DNS - TechNet Gallery
Download
Report
Transcript DNS - TechNet Gallery
DNS
DNS overview
DNS operation
DNS zones
DNS Overview
Name to IP address lookup service based on Domain
Names
Some DNS servers hold name and address
information for a given portion of the domain
namespace in a file
Portion of namespace containing names and
addresses that are contained in a single file is called
a zone
File containing names and addresses within a zone is
called zone file
DNS operation
The scenario
Recursive vs iterative queries
The lookup process
The Scenario
Workstation configuration
Resolver software
Local DNS server
Root servers
Authoritative servers
Recursive vs Iterative Queries
Recursive query
Iterative query
The lookup process
Workstation sends recursive query for www.microsoft.com
Local DNS server sends iterative query to root server
Root server responds with address of .com server
Local DNS server sends iterative query to .com server
.com server responds with address of microsoft.com server
Local DNS server sends iterative query to microsoft.com server
microsoft.com server responds with address of host named
www
Local DNS server sends address of www host to workstation
Preferred DNS server caches all address information returned by
other DNS servers
Client caches information
Resolving a Forward
Lookup Query
Name Server Caching
Time to Live (TTL)
Use shorter TTL values to help ensure that
data about the domain namespace is more
current across the network.
Shorter TTL values increase the load on name
servers.
Longer TTL values decrease the time required
to resolve information.
If a change occurs, the client will not receive
the updated information until the TTL expires
and a new query to that portion of the
domain namespace is resolved.
DNS Zones
Forward lookup
Contains names with associated IP addresses
Enable forward lookup queries.
At least one forward lookup zone must be
configured for the DNS service to work.
Active Directory Installation Wizard can
automatically create a forward lookup zone based
on the DNS name you specified for the server.
Reverse lookup
Contains IP addresses with associated DNS names
Zone Name
A zone is typically named after the
highest domain in the hierarchy that the
zone encompasses; the root domain for
the zone.
For a zone that encompasses both
microsoft.com and sales.microsoft.com,
the zone name would be microsoft.com.
Zone File
A zone file must be specified for the standard
primary forward lookup zone type.
The zone file is the zone database file name,
which defaults to the zone name with a .dns
extension.
An existing zone file can be imported when
migrating a zone from another server.
Place the existing file in the
systemroot\System32\DNS directory on the
target computer before creating the new
zone.
Primary vs secondary zones
Primary zone contains records in file
Secondary zone receives records from
another server
Zone transfer causes transfer from
master server to secondary
Master server can be other secondary
Zone Type:
Standard Primary
Master copy of a new zone stored in a
standard text file
Administered and maintained on the
computer on which the zone is created
Zone Type:
Standard Secondary
Replica of an existing zone.
Read-only; stored in standard text files.
Primary zone must be configured to create a
secondary zone.
Must specify DNS server, called the master server,
that will transfer zone information to the name server
containing the standard secondary zone.
Create a secondary zone to provide redundancy and
to reduce the load on the name server containing the
primary zone database file.
Reasons to Use
Additional Zones
A need exists to delegate management of part of the
DNS namespace to another location or department
within the organization.
A need exists to divide one large zone into smaller
zones for distributing traffic loads among multiple
servers, improve DNS name resolution performance,
or create a more fault-tolerant DNS environment.
A need exists to extend the namespace by adding
numerous subdomains at once, such as to
accommodate the opening of a new branch or site.
Zone Transfers
Incremental vs full
Originally DNS only supported full transfer.
Microsoft supports incremental transfer.
Initial transfer is full
Reverse Zones
Based on IP addresses, not domain
names
Named using the IP address reversed
added to the name In-addr.arpa
In-addr.arpa Domain
Follows the same hierarchical naming scheme
as the rest of the domain namespace.
Subdomains are named after the numbers in
the dotted-decimal representation of IP
addresses.
Order of the IP address octets is reversed.
Companies administer subdomains of the inaddr.arpa domain based on their assigned IP
addresses and subnet mask.
Reverse Zone File
Must be specified for the standard primary reverse
lookup zone type.
Network ID and subnet mask determine the default
zone file name.
DNS reverses the IP octets and adds the in-addr.arpa
suffix.
For a network ID of 169.254, the reverse lookup zone
for the 169.254 network becomes 254.269.inaddr.arpa.dns.
The existing zone file may be imported when
migrating a zone from another server.
The existing zone file must be placed in the
systemroot\System32\DNS directory.
Reverse Lookup Query
Maps an IP address to a name.
NSLOOKUP command-line DNS utility uses reverse
lookup queries to report back host names.
Certain applications implement security based on the
ability to connect to names, not IP addresses.
DNS is indexed by name, not by IP address.
A reverse lookup query would require an exhaustive
search of every domain name because the DNS
distributed database is indexed by name and not IP
address.
Special second-level domain called in-addr.arpa was
created to solve the problem of finding a name that
matches an IP address.
Active Directory Integrated Zone
Information stored in AD
Replicated with AD
AD integrated zones are multimaster
Can be sent to all DCs
Can be sent to all DNS servers in domain
Can be sent to all DNS servers in forest
Sent encrypted
Benefits of Active
Directory–Integrated Zones
Fault tolerance
Security - control access as to who can modify zones
Zones are replicated and synchronized to new
domain controllers automatically whenever a new
zone is added to an Active Directory domain.
By integrating storage of your DNS namespace in
Active Directory, you simplify planning and
administration for both DNS and Active Directory.
Directory replication is faster and more efficient than
standard DNS replication.
Frequently Used
Resource Record Types
Host (A): Lists host name-to-IP address mappings
Alias (CNAME): Creates alias or canonical name
Mail Exchanger (MX): Identifies mail exchanger
Name Server (NS): Lists name servers for domain
Pointer (PTR): Points to another part of the domain
Service (SRV): Identifies servers hosting services
Start of Authority (SOA): Identifies authoritative
source
DNS Security Options
Allowing only secure dynamic updates
Zone transfer
Only to servers listed in NS resource
records
Only to specified IP addresses
Notify list
Managing DNS
Using DNS console
Using nslookup
Command prompt mode
Interactive mode
Thank You
Md Shaifullah Palash
MCTS, MCSA, MCSE (Infra, Messaging, Communication)