CST8200 Windows Domain Administration (DNS) PDF
Document Details
Uploaded by GracefulIslamicArt5348
Algonquin College
Denis Latremouille
Tags
Summary
This document is a set of lecture notes for a Windows Domain Administration course. It covers introductory concepts of the Domain Name System (DNS), including its functionality, hierarchical structure, and the different types of DNS records like A, AAAA, MX, and SRV records. The document also includes details on how DNS servers operate, zone types, and troubleshooting strategies.
Full Transcript
CST8200 –Windows Domain Administration Professor: Denis Latremouille Week 02 CST8200 2 Agenda Windows Server Case Study Review DNS Install, Configure, Manage DNS Demo 3 Introduction to Domain Name System What: DNS is designed to resolve...
CST8200 –Windows Domain Administration Professor: Denis Latremouille Week 02 CST8200 2 Agenda Windows Server Case Study Review DNS Install, Configure, Manage DNS Demo 3 Introduction to Domain Name System What: DNS is designed to resolve Names to IP addresses and vice versa Why: Computers communicate with numbers however, people prefer to use names. Subsequently many other services rely on DNS for a variety of purposes ◼ Authentication is an example of a mechanism that requires DNS. ◼ Certificate Authorities also use DNS to ensure connections can be made securely Dynamic DNS allows computers to locate other computers even if Dynamic IP addresses are being used. 4 DNS Order of Operations When a computer or user needs to know the IP address of a computer the following will occur: ◼ First the computer making the request check to see if the IP in question is its own (localhost) Localhost is any address in the range 127.0.0.1–127.255.255.254 ◼ Next the computer making the request will check to see if the name is in its cache ◼ Then the computer making the request will check to see if the name is in its HOST File ◼ If none of the above are successful, the computer will request this information from its DNS resolver over UDP port 53 This is where the DNS server will start to handle information exchange. 5 Introduction to Domain Name System Domain Name System (DNS) is a distributed hierarchical database composed mainly of computer name and IP address pairs Distributed means no single database contains all data Hierarchical means there’s no structure to how information is stored and accessed in the database In order to resolve a name to an address, a DNS lookup will often require multiple queries to a hierarchy of DNS servers 6 Introduction to Domain Name System 7 The DNS Database A zone is a grouping of DNS information that represents one or more domains and possibly sub-domains Zones contain a variety of record types called resource records, which contain information about network resources DNS resource records are identified by letter codes Very good analogy https://www.youtube.com/watch?v=JIwi6ii-rzI Very good explanation https://www.youtube.com/watch?v=WYCPTuGNj 8 7U The DNS Lookup Process Two types of DNS lookup can be performed: ◼ Iterative Query - a DNS server will respond with the best information it has to satisfy the query, or it may give a referral response ◼ Recursive Query - a DNS server processes the query until it responds with an address that satisfies the query or with an “I don’t know message” A typical DNS lookup made by a DNS client can involve both recursive and iterative queries DNS clients maintain a text file that can contain static DNS entries and the file is stored in %systemroot%\System32\drivers\etc 9 The DNS Lookup Process 10 DNS Server Roles DNS Servers can perform one or more of the following roles for a zone: ◼ Authoritative server - holds a complete copy of a zone’s resource records ◼ Forwarder - a DNS server to which other DNS servers send requests they can’t resolve themselves ◼ Conditional forwarder - a DNS Server to which other DNS servers send requests targeted for a specific domain ◼ Caching-only server - does not have zones and its job is to field DNS queries, do recursive lookups to root servers or send requests to forwarders, and then cache the results 11 Configuring DNS Three aspects of DNS configuration: ◼ DNS zones Forward Lookup Zones Reverse Lookup Zones ◼ DNS resource records A NS MX AAAA CNAME PTR ◼ DNS server settings 12 Forward and Reverse Lookup Zones Two DNS zone categories that define what kind of information is stored in a zone: ◼ Forward lookup zone (FLZ) – contains records that translate names to IP addresses, such as A, AAAA, and MX records ◼ Reverse lookup zone (RLZ) – contains PTR records that map IP addresses to names and is named after the IP network address (IPv4 or IPv6) of the computers whose records it contains 13 Zone Type Three different types of zones: ◼ Primary zone - contains a read/write master copy of all resource records for the zone; it is considered authoritative for the zone ◼ Secondary zone - contains a read-only copy of all resource records for the zone; it is considered authoritative for the zone ◼ Stub zone - contains a read-only copy of only the SOA and NS records for a zone and the necessary A records to resolve NS records; not authoritative 14 Dynamic Updates The final step allows you to choose whether and how to use dynamic updates, which can be configured in one of three ways: ◼ Allow only secure dynamic updates ◼ Allow both nonsecure and secure dynamic updates ◼ Do not allow dynamic updates Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur 15 Dynamic Updates 16 Creating DNS Resource Records Resource records can be created dynamically or as static records Dynamic records are created by the resource or with a DHCP server Static records are created manually by an administrator or automatically by Windows 17 Host (A and AAAA) Records 18 Canonical Name (CNAME) Records CNAME record - an alias for another domain name record in the DNS database ◼ Used when multiple services are running on the same server and you want users to be able to refer to each service with a different name ◼ Can also create CNAME records that point to records in other domains Record type Name Value CNAME www.csmtech.local server1.csmtech.local CNAME ftp.csmtech.local server1.csmtech.local A server1.csmtech.local 192.168.0.101 19 Pointer (PTR) Records PTR records are used to resolve a known IP address to a hostname ◼ Useful for certain applications when only the IP address is known and you want to find the hostname PTR records are found only in RLZs They have much of the same information as a host record ◼ When you create a host record, you have the option to create the related PTR record for the host automatically 20 Mail Exchanger (MX) Records MX records are used by mail services to find the mail server for a domain When an outgoing mail server needs to deliver an e-mail message ◼ It performs a DNS lookup for the MX record for the domain name contained in the email address To create an MX record, right-click the zone where you want to create the record and click New Mail Exchanger (MX) 21 Service Location (SRV) Records An SRV record specifies a hostname and port number for servers that supply specific services SRV records are critical to the operation of an Active Directory domain ◼ Without them, client computers couldn’t find a domain controller or global catalog server to log on or join a domain SRV records for Active Directory are usually created automatically when Active Directory is installed 22 Service Location (SRV) Records 23 Service Location (SRV) Records 24 Creating Dynamic DNS Records Dynamic DNS records are created and updated by the resource or by the DHCP server when an IP address is leased or renewed Each time a dynamic record is created or updated, a time-to-live (TTL) value and timestamp are added to the record ◼ The TTL specifies how long the record should remain in the DNS database ◼ If the record expires, it’s deleted from the database 25 Configuring DNS Zones Zones can be viewed and changed in DNS Manager DNS Manager provides the following options: ◼ Status ◼ Type ◼ Replication ◼ Dynamic updates ◼ Aging 26 Start of Authority Records SOA records are found in every zone and contain information that identifies the server primarily responsible for the zone as well as some operation properties for the zone The SOA record contains the following information: ◼ Serial number ◼ Primary server ◼ Responsible person ◼ Minimum (default) TTL Discussed later are three other fields: ◼ Refresh interval ◼ Retry interval 27 ◼ Expires after Name Server Records NS records specify FQDNs and IP addresses of authoritative servers for a zone NS records are also used to refer DNS queries to a name server that has been delegated authority for a subdomain Glue A records are A records containing a name server’s IP address, and are used to resolve NS record information On Windows DNS servers, glue records are created automatically by a DNS lookup on the NS record’s FQDN A Glue Record is the IP Address of a name server at a domain name registry. A domain name registry is a database of all domain names and the associated registrant information in the top- level domains of the Domain Name System of the Internet. 28 Creating Secondary Zones and Configuring Zone Transfers When a secondary zone is created ◼ It must have the same name of an existing primary zone and zone transfers must be configured to load data from the primary zone to the secondary zone Secondary zones are read-only ◼ All changes to the zone data occurs at the server hosting the primary zone ◼ Are subsequently transferred to all secondary zone servers Only one server can host a primary zone ◼ Multiple servers can host secondary zones 29 Zone Transfer Settings A zone transfer copies all or part of a zone from one DNS server to another and occurs as a result of a second server requesting the transfer from another server Zone transfers can be initiated in two ways: ◼ Refresh interval ◼ DNS notify 30 Zone Transfer Settings Zone transfers are configured in the Zone Transfers tab of a zone’s Properties dialog box, which has the following options: ◼ Allow zone transfers To any server Only to servers listed on the Name Servers tab Only to the following servers ◼ Notify 31 Zone Transfer Settings Configure timing intervals of zone transfers in the Start of Authority tab ◼ Refresh interval – specifies how often a secondary DNS server attempts to renew its zone information ◼ Retry interval – amount of time a secondary server waits before retrying a zone transfer that has failed ◼ Expires after – amount of time before a secondary server considers its zone data obsolete if it can’t contact the primary DNS server 32 Configuring Traditional Forwarders To configure a traditional forwarder, right click the server node in DNS Manager, click Properties, and click the Forwarders tab If more than one server is specified, they are queried in the order in which they are listed Additional servers are only queried if the first server provides no response No response from any forwarders triggers a normal recursive lookup process, starting with a root server 33 Configuring Traditional Forwarders Conditional forwarders are configured in the Conditional Forwarders node in DNS Manager With forwarders and/or conditional forwarders configured, the DNS server attempts to resolve DNS queries in this order: 1. From locally stored zone resource records (local DB) 2. From the DNS cache 3. From conditional forwarders 4. From traditional forwarders 5. Recursively by using root hints 34 Monitoring and Troubleshooting DNS To troubleshoot a DNS problem, you need to know that DNS is actually used for name resolution After determining that DNS is part of the process, you can begin monitoring DNS ◼ If the problem is performance related ◼ Or, you can troubleshoot DNS queries and zone activities when there are query failures 35 DNS Troubleshooting Windows has several tools to administer, monitor, and troubleshoot DNS server operation, including: ◼ DNS Manager ◼ dcdiag /test:dns ◼ dnscmd.exe ◼ PowerShell ◼ Event Viewer ◼ dnslint ◼ nslookup ◼ ping ◼ ipconfig ◼ Performance Monitor 36 ◼ Protocol analyzer