • Configuring the DNS Server Role • Configuring DNS Zones • Configuring DNS Zone Transfers • Managing and Troubleshooting DNS • Overview of the Windows Internet Name Service • Configuring WINS Replication • Migrating from WINS to DNS

  2. Overview of the Domain Name System Role Root Domain Top-Level Domain com net org Second-Level Domain nwtraders Subdomain west south east sales FQDN: SERVER1.sales.south.nwtraders.com Host: SERVER1 • DNS supports accessing resources by using alphanumeric names • InterNIC is responsible for managing the domain namespace Domain Name System is a hierarchical distributed database

  3. DNS Improvements for Windows Server 2008 New or enhanced features in the Windows Server 2008 version of DNS include: • Background zone loading • IP version 6 support • Support for read-only domain controllers • Global single names • DNSSEC against Spoofing and Man-in-the-middle attack • Only available in R2 & IPv6 environment • Three new types of records: • Signature (SIG), Public Key (KEY), Next Domain (NXT)

  4. Consideration for deploying DNS Server Role: Manually configuring the server to use a static IP address ü ü Use the DNS console or dnscmd The user account must be a member of the local administrators group or equivalent ü dnscmd dns_server_name /ageAllRecords /startScavenging /zoneinfo /zoneexport /info /config /statistics /zoneresettype zonename /primary [ | /secondary] /zoneresetsecondaries /zoneresetmaster zonename

  5. What Are the Components of a DNS Solution? DNS Clients DNS Servers DNS Servers on the Internet Root “.” Resource Record .com .edu Resource Record

  6. DNS Resource Records DNS Resource Records DNS resource records include: • SOA: Start of Authority • A: Host Record • CNAME: Alias Record • MX: Mail Exchange Record • SRV: Service Resources • NS: Name Servers • AAAA: IPv6 DNS Record

  7. What Are Root Hints? Root hints contain the IP addresses for DNS root servers Root (.) Servers DNS Servers Root Hints com DNS Server microsoft Client

  8. What Is a DNS Query? A query is a request for name resolution and is directed to a DNS server • Queries are recursive or iterative • DNS clients and DNS servers both initiate queries • DNS servers are authoritative or nonauthoritative for a namespace • An authoritative DNS server for the namespace will either: • Return the requested IP address • Return an authoritative “No” • A nonauthoritative DNS server for the namespace will either: • Check its cache • Use forwarders • Use root hints

  9. What Are Recursive Queries? 172.16.64.11 A recursive query is sent to a DNS server and requires a complete answer mail1.contoso.msft Database Local DNS Server DNS Client

  10. What Are Iterative Queries? An iterative query directed to a DNS server may be answered with a referral to another DNS server Iterative Query Root Hint (.) Local DNS Server Ask .com Iterative Query .com Ask nwtraders.com Recursive Query mail1.nwtraders.com Iterative Query 172.16.64.11 Authoritative Response Nwtraders.com Client Server

  11. What Is a Forwarder? A forwarder is a DNS server designated to resolve external or offsite DNS domain names Iterative Query Forwarder Root Hint (.) Ask .com Iterative Query .com Ask nwtraders.com Recursive Query 172.16.64.11 Iterative Query Authoritative Response 172.16.64.11 Recursive Query for mail1.nwtraders.com Nwtraders.com Local DNS Server Client Server

  12. What Is Conditional Forwarding? Conditional forwarding forwards requests using a domain name condition All other DNS domains Local DNS ISP DNS contoso.msft Query for www.contoso.msft Client Computer Contoso.msft DNS

  13. How DNS Server Caching Works Where’s ServerA? ServerA is at 192.168.8.44 ServerA Client1 ServerA is at 192.168.8.44 Where’s ServerA? Client2

  14. What Is a DNS Zone? Internet “.” DNS root domain .com microsoft.com domain microsoft.com zone WWW FTP Zone database Delegated example.microsoft.com zone WWW.example FTP.example Zone database

  15. What Are the DNS Zone Types?

  16. What Are Forward and Reverse Lookup Zones? Namespace: training.nwtraders.msft DNS Server Authorized for training DNS Client2 = ? 192.168.2.46 = ? DNS Client3 DNS Client1 DNS Client2

  17. What Are Stub Zones? Without stub zones, the ny.na.contoso.com server must query several servers to find the server that hosts the na.fabrikam.com zone With a stub zone defined, the location of the na.fabrikam.com zone is known without querying multiple DNS servers DNS server DNS server DNS server DNS server Contoso.com (Root domain) Contoso.com (Root domain) fabrikam.com fabrikam.com DNS server DNS server DNS server DNS server DNS server DNS server na.contoso.com na.contoso.com sa.contoso.com sa.contoso.com na.fabrikam.com na.fabrikam.com DNS server DNS server DNS server DNS server Stub zone: na.fabrikam.com Stub zone: rio.sa.contoso.com ny.na.contoso.com ny.na.contoso.com rio.sa.contoso.com rio.sa.contoso.com

  18. DNS Zone Delegation Contoso.msft Sales.contoso.msft Training.contoso.msft

  19. What Is a DNS Zone Transfer? A DNS zone transfer is the synchronization of authoritative DNS zone data between DNS servers SOA query for a zone 1 SOA query answered 2 IXFR or AXFR query for a zone 3 IXFR or AXFR query answered (zone transferred) 4 Secondary server Primary and Master server

  20. How DNS Notify Works A DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur Resource record is updated 1 Destination Server Source Server SOA serial number is updated 2 DNS notify 3 Zone transfer 4 Secondary Server Primary and Master Server

  21. Securing Zone Transfers • Restrict zone transfer to specified servers • Encrypt zone transfer traffic • Consider using Active Directory-integrated zones Primary Zone Secondary Zone

  22. What Is Time to Live, Aging, and Scavenging?

  23. Troubleshooting DNS You can test the DNS server configuration by using: • A recursive query to ensure that the DNS server can communicate with the upstream DNS service • A simple query to ensure that the DNS service is answering • Monitor DNS events in the event log to: • Monitor zone transfer information • Monitor computer events

  24. What is WINS and When Is WINS Required? WINS resolves NetBIOS name (single label name) to ip address WINS is required for the following reasons: • Older versions of Microsoft operating systems rely on WINS for name resolution • Some applications, typically older applications, rely on NetBIOS names • When you need dynamic registration of single-label names • If users rely on the Network Neighborhood or My Network Places network browser features • If you are not using Windows Server 2008 as your DNS infrastructure

  25. Overview of WINS Components Subnet 2 WINS Server WINS Database Subnet 1 WINS Proxy WINS Client

  26. WINS Client Registration and Release Process Name Registered Name Released • WINS client sends request to register • WINS server returns registration message with TTL value, indicating when the registration expires 1 • WINS client sends request to release name • WINS server sends a positive name release response 2 WINS Client WINS Server

  27. WINS Server Name Resolution Process WINS Server A Client Subnet 2 Subnet 1 WINS Server B Subnet 2 Client makes three attempts to contact WINS server, but does not receive a response 1 Client attempts to contact all WINS servers until contact is made 2 If name is resolved, IP address is returned to the client 3 Up to three attempts 1 2 3

  28. What Are NetBIOS Node Types? A NetBIOS node type determines the method that a computer uses to resolve a NetBIOS name

  29. Compacting the WINS Database Compacting recovers unused space in a WINS database Maintain WINS database integrity by using: • Dynamic compacting. Automatically occurs while the database is in use • Offline compacting. Administrator stops the WINS server and uses the Jetpack.exe command-line tool

  30. What Is Push Replication? Replicas sent Notification sent Replication request 4 3 2 1 50 changes occur in database ServerA reaches set threshold of 50 changes in its database 1 ServerA notifies ServerB that the threshold is reached 2 ServerB responds to ServerA with a replication request 3 ServerA sends replicas of its new database entries 4 • A push partner notifies replication partners based on the number of changes in its database • Push replication maintains a high level of synchronization ServerB ServerA Subnet 1 Subnet 2

  31. What Is Pull Replication? Requests changes every eight hours 1 2 Replicas sent ServerA requests database changes every 8 hours 1 ServerB sends replicas of its new database entries 2 • A pull partner requests replication based on a time interval • Pull replication limits frequency of replication traffic acrossslow links ServerB ServerA Subnet 1 Subnet 2

  32. What Is Push/Pull Replication? Push/pull replication ensures that the databases on multiple WINS servers are nearly identical at any given time by: • Notifying replication partners whenever the database reaches a set threshold of changes • Requesting replication based on a set time

  33. Name Resolution for a Single-Label Name IPv6 does not support WINS Windows Server 2008 introduces a new zone type for DNS called GlobalNames Zone • Resolves single-label names in the enterprise without using WINS • Mitigates the management and maintenance of DNS suffix search lists • Relies on static record creation • Requires the zone be available on DNS servers throughout the forest

  34. What Is the GlobalNames Zone? The GlobalNames zone: • Enables Single-Label name resolution for IPV6 enabled networks • Uses CNAME records to point to the FQDN of the computerthat hosts the resource • Is recommended to be integrated in Active Directorywith forest-wide replication • Can be a used as a method to decommission WINS servers • Requires no additional client configuration because the client resolves the name in standard DNS query form

  35. Setup GlobalNames Zone Functions of Content Advisor include: Requires authoritative name servers running Windows Server 2008 ü Configure forest-wide, Active Directory-integrated replication of the GlobalNames zone ü Create static CNAME records that point to FQDN records ü Disable dynamic updates on the GlobalNames zone ü Enable single-label GlobalNames zone support on all DNS servers that host the zone ü Use the following command to enable support for the GlobalNames zone on all DNS servers hosting the zone:dnscmd /config /EnableGlobalNamessupport 1

More Related