1

Chapter Overview

Understanding DNS Creating Zones Managing Resource Records Troubleshooting DNS

2

Understanding DNS

Domain Name System (DNS) is a name resolution mechanism that Transmission Control Protocol/Internet Protocol (TCP/IP) computers use to resolve host names and domain names into Internet Protocol (IP) addresses.

3

Introduction to DNS DNS name resolution is different from

Windows Internet Name Service (WINS). WINS resolves Network Basic Input/Output

System (NetBIOS) names used on Microsoft Windows networks into IP addresses.

DNS resolves host names used on all types of TCP/IP networks into IP addresses.

Host names are user friendly, remain more constant than IP addresses, and let users connect to local servers by using the same naming convention that is used on the Internet.

4

Domain Namespace The domain namespace is the naming scheme that

provides the hierarchical structure for the DNS database.

The domain is the basic unit of the DNS namespace. A domain's name identifies its position in the DNS

hierarchy. As you add domains to the hierarchy, the name of

the parent domain is appended to its child domain (called a subdomain).

The domain namespace consists of a root domain, top-level domains, second-level domains, and host names.

5

The Hierarchical Structure of the DNS Namespace

6

Root Domain

The root domain is at the top of the DNS hierarchy.

It is represented as a period (.). Although it is rarely written as such,

every fully qualified domain name (FQDN) should end with a period, representing the root domain. For example: sales.microsoft.com.

7

Top-Level Domains The seven original top-level domains and

the resources they represent are com Commercial organizations edu Educational institutions in North

America gov United States government institutions int Organizations established by

international treaty mil United States military organizations net Networking organizations org Noncommercial organizations

8

Second-Level Domains Second-level domain names must be

registered with an Internet registrar, such as Network Solutions, Inc.

There are millions of second-level domains in use by individuals and organizations.

A second-level domain can contain both hosts and subdomains.

Once you register a second-level domain name, you can create as many subdomains and hosts as you want in that domain.

9

Host Names

A host is a specific computer or other TCP/IP device on the Internet or a private network.

A host name is the leftmost portion of an FQDN, which describes the exact position of a host within the domain hierarchy. For example, Computer1.sales.microsoft.com.

is an FQDN, and Computer1 is the host name. DNS resolves an FQDN to its associated IP

address.

10

Domain Naming Guidelines

When you create subdomains and hosts within your own second-level domain, consider these guidelines: Limit the number of domain levels. Use unique names. Use simple names. Avoid lengthy domain names. Use standard DNS characters.

11

Zones

Represent discrete portions of the namespace

Provide a way to partition the domain namespace into manageable sections

Must encompass a contiguous area of the domain namespace

Typically include a domain and one or more of its subdomains

12

Domain Namespace Divided Into Zones

13

Name-to-IP-Address Mappings The name-to-IP-address mappings for a zone

are stored in the zone database file. Each zone

Is anchored to a specific domain Contains all of the name-to-IP-address mappings

for that domain, and for all subdomains in that zone

If a new zone is created for a subdomain, all name-to-IP-address mappings for the subdomain are contained in the new zone, not in the zone that contains the parent domain.

14

Name Servers A DNS name server stores the zone database

file. A name server can store data for one zone or

multiple zones. There must be at least one name server for a

zone, although a zone can have multiple servers. One of these servers contains the master zone

database file, also called the primary zone database file.

Any other servers associated with the zone contain a secondary zone database file.

15

Advantages of Multiple Name Servers

There are several advantages of using multiple name servers for a zone: Performing zone transfers Providing redundancy and fault tolerance Improving access speed for remote

locations Reducing the load on the server containing

the primary zone database file

16

Overview of the Name Resolution Process Name resolution converts host names or

domain names to IP addresses. When you try to connect to a Web site,

your Web browser contacts a DNS server to resolve the name of the Web site you entered to its associated IP address.

The mapping of names to IP addresses is stored in the DNS distributed database. The database is said to be distributed because

its information is stored in zones located on DNS name servers all over the Internet.

17

Overview of the Name Resolution Process (Cont.) DNS name servers resolve forward and

reverse lookup queries. A forward lookup query resolves a name to an

IP address. A reverse lookup query resolves an IP address

to a name. A name server can resolve a query only for

names in a zone for which it has authority. If a name server cannot resolve a query, it

passes the query to other name servers that can resolve the query.

18

Forward Lookup Query The DNS service uses a client/server model

for name resolution. To resolve a forward lookup query, a DNS

client passes a query to a local name server. The local name server either resolves the

query itself or transmits its own query to another name server for resolution.

The local name server sends the IP address to the client, completing the process.

19

Resolving a Forward Lookup Query

20

Name Server Caching As a name server receives queries, it caches

the query results. The query results are cached for the time

specified in the Time to Live (TTL), which is specified by the zone that provided the query results.

When the TTL expires, the name server deletes the query results from its cache.

By caching query results, the name server can quickly resolve other queries to the same portion of the domain namespace.

21

Reverse Lookup Query A reverse lookup query maps an IP

address to a name. Because the DNS distributed database is

indexed by name and not by IP address, a special domain called in-addr.arpa was created.

The in-addr.arpa domain follows the same naming scheme as the rest of the domain namespace, except that it is based on IP addresses, not domain names.

22

Installing the DNS Service There are three ways to install the DNS

Server service on a computer running Microsoft Windows 2000 Server: Select it during operating system installation. Use Add/Remove Programs. Allow the Active Directory Installation Wizard to

install and configure it. You should manually configure a DNS

server with a static IP address, not one assigned by a Dynamic Host Configuration Protocol (DHCP) server.

23

The Windows Components Page in the Windows Component Wizard

24

The DNS Server Service Installation Process After installing the DNS Server service, you

should configure the DNS server to use itself as its DNS server.

The DNS Server service installation process does the following: Installs the DNS console, which you can use to

manage DNS servers on your network Adds the following key to the registry:

HKEY_LOCAL_MACHINE\System \CurrentControlSet\Services\DNS

Creates the \systemroot\System32\DNS folder, which contains the DNS database files

25

Lesson Summary DNS name resolution is the process of

resolving host and domain names to IP addresses.

The DNS namespace consists of multiple levels of domains, each of which can contain subdomains and hosts.

A DNS name server contains one or more zones, each of which is a segment of the DNS namespace consisting of one or more domains.

DNS servers perform two types of name resolutions: forward lookup queries and reverse lookup queries.

26

Creating Zones

DNS servers let you divide the DNS namespace into zones that store name information about one or more DNS domains.

The zone becomes the authoritative source for information about each DNS domain included in it.

You create and configure zones by using the DNS.

27

Zone Planning When you install a DNS server for servicing a

domain, you must create at least one zone. You can do either of the following:

Create one zone that contains the entire area of the DNS namespace for which you are the authority

Divide your domain into subdomains and place them in different zones

Reasons for dividing into zones include administrative delegation, performance enhancement, fault tolerance, and namespace expansion.

28

Creating a Zone Use the DNS console to create zones and

manage the DNS servers on your network. The DNS console is installed during DNS

installation. To access the console, click Start, point to

Programs, point to Administrative Tools, and then click DNS.

To run the DNS console on a computer running Windows 2000 computer that is not running the DNS Server service, you can install the Adminpak package.

29

Creating a Zone (Cont.)

When you create a zone, you must select a zone type.

Zone Type Description

Active Directory–integrated

The master copy of a new zone The zone uses the Active Directory database to store and replicate the zone files.

Standard primary

The master copy of a new zone stored in a standard text fileYou administer and maintain this zone on the computer where it was created.

Standard secondary

A replica of an existing zone It is read-only and is stored in a standard text file.

30

The Master DNS Servers Page in the New Zone Wizard

31

The Reverse Lookup Zone Page in the New Zone Wizard

32

Creating Active Directory–Integrated Zones

Strongly recommended for networks deploying DNS to support the Active Directory service

Provide these benefits: Multiple-master update and enhanced security are

based on the capabilities of Active Directory. Zones are replicated and synchronized to new

domain controllers automatically whenever a new zone is added.

Planning and administration are simplified for both DNS and Active Directory.

Directory replication is faster and more efficient than standard DNS replication.

33

Delegating Zones

A zone starts as the storage database for a single DNS domain name.

If you add a subdomain below the domain you used to create the zone, you can configure it to be Managed and included in the original zone Delegated to another zone created to

support the subdomain

34

Delegating a New Subdomain to a New Zone

35

Delegating a Zone

When you delegate a zone, you are creating a Name Server (NS) resource record in the DNS database that points to the authoritative DNS server for the delegated zone.

This record transfers authority and provides correct referrals to other DNS servers and clients.

Use the DNS console to create a zone delegation.

36

The Name Servers Page in the New Delegation Wizard

37

The New Resource Record Dialog Box

38

Configuring Dynamic DNS

The DNS Server service includes a dynamic update feature called Dynamic DNS (DDNS).

With DDNS, name servers and clients on a network automatically update the zone database files.

You can configure a list of authorized servers to initiate dynamic updates, including secondary name servers, domain controllers, DHCP servers, WINS servers, and so on.

39

Configuring Dynamic DNS (Cont.) DDNS interacts with the DHCP Server

service to maintain synchronized name-to-IP-address mappings for network hosts.

DHCP clients add their own Host (A) resource records to the zone.

The DHCP Server service adds the Pointer (PTR) resource records to the zone.

You use the DNS console to configure a zone for DDNS.

40

Lesson Summary DNS servers let you divide the DNS namespace into

zones that store name information about one or more DNS domains.

DNS servers can have forward lookup and reverse lookup zones.

You can create three types of zones: Active Directory–integrated zones, standard primary zones, and standard secondary zones.

When a new subdomain is added, it can be delegated to a new zone created to support the subdomain.

DDNS enables computers on the network to automatically update their resource records.

41

Managing Resource Records

The information in a DNS zone database file is stored in units called resource records.

Resource records associate DNS domain names to related data, such as an IP address, for a particular resource.

42

Understanding Resource Record Types

There are many different types of resource records:

Type Function

Start of Authority (SOA)

Identifies which name server is the authoritative source for data within the domain

Name Server (NS) Lists the name servers assigned to a particular domain

Host (A) Lists the host name-to-IP address mappings for a forward lookup zone

Alias (CNAME) Creates an alias, or alternate name, for the specified host name

43

Understanding Resource Record Types (Cont.)

Type Function

Host Information (HINFO)

Identifies the CPU and operating system used by the host

Mail Exchanger (MX) Identifies which mail server to contact for a specified domain

Pointer (PTR) Points to another part of the domain namespaceIn a reverse lookup zone, a PTR record contains IP-address-to-name mappings.

Service (SRV) Identifies which servers host a particular service

44

Viewing Resource Records

To view the information in a resource record:

1. Open the DNS console. 2. In the console tree, click the zone that contains the resource record you want to view. 3. In the details pane, right-click the record you want to view, and then click Properties. 4.

View the properties of the resource record, and then click OK.

45

The Properties Dialog Box for a Host (A) Record

46

The Properties Dialog Box for a Start of Authority (SOA) Record

47

Creating Resource Records

To use the DNS console to create a new resource record:

1. Right-click the zone where you want the record to be located, and then select the appropriate command from the menu:

2. Enter information in the New Resource Record dialog box, and then click OK.

New Host New Alias New Mail Exchanger

New Domain New Delegation Other New Records

48

The Resource Record Type Dialog Box

49

The New Resource Record Dialog Box for a Host (A) Record

50

Lesson Summary A DNS zone database file can contain many

different types of resource records. A Start of Authority (SOA) record identifies the

authoritative name server for the domain. An Alias (CNAME) record creates an alternate

name for a host. Host (A) records contain basic name-to-IP-

address mappings. Pointer (PTR) records contain IP-address-to-

name mappings. Use the DNS console to view existing resource

records and create new resource records.

51

Troubleshooting DNS

System administrators should understand The monitoring options available for DNS

servers The problems that might occur in using DNS

with Active Directory service and some possible solutions to these problems

52

Monitoring DNS Servers

Windows 2000 Server includes three options for monitoring DNS servers: Submitting queries to the server Default logging of DNS server event

messages to the DNS server log Optional debug options for trace logging to

a text file on the DNS server computer

53

Querying the DNS Server To use the DNS console to monitor the DNS

Server service:1. Select the name server, click the Action menu,

and then select Properties. 2. In the Properties dialog box, click the Monitoring tab.

You can test the server by performing two types of queries: Simple query: a local test that uses the DNS client

on this computer to query the name server Recursive query: a more complex test that tests the

name server by forwarding a query to another name server

54

DNS Server Event Logging You can use Event Viewer to view the DNS

server log. The DNS server log contains basic events

logged by the DNS Server service, such as when the service starts and stops.

You can also use Event Viewer to view and monitor client-related DNS events.

The DNS client service generates these events, which appear in the System log on computers running Microsoft Windows 2000.

55

Debug Options You can use the DNS console to set

additional logging options to create a temporary trace log as a text-based file of DNS server activity for debugging purposes.

To configure debug logging options:1. Right-click a DNS server in the DNS console,

and then select Properties. 2. Click the Logging tab, and then select the

check boxes next to the options you want. By default, all debug logging options are

disabled.

56

The Logging Tab in a DNS Server’s Properties Dialog Box

57

DNS Troubleshooting Scenarios Problem: A zone transfer may fail to occur. Possible causes:

The DNS Server service is stopped or the zone is paused.

The DNS servers used during a transfer may have network connectivity or interoperability problems.

The SOA serial number may be the same at both the source and destination servers. 

The zone may have resource records or other data that the DNS server cannot interpret.

The authoritative zone data might be incorrect.

58

DNS Troubleshooting Scenarios (Cont.)

Problem: A zone delegation does not function properly.

Solution: The most likely cause of the problem is an incorrectly configured zone delegation. Review how zone delegations are used and

revise zone configurations as needed.

59

DNS Troubleshooting Scenarios (Cont.) Problem: A client is not performing dynamic

updates. Possible causes:

The client, or its DHCP server, may not support DDNS. The client may not have been able to register and update

with the DNS server due to incomplete DNS configuration.

The client may have attempted to update its information with the DNS server but failed because of a problem with the server.

The DNS server may not support dynamic updates. The DNS server may support dynamic updates, but may

not be configured to accept them. The zone database may not be available.

60

Lesson Summary The Monitoring tab in a DNS server's Properties dialog

box lets you send simple and recursive queries to the server.

Event Viewer contains a DNS server log on computers running Windows 2000 Server and the DNS Server.

The Logging tab in a DNS server's Properties dialog box enables you to select specific server activities to monitor in a log file.

Zone transfers can fail for many reasons, including network failures and unsupported data stored in the zone database.

Dynamic updates often fail because not all of the computers involved support DNS.