Windows Server 2008 R2Domain Name SystemChapter 5

Domain Name System• Domain Name System (DNS) Terms• DNS and Active Directory• DNS components• Troubleshooting DNS• DNS FAQ

DNS Terms• Hostname—name of the computer. No more than 255

characters. Equivalent to the computers first name.• PC-001

• Host File—text file that lists hostnames to IP addresses• C:\windows\system32\drivers\etc• Namespace—name of the domain, not specifically and Active

Directory Domain. This is equivalent to the computers last name.• Abcbusiness.com

• Fully qualified domain name (FQDN)—first name and last name.• PC-001.abcbusiness.com

• Name server—DNS server that will resolve FQDN’s to IP addresses.

DNS Terms• recursion—server directed process to resolve a FQDN. If the server

cannot resolve it with it’s own information, it will ask an upstream server. The recursion process starts at the root servers for the .com and works down through the top level domain servers. The process is as follows:1. Client requests a name like www.facebook.com2. DNS server asks the root servers for the .com domain name servers.3. Root servers give a list of servers for the .com domain.4. DNS servers query the .com nam servers for facebook.com5. It then queries the provided name servers for the www.facebook.com

FQDN6. Finally, the DNS server provides the IP address7. DNS server passes the IP address to the client.8. The client uses the IP to connect to the web server for

www.facebook.com

DNS Terms• Forwarding—alternative to recursion.

Lateral request to another name server within the network.

• Service resource records (SRVs)—a record within a DNS namespace to resolve a service to a hostname. Essential to Active Directory.

• Dynamic DNS(DDNS) update—allows DNS client to register their hostnames in an assigned namespace.

DNS Components• Fowarders—DNS servers to

which the DNS server will refer queries when it cannot resolve them itself. Using forwarders prevents this server from using recursion to resolve DNS queries. You can use forwarders for quicker name resolution. Typically can configure to point to your ISP’s DNS servers.

DNS Components• Root Hints—servers to be used for root hints when forwarders

are not configured or do not respond. Lists 13 root hint servers on the Internet. You can add your own servers.

DNS Components• Forward Lookup Zones—resolves hostnames to IP addresses. Contains the host

records for the configured zone. There are three types of zones:• Standard Primaryis a text file in which the server maintains the records for a given

namespace.• Standard Secondaryread-only copy of primary or AD zone.• AD IntegratedDNS records are stored in the AD Database and replicated between DC’s,

not zone transfers.

DNS Components• Reverse Lookup Zone—resolves IP addresses to host names.

Also used to provide a level of security with DNS reverse lookups.

Reverse lookup not configured

properly or DNS setup incomplete

DNS is happy

DNS Components• Service Resource/Locator Records (SRV)—contains Active Directory

related information, such as authentication services.• _gcLDAP service to look up data within the global catalog• _kerberosThe authentication process• _kpasswdanother part of authentication and password change process• _ldapLDAP service to look up data within the domain

DNS and Active Directory• DNS is used to find computers on the Internet• A DNS query for WWW.BING.COM returns the IP address of that

site.• DNS is used to find computers, more specifically, Domain

Controllers to locate Active Directory related information.• A DNS query for authentication services returns the IP address of

the authentication servers.• Uses the SRV (service locator records)

• DNS mirrors the structure of the Active Directory Forest

DNS and Active Directory• What happens with Active Directory and DNS• The NETLOGON service uses dynamic updates to register SRV and

A records in the DNS database• Restarting the NETLOGON service when we change our IP addresses

or settings updates these records.

• The SRV record is used to map the name of a service such as LDAP (Lightweight Directory Access Protocol) to a DNS computer name of a server that offers that service. What computer (server) offers that service?

DNS and Active DirectoryWhy does this matter?• A domain controller registers it’s DNS name

at startup.• When a user starts a computer and logs on,

the computer queries DNS to find a domain controller within the domain to authenticate to known as the Locator Process1. The client locator is initiated through RPC to

the local Net Logon service.2. The client collects information that is

needed to select a DC and passes the information to the Net Logon service

3. The Net logon service on the client uses the collected information to lookup a domain controller using DsGetDCName.

DNS Troubleshooting• Event loggingevent log created for the DNS role• NSLookupcan query your own server or remotes domain names.• MonitoringMonitoring tab in DNS server properties which allows

you to do simple pass/fail tests and recursive tests• DNScmdcommand-line tool that can perform most tasks in the

GUI as well as troubleshooting tasks.• Dnscmd /infoconfiguration of the DNS server• Dnscmd /clearcache empties stale, unresolved records

• Net viewuses netBIOS to retrieve info about a host• Nbtstatuses the netBIOS table to view information about a host

or IP address.• PINGtest connectivity by IP address AND by hostname.• Dcdiagfirst choice to perform a quick health check on the DNS

structure.

DNS FAQ and other Resources• http://

support.microsoft.com/default.aspx?scid=kb;EN-US;291382• http://technet.microsoft.com/en-us/library/cc759550(v=WS.1

0).aspx