Home > Uncategorized > DNS Fundamentals

DNS Fundamentals

DNS is a required component of Active Directory and without it AD won’t work.  DNS is also responsible for translating internet and intranet web sites to thier corresponding IP address, which is then used by the local machine and routers to locate the server.  The following DNS objectives will be covered:

  • Installing DNS
  • Configure DNS server, zone and forwarding options
  • Managing DNS zone, record and server options and settings
  • Monitoring DNS using System Monitor – Event Viewer – Replication Monitor and DNS Debug logs

DNS Fundamentals

The Domain Name System is composed of a distributed database of names that establishes a logical tree structure called the domain name space which includes subdomains as well.   Each domain is associated with a DNS Name Server.  A domain name identifies the position of the entitiy within the DNS hierarchy.  Common top level DNS Domains are:

  • COM
  • EDU
  • GOV
  • MIL
  • NET
  • ORG
  • UK
  • US

The following terms and concepts need to discussed before managing a DNS Server.

  • Primary vs Seconday DNS Servers
  • Zone Transfers
  • Service Location Resource Records (RFC 2052)
  • Dynamic Updates (RFC 2136)
  • Clients
  • Resolvers: Handle the process of mapping a symbolic name to an actual network address
  • Queries: Recursive & Iterative
  • Root Servers: Responsible for returning an authoritative answer for a particular domain
  • DNS Zones: portion of a DNS Namespace

Dynamic Updates and Active Directory Integrated Zones.

In earlier verisions of Windows, when DHCP was used there was no way to keep an up to date list of corresponding DNS records.  Dynamic DNS resolves this issue by allowing DNS clients to update info in DNS database.  The individual clients can do this but the DHCP server is also able to this on thier behalf. 

The DNS database can reside on the server or be stored in AD.  A typical DNS zone data file stored on a disk is in plain text, easily editable, not replicated and there is no way to delegate control.  ADI zones overcome these limitation and provide a more secure way of storing, replication and editing DNS records.

EX 6.1: Installing and Configuring the DNS Service

Resource Records

The first thing to understand is the fact that each zone file consists of a  number of resource records.  Each RR contains info abou some resource on the network.  The following are some of the RR’s available in 2003 DNS

  • Start of Authority (SOA): @ IN SOA source_host, contact_e-mail, serial #, refresh_time, retry_time, expiration_time, time_to_live
  • Name Server (NS): domain @ IN NS nameserver_host (FQDN)
  • Host Record: host name IN A IP_Address
  • Pointer (PTR)
  • Alias (CNAME): <alias> IN CNAME <hostname>
  • Mail Exchange (MX): <domain> IN MX <priority> <mailserver host>
  • Service (SRV): ldap.tcp.ace.com SRV 10 100 389 srv1.ace.com

How DNS Resolves Names

  1. Resolver sends a recursive DNS query to it’s local DNS server.  The DNS server is responsible for resolving the name and connot refer the resolver to another name server
  2. Local name server checks it’s zone and finds no match
  3. Root name server will reply with IP address of the .GOV domain
  4. Local name server sends an interative query to GOV server
  5. GOV server replies with IP address of name server for that domain
  6. Local name server sends iterative query for name to domain.gov server
  7. domain.gov server replies with IP address of site requested
  8. Local name server sends IP address of site back to original resolvers

Queries for Services

Windows Server 2003 uses special domain names to make it possibel for clients to look up services they need.   Windows uses an (_), which isn’t legal in domain names, to mark these special domains which include the following:

  • _msdcs: Each DC, Global Catalog, and PDC emulator is listed here
  • _sites: Each site has its own subdomain
  • _tcp: service records that run on TCP (LDAP, Kerberos, KPASSWD password changer and GC)
  • _udp: service that run on UDP (Kerberos, KPASSWD service)

Creating New Zones

You must first choose a zone type which includes the following options:

  1. Caching Only
  2. Primary
  3. Secondary
  4. Stub: includes only the information needed to identify the authoritative DNS servers for a zone
  5. Active Directory Integrated

Once the zone has been created it will contain the following tabs in it’s properties:

  • General
  • Start of Authority
  • Name Servers
  • WINS
  • Zone Transfers

The server also has it’s own tabs which include the following:

  • Root Hints
  • Advanced
  • Forwarders
  • Interfaces
  • Debug Logging
  • Event Logging
  • Monitoring

EX 6.2: Configuring Zones and Dynamic Updates

EX 6.4: Manually Creating DNS RRs

Monitoring and Troubleshooting DNS

You can monitor and troubleshoot DNS using the following tools:

  • Turn on Event Logging on the Event Logging tab of server properties
  • Configure options for debugging on the Debug Logging tab of server properties
  • Using System Monitor (AXFR, IXFR, DNS memory, Dynamic Updates, Recursive queries, TCP\UDP Stats, Zone transfer issues)

Event viewer can also be used to monitor DNS.  Look for the following Event ID’s:

  • 2 – DNS server has started
  • 3 – DNS Server has shut down
  • 414 – server has no primary DNS suffix configured
  • 708 – DNS server did not detect any zones and will run in caching mode only
  • 3150 – DNS server updated version number
  • 6527 – Zone zonename expired

Windows Server 2003 also provides serveral useful tools that can help assist in troubleshooting:

  • Nslookup: used to perform DNS queries and examine contents of zone files on local and remote servers
  • Ipconfig: used to view DNS client settings, display and flush the resolver cache and force a dynamic update
  • DNS log file 
  • Replication Monitor ( installed via \SUPPORT\TOOLS\SUPTOOLS.MSI) (Access via RUN – REPLMON)

All Exercises for Chapter 6: Installing and Managing Domain Namer Service 

EX 6.1: Installing and Configuring the DNS Service

EX 6.2: Configuring Zones and Dynamic Updates

EX 6.3: Creating a Delegated DNS Zone

EX 6.4: Manually Creating DNS RRs

EX 6.5: Simple DNS Testing

EX 6.6: Installing and Running Replication Monitor

EX 6.7: Working with Replication Monitor

EX 6.8: Using nslookup Command

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: