Windows Server 2008 R2 Domain Name System Chapter 5.
-
Upload
isabel-garrison -
Category
Documents
-
view
213 -
download
1
Transcript of Windows Server 2008 R2 Domain Name System Chapter 5.
Windows Server 2008 R2Domain Name SystemChapter 5
Domain Name System• Domain Name System (DNS) Terms• DNS and Active Directory• DNS components• Troubleshooting DNS• DNS FAQ
DNS Terms• Hostname—name of the computer. No more than 255
characters. Equivalent to the computers first name.• PC-001
• Host File—text file that lists hostnames to IP addresses• C:\windows\system32\drivers\etc• Namespace—name of the domain, not specifically and Active
Directory Domain. This is equivalent to the computers last name.• Abcbusiness.com
• Fully qualified domain name (FQDN)—first name and last name.• PC-001.abcbusiness.com
• Name server—DNS server that will resolve FQDN’s to IP addresses.
DNS Terms• recursion—server directed process to resolve a FQDN. If the server
cannot resolve it with it’s own information, it will ask an upstream server. The recursion process starts at the root servers for the .com and works down through the top level domain servers. The process is as follows:1. Client requests a name like www.facebook.com2. DNS server asks the root servers for the .com domain name servers.3. Root servers give a list of servers for the .com domain.4. DNS servers query the .com nam servers for facebook.com5. It then queries the provided name servers for the www.facebook.com
FQDN6. Finally, the DNS server provides the IP address7. DNS server passes the IP address to the client.8. The client uses the IP to connect to the web server for
www.facebook.com
DNS Terms• Forwarding—alternative to recursion.
Lateral request to another name server within the network.
• Service resource records (SRVs)—a record within a DNS namespace to resolve a service to a hostname. Essential to Active Directory.
• Dynamic DNS(DDNS) update—allows DNS client to register their hostnames in an assigned namespace.
DNS Components• Fowarders—DNS servers to
which the DNS server will refer queries when it cannot resolve them itself. Using forwarders prevents this server from using recursion to resolve DNS queries. You can use forwarders for quicker name resolution. Typically can configure to point to your ISP’s DNS servers.
DNS Components• Root Hints—servers to be used for root hints when forwarders
are not configured or do not respond. Lists 13 root hint servers on the Internet. You can add your own servers.
DNS Components• Forward Lookup Zones—resolves hostnames to IP addresses. Contains the host
records for the configured zone. There are three types of zones:• Standard Primaryis a text file in which the server maintains the records for a given
namespace.• Standard Secondaryread-only copy of primary or AD zone.• AD IntegratedDNS records are stored in the AD Database and replicated between DC’s,
not zone transfers.
DNS Components• Reverse Lookup Zone—resolves IP addresses to host names.
Also used to provide a level of security with DNS reverse lookups.
Reverse lookup not configured
properly or DNS setup incomplete
DNS is happy
DNS Components• Service Resource/Locator Records (SRV)—contains Active Directory
related information, such as authentication services.• _gcLDAP service to look up data within the global catalog• _kerberosThe authentication process• _kpasswdanother part of authentication and password change process• _ldapLDAP service to look up data within the domain
DNS and Active Directory• DNS is used to find computers on the Internet• A DNS query for WWW.BING.COM returns the IP address of that
site.• DNS is used to find computers, more specifically, Domain
Controllers to locate Active Directory related information.• A DNS query for authentication services returns the IP address of
the authentication servers.• Uses the SRV (service locator records)
• DNS mirrors the structure of the Active Directory Forest
DNS and Active Directory• What happens with Active Directory and DNS• The NETLOGON service uses dynamic updates to register SRV and
A records in the DNS database• Restarting the NETLOGON service when we change our IP addresses
or settings updates these records.
• The SRV record is used to map the name of a service such as LDAP (Lightweight Directory Access Protocol) to a DNS computer name of a server that offers that service. What computer (server) offers that service?
DNS and Active DirectoryWhy does this matter?• A domain controller registers it’s DNS name
at startup.• When a user starts a computer and logs on,
the computer queries DNS to find a domain controller within the domain to authenticate to known as the Locator Process1. The client locator is initiated through RPC to
the local Net Logon service.2. The client collects information that is
needed to select a DC and passes the information to the Net Logon service
3. The Net logon service on the client uses the collected information to lookup a domain controller using DsGetDCName.
DNS Troubleshooting• Event loggingevent log created for the DNS role• NSLookupcan query your own server or remotes domain names.• MonitoringMonitoring tab in DNS server properties which allows
you to do simple pass/fail tests and recursive tests• DNScmdcommand-line tool that can perform most tasks in the
GUI as well as troubleshooting tasks.• Dnscmd /infoconfiguration of the DNS server• Dnscmd /clearcache empties stale, unresolved records
• Net viewuses netBIOS to retrieve info about a host• Nbtstatuses the netBIOS table to view information about a host
or IP address.• PINGtest connectivity by IP address AND by hostname.• Dcdiagfirst choice to perform a quick health check on the DNS
structure.
DNS FAQ and other Resources• http://
support.microsoft.com/default.aspx?scid=kb;EN-US;291382• http://technet.microsoft.com/en-us/library/cc759550(v=WS.1
0).aspx