troubleshooting advanced dns nu
TRANSCRIPT
-
8/3/2019 Troubleshooting Advanced DNS nu
1/22
MICROSOFT CONFIDENTIAL - For Internal Use Only
Troubleshooting Advanced DNS Problems
This session reviews the basic concepts related to DNS. In addition, it explains howto delegate DNS to child domains and how to create secondary zones and grantpermissions on parent DNS. Finally, this session focuses on how to troubleshoot
the advanced problems with DNS.
Directory Services
SeeResources for course documents and references
Session Length: 4 hours Author: Binu KumarDemonstrations: NoneLab Exercises: 1
-
8/3/2019 Troubleshooting Advanced DNS nu
2/22
MICROSOFT CONFIDENTIAL - For Internal Use Only1
Before You Begin
Before starting this session, you should understand:
The basics of DNS.
How to install and configure DNS using the MMC.
How Active Directory is dependent upon DNS.
-
8/3/2019 Troubleshooting Advanced DNS nu
3/22
MICROSOFT CONFIDENTIAL - For Internal Use Only2
What You Will Learn
After completing this session you will be able to:
Review the basic concepts related to DNS.
Delegate DNS to child domains.
Create secondary zones and grant permissions on parent DNS.
Understand how to troubleshoot advanced problems with DNS.
-
8/3/2019 Troubleshooting Advanced DNS nu
4/22
MICROSOFT CONFIDENTIAL - For Internal Use Only3
Reviewing Basic DNS Concepts
This section reviews basic concepts related to DNS, such as:
SRV Records Zone Types
Primary versus Secondary
AD Integrated versus Standard storage
GUID Records
Disjoint Name What is it?
How to fix it?
SeeWorkbook
for full-size view
-
8/3/2019 Troubleshooting Advanced DNS nu
5/22
MICROSOFT CONFIDENTIAL - For Internal Use Only4
Review of SRV Records
DCs dynamically register SRV records with DNS
Net Logon service registers records _udp.
_tcp.
_sites.
_msdcs.
Well-known server-type pseudonyms used as prefixes for _msdcssubdomain:
"dc" (Domain Controller)
"gc" (Global Catalog)
"pdc" (Primary Domain Controller)
"domains" (Globally unique identifier, or GUID)
-
8/3/2019 Troubleshooting Advanced DNS nu
6/22
MICROSOFT CONFIDENTIAL - For Internal Use Only5
Review of Zone Types
There are two main zone types:
Primary zones Standard zone storage, using a text-based file
Directory-integrated zone storage, using the Active Directory database
Secondary zones
-
8/3/2019 Troubleshooting Advanced DNS nu
7/22MICROSOFT CONFIDENTIAL - For Internal Use Only6
Review of GUID Record
To facilitate locating Windows domain controllers, Netlogon registers
SRV records that identify the server-type pseudonyms as prefixes in the_msdcs subdomain:
dc (domain controller)
gc (Global Catalog)
pdc (primary domain controller)
domains (globally unique identifier, or GUID)
Windows Server 2000 Behavior
Windows Server 2003 Behavior
-
8/3/2019 Troubleshooting Advanced DNS nu
8/22MICROSOFT CONFIDENTIAL - For Internal Use Only7
Review of Disjoint Namespace
After you install a DC, the DNS suffix of your computer name may not
match the domain name that the DC belongs to. Disjoint namespace can occur when the Change primary DNS suffix
when domain membership changes check box is not selected beforethe installation.
You can diagnose Disjoint namespace by comparing the properties of
the following dialog box to the Primary DNS Suffix that appears whenyou do an Ipconfig /all.
-
8/3/2019 Troubleshooting Advanced DNS nu
9/22MICROSOFT CONFIDENTIAL - For Internal Use Only8
Delegating DNS to Child Domains
Two options to consider when implementing Name Resolution in child
domains: Using Parent Domain DNS servers
This keeps DNS administration to a minimum number of servers.
Using Child Domain DNS serversNames within a zone can also be delegated to other zone(s).
-
8/3/2019 Troubleshooting Advanced DNS nu
10/22MICROSOFT CONFIDENTIAL - For Internal Use Only9
Deciding to Use Parent Domain DNS Servers or Child DomainDNS Servers
When deciding whether to divide your DNS namespace to make
additional zones, you should consider the following: Need to delegate zone management
Need to divide large zone into smaller zones
Need to extend to extend namespace
-
8/3/2019 Troubleshooting Advanced DNS nu
11/22MICROSOFT CONFIDENTIAL - For Internal Use Only10
Using Child Domain DNS Servers (Slide 1 of 3)
A customer who is running Windows Server 2000 (that has both a
parent and child domain) will typically create a delegation record in theparent zone for the child domain.
As new DNS servers are added to the child domain, the delegationrecord must be updated manually on the parent DNS server to reflectthose new DNS servers.
SeeWorkbook for full-size view
-
8/3/2019 Troubleshooting Advanced DNS nu
12/22MICROSOFT CONFIDENTIAL - For Internal Use Only11
Using Child Domain DNS Servers (Slide 2 of 3)
SeeWorkbook for full-size view
Configuring Child Domain DNS Servers and Their Clients
1. Manually create a Delegation for the Child Domain on the Parent (Root)DNS Server.
2. Install DNS on the Child Domain Server.
3. Create a Child Zone on the Child Domain Server and have the clients in theChild domain point to it.
Optional Configuration Considerations Change the TCP/IP address of the DNS server to point to its own TCP/IP
address.
Integrate DNS with the Active Directory on the child DNS server.
Add the parent (root) DNS server as a forwarder on the child DNS server.
-
8/3/2019 Troubleshooting Advanced DNS nu
13/22
MICROSOFT CONFIDENTIAL - For Internal Use Only12
Using Child Domain DNS Servers (Slide 3 of 3)
Using Forwarders
If a DNS server does not have the data to resolve a query in its cache or inits zone data, it forwards the query to another DNS server, known as aforwarder.
Forwarders are ordinary DNS servers and require no special configuration.
Windows Server 2003 Conditional Forwarding
2000 - forwards all unresolved queries to forwarder 2003 - can specify which forwarder to use based on namespace
Forwarder Configuration Tips
Keep forwarder configuration uncomplicated.
Avoid chaining your forwarders.
Do not create inefficient resolution using forwarders.
-
8/3/2019 Troubleshooting Advanced DNS nu
14/22
MICROSOFT CONFIDENTIAL - For Internal Use Only13
Creating Secondary Zones in DNS
Recommended practice calls for at least two DNS servers in each zone.
For standard primary-type zones, a secondary server is required to add andconfigure the zone to appear to other DNS servers in the network.
For directory-integrated primary zones, secondary servers are supported butnot required for this purpose.
Secondary zones are also used for cross forest trusts and separate trees inthe same forest.
-
8/3/2019 Troubleshooting Advanced DNS nu
15/22
MICROSOFT CONFIDENTIAL - For Internal Use Only14
Secondary Zones for Name Resolution
Secondary servers:
Can provide a means to offload DNS query traffic. Can provide some name resolution in the zone if the primary server is
unavailable.
-
8/3/2019 Troubleshooting Advanced DNS nu
16/22
MICROSOFT CONFIDENTIAL - For Internal Use Only15
Transferring Information
A secondary server relies on DNS zone transfer mechanisms to obtain its
information and keep it current. When a new DNS server is configured as a secondary server for an
existing zone, it performs a full transfer of the zone.
For earlier DNS server implementations, full zone transfers were always usedfor updating zone information.
For Windows 2000 Server and above, the DNS service supports incrementalzone transfers.
-
8/3/2019 Troubleshooting Advanced DNS nu
17/22
MICROSOFT CONFIDENTIAL - For Internal Use Only16
Creating Secondary Zones
To create secondary zones:
1. Open DNS.2. In the console tree, click the applicable DNS server.
3. On the Action menu, click New Zone.
4. Follow the instructions in the New Zone Wizard.
-
8/3/2019 Troubleshooting Advanced DNS nu
18/22
MICROSOFT CONFIDENTIAL - For Internal Use Only17
Troubleshooting Advanced Problems with DNS
The common advanced problems with DNS are as follows:
Disjointed Namespace Problem Root Zone Problem
Island Server Problem
-
8/3/2019 Troubleshooting Advanced DNS nu
19/22
MICROSOFT CONFIDENTIAL - For Internal Use Only18
LAB 1: Troubleshooting Advanced DNS Problems
During this lab session, you will:
Run MPSReports to troubleshoot DNS Configurationissues.
Review advanced DNS problems.
Reconfigure DNS using Forwarders and Delegations.
Reconfigure DNS to use Active Directory Integrated with
stub zones.
SeeLab Manual
-
8/3/2019 Troubleshooting Advanced DNS nu
20/22
MICROSOFT CONFIDENTIAL - For Internal Use Only19
Resources
For additional information, see:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;257623 http://support.microsoft.com/default.aspx?scid=KB;EN-US;262376
http://support.microsoft.com/default.aspx?scid=KB;EN-US;291382
http://support.microsoft.com/default.aspx?scid=KB;EN-US;837513
http://support.microsoft.com/default.aspx?scid=KB;EN-US;247811 http://support.microsoft.com/default.aspx?scid=KB;EN-US;267855
http://support.microsoft.com/default.aspx?scid=KB;EN-US;824449
http://support.microsoft.com/default.aspx?scid=KB;EN-US;255248
http://support.microsoft.com/default.aspx?scid=KB;EN-US;304491
http://support.microsoft.com/default.aspx?scid=KB;EN-US;275278
http://support.microsoft.com/default.aspx?scid=KB;EN-US;300684
http://support.microsoft.com/default.aspx?scid=KB;EN-US;826743
-
8/3/2019 Troubleshooting Advanced DNS nu
21/22
MICROSOFT CONFIDENTIAL - For Internal Use Only20
Summary
Topics discussed in this session include:
Basic concepts related to DNS Delegating DNS to child domains
Creating secondary zones and granting permissions on parent DNS
Troubleshooting advanced problems with DNS
-
8/3/2019 Troubleshooting Advanced DNS nu
22/22
Presenter
Binu Kumar, MCSE (NT4, 2000, 2003), ADSE, MCA Technical Lead - Microsoft Small Business Server
Phone: 425-635-3106 * 66113
Hours: Mon - Fri 4am - 1pm PST
MICROSOFT CONFIDENTIAL - For Internal Use Only21
mailto:[email protected]:[email protected]:[email protected]:[email protected]