Troubleshooting Advanced DNS nu

8/3/2019 Troubleshooting Advanced DNS nu

1/22

MICROSOFT CONFIDENTIAL - For Internal Use Only

Troubleshooting Advanced DNS Problems

This session reviews the basic concepts related to DNS. In addition, it explains howto delegate DNS to child domains and how to create secondary zones and grantpermissions on parent DNS. Finally, this session focuses on how to troubleshoot

the advanced problems with DNS.

Directory Services

SeeResources for course documents and references

Session Length: 4 hours Author: Binu KumarDemonstrations: NoneLab Exercises: 1


2/22

MICROSOFT CONFIDENTIAL - For Internal Use Only1

Before You Begin

Before starting this session, you should understand:

The basics of DNS.

How to install and configure DNS using the MMC.

How Active Directory is dependent upon DNS.


3/22


What You Will Learn

After completing this session you will be able to:

Review the basic concepts related to DNS.

Delegate DNS to child domains.

Create secondary zones and grant permissions on parent DNS.

Understand how to troubleshoot advanced problems with DNS.


4/22


Reviewing Basic DNS Concepts

This section reviews basic concepts related to DNS, such as:

SRV Records Zone Types

Primary versus Secondary

AD Integrated versus Standard storage

GUID Records

Disjoint Name What is it?

How to fix it?

SeeWorkbook

for full-size view


5/22


Review of SRV Records

DCs dynamically register SRV records with DNS

Net Logon service registers records _udp.

_tcp.

_sites.

_msdcs.

Well-known server-type pseudonyms used as prefixes for _msdcssubdomain:

"dc" (Domain Controller)

"gc" (Global Catalog)

"pdc" (Primary Domain Controller)

"domains" (Globally unique identifier, or GUID)


6/22


Review of Zone Types

There are two main zone types:

Primary zones Standard zone storage, using a text-based file

Directory-integrated zone storage, using the Active Directory database

Secondary zones


7/22MICROSOFT CONFIDENTIAL - For Internal Use Only6

Review of GUID Record

To facilitate locating Windows domain controllers, Netlogon registers

SRV records that identify the server-type pseudonyms as prefixes in the_msdcs subdomain:

dc (domain controller)

gc (Global Catalog)

pdc (primary domain controller)

domains (globally unique identifier, or GUID)

Windows Server 2000 Behavior

Windows Server 2003 Behavior



Review of Disjoint Namespace

After you install a DC, the DNS suffix of your computer name may not

match the domain name that the DC belongs to. Disjoint namespace can occur when the Change primary DNS suffix

when domain membership changes check box is not selected beforethe installation.

You can diagnose Disjoint namespace by comparing the properties of

the following dialog box to the Primary DNS Suffix that appears whenyou do an Ipconfig /all.



Delegating DNS to Child Domains

Two options to consider when implementing Name Resolution in child

domains: Using Parent Domain DNS servers

This keeps DNS administration to a minimum number of servers.

Using Child Domain DNS serversNames within a zone can also be delegated to other zone(s).



Deciding to Use Parent Domain DNS Servers or Child DomainDNS Servers

When deciding whether to divide your DNS namespace to make

additional zones, you should consider the following: Need to delegate zone management

Need to divide large zone into smaller zones

Need to extend to extend namespace



Using Child Domain DNS Servers (Slide 1 of 3)

A customer who is running Windows Server 2000 (that has both a

parent and child domain) will typically create a delegation record in theparent zone for the child domain.

As new DNS servers are added to the child domain, the delegationrecord must be updated manually on the parent DNS server to reflectthose new DNS servers.

SeeWorkbook for full-size view




SeeWorkbook for full-size view

Configuring Child Domain DNS Servers and Their Clients

1. Manually create a Delegation for the Child Domain on the Parent (Root)DNS Server.

2. Install DNS on the Child Domain Server.

3. Create a Child Zone on the Child Domain Server and have the clients in theChild domain point to it.

Optional Configuration Considerations Change the TCP/IP address of the DNS server to point to its own TCP/IP

address.

Integrate DNS with the Active Directory on the child DNS server.

Add the parent (root) DNS server as a forwarder on the child DNS server.


13/22



Using Forwarders

If a DNS server does not have the data to resolve a query in its cache or inits zone data, it forwards the query to another DNS server, known as aforwarder.

Forwarders are ordinary DNS servers and require no special configuration.

Windows Server 2003 Conditional Forwarding

2000 - forwards all unresolved queries to forwarder 2003 - can specify which forwarder to use based on namespace

Forwarder Configuration Tips

Keep forwarder configuration uncomplicated.

Avoid chaining your forwarders.

Do not create inefficient resolution using forwarders.


14/22


Creating Secondary Zones in DNS

Recommended practice calls for at least two DNS servers in each zone.

For standard primary-type zones, a secondary server is required to add andconfigure the zone to appear to other DNS servers in the network.

For directory-integrated primary zones, secondary servers are supported butnot required for this purpose.

Secondary zones are also used for cross forest trusts and separate trees inthe same forest.


15/22


Secondary Zones for Name Resolution

Secondary servers:

Can provide a means to offload DNS query traffic. Can provide some name resolution in the zone if the primary server is

unavailable.


16/22


Transferring Information

A secondary server relies on DNS zone transfer mechanisms to obtain its

information and keep it current. When a new DNS server is configured as a secondary server for an

existing zone, it performs a full transfer of the zone.

For earlier DNS server implementations, full zone transfers were always usedfor updating zone information.

For Windows 2000 Server and above, the DNS service supports incrementalzone transfers.


17/22


Creating Secondary Zones

To create secondary zones:

1. Open DNS.2. In the console tree, click the applicable DNS server.

3. On the Action menu, click New Zone.

4. Follow the instructions in the New Zone Wizard.


18/22


Troubleshooting Advanced Problems with DNS

The common advanced problems with DNS are as follows:

Disjointed Namespace Problem Root Zone Problem

Island Server Problem


19/22


LAB 1: Troubleshooting Advanced DNS Problems

During this lab session, you will:

Run MPSReports to troubleshoot DNS Configurationissues.

Review advanced DNS problems.

Reconfigure DNS using Forwarders and Delegations.

Reconfigure DNS to use Active Directory Integrated with

stub zones.

SeeLab Manual


20/22


Resources

For additional information, see:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;257623 http://support.microsoft.com/default.aspx?scid=KB;EN-US;262376

http://support.microsoft.com/default.aspx?scid=KB;EN-US;291382


http://support.microsoft.com/default.aspx?scid=KB;EN-US;247811 http://support.microsoft.com/default.aspx?scid=KB;EN-US;267855








21/22


Summary

Topics discussed in this session include:

Basic concepts related to DNS Delegating DNS to child domains

Creating secondary zones and granting permissions on parent DNS

Troubleshooting advanced problems with DNS


22/22

Presenter

Binu Kumar, MCSE (NT4, 2000, 2003), ADSE, MCA Technical Lead - Microsoft Small Business Server

[email protected]

Phone: 425-635-3106 * 66113

Hours: Mon - Fri 4am - 1pm PST

mailto:[email protected]:[email protected]:[email protected]:[email protected]

Troubleshooting Advanced DNS nu

Documents

Transcript of Troubleshooting Advanced DNS nu