DNS DNS overview DNS operation DNS zones

DNS Overview Name to IP address lookup service based on

Domain Names Some DNS servers hold name and address

information for a given portion of the domain namespace in a file

Portion of namespace containing names and addresses that are contained in a single file is called a zone

File containing names and addresses within a zone is called zone file

DNS operation The scenario Recursive vs iterative queries The lookup process

The Scenario Workstation configuration Resolver software Local DNS server Root servers Authoritative servers

Recursive vs Iterative Queries Recursive query Iterative query

The lookup process Workstation sends recursive query for www.microsoft.com Local DNS server sends iterative query to root server Root server responds with address of .com server Local DNS server sends iterative query to .com server .com server responds with address of microsoft.com server Local DNS server sends iterative query to microsoft.com

server microsoft.com server responds with address of host named

www Local DNS server sends address of www host to workstation Preferred DNS server caches all address information

returned by other DNS servers Client caches information

Resolving a Forward Lookup Query

Name Server Caching

Time to Live (TTL) Use shorter TTL values to help ensure that

data about the domain namespace is more current across the network.

Shorter TTL values increase the load on name servers.

Longer TTL values decrease the time required to resolve information.

If a change occurs, the client will not receive the updated information until the TTL expires and a new query to that portion of the domain namespace is resolved.

DNS Zones Forward lookup

Contains names with associated IP addresses Enable forward lookup queries. At least one forward lookup zone must be

configured for the DNS service to work. Active Directory Installation Wizard can

automatically create a forward lookup zone based on the DNS name you specified for the server.

Reverse lookup Contains IP addresses with associated DNS

names

Zone Name A zone is typically named after the

highest domain in the hierarchy that the zone encompasses; the root domain for the zone.

For a zone that encompasses both microsoft.com and sales.microsoft.com, the zone name would be microsoft.com.

Zone File A zone file must be specified for the

standard primary forward lookup zone type.

The zone file is the zone database file name, which defaults to the zone name with a .dns extension.

An existing zone file can be imported when migrating a zone from another server.

Place the existing file in the systemroot\System32\DNS directory on the target computer before creating the new zone.

Primary vs secondary zones Primary zone contains records in

file Secondary zone receives records

from another server Zone transfer causes transfer from

master server to secondary Master server can be other secondary

Zone Type: Standard Primary Master copy of a new zone stored

in a standard text file Administered and maintained on

the computer on which the zone is created

Zone Type: Standard Secondary Replica of an existing zone. Read-only; stored in standard text files. Primary zone must be configured to create a

secondary zone. Must specify DNS server, called the master

server, that will transfer zone information to the name server containing the standard secondary zone.

Create a secondary zone to provide redundancy and to reduce the load on the name server containing the primary zone database file.

Reasons to Use Additional Zones A need exists to delegate management of part of

the DNS namespace to another location or department within the organization.

A need exists to divide one large zone into smaller zones for distributing traffic loads among multiple servers, improve DNS name resolution performance, or create a more fault-tolerant DNS environment.

A need exists to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site.

Zone Transfers Incremental vs full -

Originally DNS only supported full transfer.

Microsoft supports incremental transfer.

Initial transfer is full

Reverse Zones Based on IP addresses, not domain

names Named using the IP address

reversed added to the name In-addr.arpa

In-addr.arpa Domain Follows the same hierarchical naming

scheme as the rest of the domain namespace.

Subdomains are named after the numbers in the dotted-decimal representation of IP addresses.

Order of the IP address octets is reversed. Companies administer subdomains of the

in-addr.arpa domain based on their assigned IP addresses and subnet mask.

Reverse Zone File Must be specified for the standard primary reverse

lookup zone type. Network ID and subnet mask determine the default

zone file name. DNS reverses the IP octets and adds the in-

addr.arpa suffix. For a network ID of 169.254, the reverse lookup

zone for the 169.254 network becomes 254.269.in-addr.arpa.dns.

The existing zone file may be imported when migrating a zone from another server.

The existing zone file must be placed in the systemroot\System32\DNS directory.

Reverse Lookup Query Maps an IP address to a name. NSLOOKUP command-line DNS utility uses reverse

lookup queries to report back host names. Certain applications implement security based on the

ability to connect to names, not IP addresses. DNS is indexed by name, not by IP address. A reverse lookup query would require an exhaustive

search of every domain name because the DNS distributed database is indexed by name and not IP address.

Special second-level domain called in-addr.arpa was created to solve the problem of finding a name that matches an IP address.

Active Directory Integrated Zone Information stored in AD Replicated with AD AD integrated zones are multimaster

Can be sent to all DCs Can be sent to all DNS servers in domain Can be sent to all DNS servers in forest

Sent encrypted

Benefits of Active Directory–Integrated Zones Fault tolerance Security - control access as to who can modify

zones Zones are replicated and synchronized to new

domain controllers automatically whenever a new zone is added to an Active Directory domain.

By integrating storage of your DNS namespace in Active Directory, you simplify planning and administration for both DNS and Active Directory.

Directory replication is faster and more efficient than standard DNS replication.

Frequently Used Resource Record Types Host (A): Lists host name-to-IP address mappings Alias (CNAME): Creates alias or canonical name Mail Exchanger (MX): Identifies mail exchanger Name Server (NS): Lists name servers for domain Pointer (PTR): Points to another part of the domain Service (SRV): Identifies servers hosting services Start of Authority (SOA): Identifies authoritative

source

DNS Security Options Allowing only secure dynamic

updates Zone transfer

Only to servers listed in NS resource records

Only to specified IP addresses Notify list

Managing DNS Using DNS console Using nslookup

Command prompt mode Interactive mode

Thank You Md Shaifullah Palash MCTS, MCSA, MCSE (Infra, Messaging, Communication)