1 / 35

Objectives

Objectives. Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008 Create standard DNS zones Manage your Domain Name System (DNS) environment Troubleshoot your DNS environment

margot
Télécharger la présentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Objectives • Discuss the basics of the Domain Name System (DNS) and its terminology • Configure DNS clients • Install a standard DNS server on Server 2008 • Create standard DNS zones • Manage your Domain Name System (DNS) environment • Troubleshoot your DNS environment • Describe the new features of DNS in Server 2008

  2. Domain Name System • Translate human-readable host names to IP Address • Assists the flow of e-mail • Provides mail exchanger records that tell a Simple Mail Transfer Protocol (SMTP) server where to send an e-mail message

  3. DNS Terminology • DNS namespace • Organized into the following domains: root domain (.), top-level domain (TLD), second-level domain, and so on • DNS domain • The portion of the namespace to the right of the host name • Fully qualified domain names • The entire name: host_name.domain_name • Hosts: Computers on internet hosting resources. • Host name: Not necessary to be the compute name • DNS zone: Groups records into zones • DNS records: Information in DNS database.

  4. Host name portion of DNS Domain Domain Portion of DNS Domain

  5. DNS Queries in Windows Server 2008 • Iterative query: • Get an answer or Referral • Recursive queries: • Get an answer or No answer

  6. Configuring DNS Clients • DNS Client service to perform DNS queries on behalf of the client • DNS servers • Which server client contacts to resolve a name • Server 2008 Supports dynamic updates • Automatically update DNS records • Win 2000, XP & Vista clients perform their own Dynamic DNS updates • During the boot process, the clients contact their DNS server to perform a dynamic update

  7. Dynamic DNS and DHCP DHCP Server can perform dynamic updates for clients Configured via Scope Properties • Deletes records of clients removed from the domain or whose DHCP leases expire • Scavenging • Remove stale records 7

  8. DNS Suffix • DNS domain appended to all unqualified name queries, or a query that contains only a host name

  9. Installing DNS in Windows Server 2008 • DNS • A role that can be installed on Windows Server 2008 • Cache-only DNS server • Server that has the DNS role installed • Does not hold a DNS zone so it is not authoritative for any DNS zones • Does it maintain any DNS records • Root hints • Provide IP address pointers to top-level DNS servers • Provide referral answers to queries in a DNS server’s quest to resolve an unknown domain name request • Forwarders • Servers used to resolve names

  10. DNS Zones • Zones: Building blocks of your DNS infrastructure • DNS zones • Fall into two categories • Standard and Active Directory • Standard Zones • zone.dns • Used to store DNS records • Found in the %systemroot%\system32\DNS folder • Berkeley Internet Name Domain (BIND) • Industry standard of DNS servers on the Internet and networks running DNS on UNIX/Linux systems

  11. Standard DNS Zone Types • Primary DNS zone • The zone that is authoritative for a specific domain and its name records • Secondary DNS zone • Read-only version of the DNS records for a zone • Stub zone • Read-only copy of a zone that obtains its resource records from the name servers that are authoritative for a particular zone • Start of Authority • Name Server (NS) records • Host records of all name servers authoritative for the zone

  12. Stub Zones 12

  13. Standard DNS Zone Transfers • Master server • Server hosts Primary Zone. • Slave server • Server hosts Secondary Zone • Zone transfers from the master to the secondary server come in two varieties • Incremental zone transfers (IXFRs) • Full zone transfers (AXFRs)

  14. Active Directory-Integrated Zones An Active Directory-integrated zone stores information in Active Directory The DNS server must be a domain controller in order to store information in Active Directory Advantages Using Active Directory- Integrated zone Automatically backup of zone information Multi-master replication Increased security Can be stored in two areas of Active Directory: The domain directory partition (replicate to all DCs) The application directory partition (new since 2003. Replicated to selected servers) 14

  15. Direction of DNS Zones • Forward lookup DNS zones • Allow a DNS client to resolve an FQDN to an IP address • Reverse lookup DNS zone • Maps IP addresses to host names

  16. DNS Resource Records • Start of Authority (SOA) • Record is the starting point for information related to a zone • Name server (NS) record • Identifies a DNS server that is authoritative for a zone • Host (A) record • Provides host name–to–IP address resolution for DNS clients • Host (AAAA) Records for IPv6 • Records map a host name to an IPv6 address • Mail exchanger (MX) record • Specifies the server that is responsible for handling e-mail • Alias records • Used to create an alias for a specific host

  17. DNS Resource Records (continued) • Pointer records • Resolves IP address to host names for DNS clients • Service locator records • Provides the following information • Location of services it needs • Network protocol needed to access the previously mentioned services • Domain services it provides (gc, ldap, kerberos, etc.)

  18. Managing DNS Servers Configure DNS Server options - Server Properties Configure aging and scavenging Update server data files Write data to zone file on disk Only used for Standard zone Clear cache Configure bindings Configure forwarding Edit the root hints Configure event and debug logging Set advanced options Configure security 18

  19. Configure Bindings The DNS Service listens on all IP addresses that are bound to the server it is running on You can configure DNS to respond on certain IP addresses that are bound to the server The Interfaces tab (DNS server Properties) allows you to configure the IP addresses to which the DNS service listens 19

  20. Root Hints Servers that are used to perform recursive lookups You can configure one of your internal DNS servers to act as a root server  NO Internet connection You should not change Root Hints on your DNS server that is connected to Internet 20

  21. Forwarding A DNS server that cannot perform a record lookup queries several servers to find the information Forwarding queries from clients to another DNS server Used with internal DNS server that does not have Internet access Conditional Forwarding • Forwarding based on a specific domain name 21

  22. 22

  23. Logging Event logging records errors, warnings, and information to the event log No events Errors only Errors and warnings No events Debug logging records much more detailed information Packet direction Transport protocol Packet contents Packet type 23

  24. Advanced Options Several options can be configured on the Advanced tab of the server properties dialog box: Disable recursion (also disables forwarders) BIND secondaries (when using w/non-Windows old DNS) Disable fast zone transfers Fail on load if zone data is bad Enable round robin Enable netmask ordering – Return the results close to client Secure cache against pollution – Only cache host from requested domain Round robin DNS occurs when more than one record exists for a DNS query – e.g multiple web servers have the same host name 24

  25. Security You can view and modify which users and groups can modify the configuration of the DNS server By default, the Domain Admins group, Enterprise Admins group, and DnsAdmins group are allowed to manage DNS 25

  26. Managing Zones 26

  27. Managing Zones Configure Zone options Reload zone information Use Text editor to mass edit zone file and load into DNS (no need today with dynamic updates) Create a new delegation Change the type of zone and replication (General tab) Configure aging and scavenging  at zone level Modify the Start of Authority (SOA) record Name servers Authoritative DNS for the zone Used in recursive lookup and dynamic update Enable WINS resolution Find hostname via NetBIOS name Enable zone transfers Transfer zone file to Secondary zone Configure security Zone security (permission) on A.D. Integrated zone 27

  28. Create a New Delegation You may need more than one zone to hold all of the DNS information Windows provides a wizard to delegate the authority for a subdomain (child domain) to another server (child domain’s DNS server) To access the wizard, right-click the original zone and then click New Delegation 28

  29. Modify the Start of Authority Record Configured in the Start of Authority (SOA) tab of the zone properties Options to specify include: Refresh Interval Retry Interval Expires After Minimum TTL 29

  30. DNS Commands • DNScmd • Command-line tool for performing configuration and maintenance tasks on a DNS server • Can be used to: • Create and delete DNS zones • Add and delete • View information about DNS zones and records • Change the zone type 30

  31. New DNS Features DNS on Server Core Support for IPv6 Windows Server 2008 DNS supports the IPv6 address numbering scheme along with the AAAA resource records Link-local multicast name resolution (LLMNR) Clients exchange simple messages to verify that they have a unique name on the local subnet Resolve names on a local network segment when a DNS server is not available Primary Read-Only Zone Read-only domain controllers (RODCs): contain a copy of the AD DS database and can answer client requests 31

  32. New DNS Features (continued) DNS client changes Periodically perform a check to ensure that they are authenticating with a local DC Background zone loading Allows DNS server to handle client requests immediately instead of waiting until the entire DNS zone is loaded GNZ (GlobalName Zone) Allows you to resolve single-label: host computer name–to–IP address resolution records in their Windows Server 2008 DNS zone Aid retirement of WINS 32

  33. Troubleshooting DNS Most problems are a result of incorrectly configured client computers (unlikely with DHCP) Problems can occur due to mis-configured DNS records Use the Monitoring tab of the DNS server properties dialog box to test the functionality of a DNS server Check DNS server logs 33

  34. DNS Server Logs Global Logs folder: contains a subset of the event logs relating specifically to DNS called DNS Events General Tab: log file size default is 16,384 KB Filter Tab: Filter by Event type, source, category, & time 34

  35. Command-Line Utilities Ping: Ping a server by host name or FQDN Ipconfig Commands and switches: ipconfig /all, ipconfig /flushdns, ipconfig /displaydns, ipconfig /registerdns DCDiag Allows you to perform diagnostic queries of your DCs Nslookup Perform queries for DNS record from the command line Noninteractive - Perform a single query in a single command with all parameters entered. Interactive - Launch nslookup in a command-line shell where you can define parameters one by one Used with debug parameter; provides more detailed information 35

More Related