Document

Download Report

Transcript Document 

Hands-On Microsoft
Windows Server 2003
Networking
Chapter 6
Domain Name System
Objectives
• Describe the functions of the Domain Name
System
• Install DNS
• Explain the function of DNS zones
• Configure a caching-only server to speed
hostname resolution
• Integrate Active Directory and DNS, including
Dynamic DNS
• Configure and manage a DNS server
• Manage DNS zones
• Troubleshoot DNS
2
Functions of the Domain Name
System
• Domain Name System (DNS)
– Essential service for a network that uses Active
Directory
– Has the ability to store DNS information in Active
Directory
– Once DNS information is stored in Active
Directory, it is automatically replicated to all
domain controllers
– Storing DNS data in Active Directory allows
security control for Dynamic DNS
3
Functions of the Domain Name
System (Continued)
– Used internally to resolve hostnames to IP
addresses
– Can be integrated with the worldwide system for
resolving hostnames to IP addresses
– Can be used as a repository for service
information and perform reverse lookups to
convert IP addresses to host names
4
Hostname Resolution
• Windows Sockets (WinSock) and NetBIOS
– Two standard methods Windows applications can
use to access network resources
– Name accessed through WinSock is known as a
hostname
• Steps followed to resolve hostnames
– Hostname
• Server first checks if hostname being resolved is
its own
• If it is, then it uses its own IP address and
resolution process stops
5
Hostname Resolution (Continued)
• Steps (Continued)
– Hosts file is loaded into cache
• HOSTS file is used to list hostnames and IP
addresses for resolution
• Contents of the HOSTS file are placed in DNS
cache
– DNS cache
• Contents are evaluated
• If hostname being resolved is in DNS cache,
then IP address in the cache is used
– DNS
• If required hostname is not the hostname of
this server and has not been found in DNS
cache, then Windows Server 2003 submits a
request to a DNS server for resolution
6
HOSTS File
• Simple text file that stores hostname information
• Must be located in
C:\WINDOWS\system32\drivers\etc
• Contents are a list of IP addresses and
hostnames
7
HOSTS file
8
Forward Lookup
• Resolves hostnames to IP addresses
• Two-packet process
– First packet is request from DNS client to DNS
server containing hostname to be resolved
– Second packet is response from server
containing the IP address of requested hostname
9
Forward Lookup (Continued)
• Root servers
– 13 root servers that control overall DNS lookup
process
– ICANN DNS Root Server System Advisory
Committee is main body responsible for
maintenance
– If servers become unavailable, much of the
Internet would be inaccessible
• Recursive lookup
– DNS query that is resolved through other DNS
servers until requested information is located
10
DNS Lookup Process
11
Registering a Domain
• Top-level domain names
– Organized by either country or category
– Category names defined by the Internet
Corporation for Assigned Names and Numbers
(ICANN)
– To merge with worldwide DNS lookup system you
must register your domain name with a registrar
• Registrars
– Have ability to put domain information into toplevel domain DNS servers
12
Top-level domains
13
Reverse Lookup
• Resolves IP addresses to hostnames
• Often performed for the system logs of Internet
services
• Web server can be configured to perform
reverse lookup of all clients accessing a Web
site
• Reverse lookup DNS information maintained by
ISP
14
DNS Record Types
• Created on a DNS server to resolve queries
• Each type of record holds different information
about
–
–
–
–
A service
Hostname
IP address
Domain
• DNS has ability to hold many different record
types
15
DNS records types
16
Domain Name System (DNS) and
Berkeley Internet Name Domain
(BIND)
• BIND
– The de facto standard for DNS implementation on
UNIX and Linux systems
– Other implementations of DNS reference BIND
version numbers for feature compatibility
17
BIND versions and features
18
Installing DNS
• Windows Server 2003 has the ability to act as a
DNS server
• Small organizations
– During installation of Active Directory, if no DNS
server has been configured for the domain,
DCPROMO asks whether it should install DNS
• Large organizations
– DNS is often installed on multiple servers
19
DNS Zones
• The part of a DNS namespace for which a DNS
server is responsible
• Forward lookup zone
– A zone that holds records for forward lookups
• Reverse lookup zone
– A zone that holds records for reverse lookups
20
Primary and Secondary Zones
• Used to automatically synchronize DNS
information between DNS servers
• Primary zone
– First to be created
– DNS records created here
• Secondary zone
– Takes copies of primary zone information
– Cannot be copied
21
Primary and Secondary Zones
(Continued)
• For fault tolerance and to reduce network traffic
– Keep copies of DNS domain information on more
than one server
– Servers must automatically synchronize
information between them
• Zone Transfer
– Moving information from primary zone to
secondary zone
• Incremental Zone Transfer
– Copies information that has changed from the
primary zone
22
Active Directory Integrated Zone
• Stores information in Active Directory rather than
in a file on the local hard drive
• Advantages of Storing DNS information in Active
Directory
– Automatic backup of zone information
– Multimaster replication
– Increased security
23
DNS Zone Storage in Active
Directory
• Two areas DNS zones can be stored in Active
Directory
– Domain directory partition
• Holds information about objects specific to a
particular Active Directory domain
• Replicated to all domain controllers in an Active
Directory domain
• Cannot be replicated to domain controllers in other
Active Directory domains
24
DNS Zone Storage in Active
Directory (Continued)
– Application directory partition
• Allows information to be stored in Active Directory
but be replicated only among a defined set of
domain controllers
• Domain must be in the same Active Directory
forest but can be in different Active Directory
domains
25
Storing a zone in the domain
directory partition
26
Storing a zone on all DNS servers in
an Active Directory forest
27
Merging Active Directory Integrated
Zones with Traditional DNS
• Active Directory integrated zones
– Interact with traditional zones by acting as a
primary zone to traditional secondary zones
• Situations where a DNS server cannot
participate in an Active Directory integrated zone
– DNS server is pre-Windows 2000
– DNS server is Windows 2000 and Active
Directory integrated zone is stored in an
application directory partition
– DNS server is a non-Windows server
– DNS server is a member server, but not a domain
controller
– DNS server is in a different forest
28
Stub Zones
• A DNS zone that holds only NS records for a
domain
• NS records
– Define the name servers that are responsible for
a domain
29
DNS lookup using a stub zone
30
Caching-only Server
• Does not have zones configured on it
• Exists only to be a local DNS server for client
computers
• On very slow WAN links
– Caching-only servers may create less network
traffic than storing Active Directory integrated
zones or secondary zones locally
• To create a caching-only server
– Install the DNS Service and do not create any
zones
31
Active Directory and DNS
• Active Directory requires DNS to function
properly
• Most important function DNS performs for Active
Directory is locating services
32
Active Directory and DNS
(Continued)
• Dynamic DNS
– Used to simplify management of DNS records for
Active Directory
– System in which records can be updated on a
DNS server automatically
– Defined by RFC 2136
– Service records for domain controllers are placed
in DNS zone using Dynamic DNS
– Windows 2000/XP clients perform their own
Dynamic DNS updates
33
DNS records for Active Directory
34
Configuring a Zone for Dynamic
DNS
• Can be done during creation process or by
modifying properties of the zone after
configuration
• “Allow only secure dynamic updates” option
– Available only if the zone is Active Directory
integrated
• “Allow only dynamic updates” option
– If selected, then any client can update records
• Do not allow dynamic updates option
– Stops this zone from accepting dynamic updates
35
Dynamic update options when
creating an Active Directory
integrated zone
36
Changing the dynamic update
option
37
Managing DNS Servers
• Aging and Scavenging
– New feature of DNS in Windows Server 2003
– Allows DNS records created by Dynamic DNS to
be removed after a certain period of time if they
have not been updated
– Must be enabled on the Advanced tab of the DNS
server properties
38
Managing DNS Servers (Continued)
• Update Server Data Files
– Option is available when you right-click on the
server
• Clear Cache
– DNS server automatically caches all lookups that
it performs
– Must clear cache to force a DNS server to
perform a new lookup before the record times out
39
Managing DNS Servers (Continued)
• Configure Bindings
– You can configure DNS to only respond on certain
IP addresses that are bound to server
• Forwarding
– Allows you to configure local DNS server to
forward queries from clients to another DNS
server
40
The DNS Server Properties
Interfaces Tab
41
Root Hints
• Servers used to perform recursive lookups
• Root Hints tab
– Automatically populated with names and IP
addresses of DNS root servers on the Internet
• Possible to configure one of your internal DNS
servers to act as a root server
– Create a forward lookup zone named “.”
– DNS server with zone named “.” is considered a
root server
42
The DNS Server Properties
Forwarders tab
43
The DNS Server Properties Root
Hints Tab
44
Logging
• Event logging
– Records errors, warnings, and information to
event log
• Debug logging
– Records packet-by-packet information about
queries the DNS server is receiving
– Can reduce information recorded by specifying
•
•
•
•
Packet direction
Transport protocol
Packet contents
Packet type
45
DNS Server Properties Event
Logging Tab
46
Advanced Options
• Configurable options on Advanced tab of server
properties
–
–
–
–
–
–
Disable recursion (also disables forwarders)
BIND secondaries
Fail on load if bad zone data
Enable round robin
Enable netmask ordering
Secure cache against pollution
47
The DNS Server Properties
Advanced Tab
48
Managing Zones
• Options that can be configured for a zone
–
–
–
–
–
–
–
–
–
Reload zone information
Create a new delegation
Change the type of zone and replication
Configure aging and scavenging
Modify the Start of Authority (SOA) record
Name servers
Enable WINS resolution
Enable zone transfers
Configure security
49
Troubleshooting DNS
• Most DNS problems are a result of incorrectly
configured DNS records
• Iterative query
– DNS server looks only in the zones for which it is
responsible
• NSLOOKUP
– Queries DNS records
– Allows you to confirm that each DNS server is
configured with the correct information
– Can be used from a command prompt to resolve
hostnames
– Most powerful in interactive mode
50
DNS Server Properties Monitoring
Tab
51
Summary
• Hostname resolution
– Check if hostname being resolved matches
hostname of local computer
– Load HOSTS file into DNS cache
– Check DNS cache for third step
– DNS is used if required
• Forward lookup
– Resolves hostnames to IP addresses
• Reverse lookup
– Resolves IP address to hostname
52
Summary (Continued)
• Recursive lookup
– Performed when local DNS server queries root
servers on the Internet on behalf of a DNS client
Common DNS record types
– A, MX, CNAME, NS
– SOA, SRV,AAAA, and PTR
• DNS zones
– Hold records for a portion of DNS namespace
– Primary and secondary zones stored in a zone
file
– Active Directory integrated zones stored in Active
Directory
– Stub zone contains name server records
53
Summary (Continued)
• Caching-only server
– Reduces network traffic generated by DNS
queries Dynamic DNS
– Allows records to be automatically updated on a
DNS server
• Aging and scavenging
– Remove outdated records created by Dynamic
DNS
• Root hints
– Used for recursive lookups
54
Summary (Continued)
• Event logging and debug logging
– Used to troubleshoot DNS problems
• WINS server
– Used to help resolve hostnames
• NSLOOKUP
– Used to verify that DNS server is properly
configured
55