CST8200 –Windows

Domain Administration
Professor: Denis Latremouille
Week 02

CST8200

2
Agenda
 Windows Server
 Case Study Review
 DNS Install, Configure, Manage
 DNS Demo

3
Introduction to Domain Name System
 What: DNS is designed to resolve Names to IP
addresses and vice versa
 Why: Computers communicate with numbers
however, people prefer to use names.
 Subsequently many other services rely on DNS
for a variety of purposes
◼ Authentication is an example of a mechanism that
requires DNS.
◼ Certificate Authorities also use DNS to ensure
connections can be made securely
 Dynamic DNS allows computers to locate other
computers even if Dynamic IP addresses are
being used. 4
DNS Order of Operations
 When a computer or user needs to know the IP
address of a computer the following will occur:
◼ First the computer making the request check to see if
the IP in question is its own (localhost)
 Localhost is any address in the range 127.0.0.1–127.255.255.254
◼ Next the computer making the request will check to see
if the name is in its cache
◼ Then the computer making the request will check to see
if the name is in its HOST File
◼ If none of the above are successful, the computer will
request this information from its DNS resolver over UDP
port 53
 This is where the DNS server will start to handle
information exchange.
5
Introduction to Domain Name System
 Domain Name System (DNS) is a distributed
hierarchical database composed mainly of
computer name and IP address pairs
 Distributed means no single database contains all
data
 Hierarchical means there’s no structure to how
information is stored and accessed in the
database
 In order to resolve a name to an address, a DNS
lookup will often require multiple queries to a
hierarchy of DNS servers

6
Introduction to Domain Name System

7
The DNS Database
 A zone is a grouping of DNS information that
represents one or more domains and possibly
sub-domains
 Zones contain a variety of record types called
resource records, which contain information
about network resources
 DNS resource records are identified by letter
codes
 Very good analogy
 https://www.youtube.com/watch?v=JIwi6ii-rzI
 Very good explanation
 https://www.youtube.com/watch?v=WYCPTuGNj
8
7U
The DNS Lookup Process
 Two types of DNS lookup can be performed:
◼ Iterative Query - a DNS server will respond with the
best information it has to satisfy the query, or it may
give a referral response
◼ Recursive Query - a DNS server processes the query
until it responds with an address that satisfies the query
or with an “I don’t know message”
 A typical DNS lookup made by a DNS client can
involve both recursive and iterative queries
 DNS clients maintain a text file that can contain
static DNS entries and the file is stored in
%systemroot%\System32\drivers\etc

9
The DNS Lookup Process

10
DNS Server Roles
 DNS Servers can perform one or more of
the following roles for a zone:
◼ Authoritative server - holds a complete copy of a zone’s
resource records
◼ Forwarder - a DNS server to which other DNS servers
send requests they can’t resolve themselves
◼ Conditional forwarder - a DNS Server to which other
DNS servers send requests targeted for a specific
domain
◼ Caching-only server - does not have zones and its job is
to field DNS queries, do recursive lookups to root
servers or send requests to forwarders, and then cache
the results

11
Configuring DNS
 Three aspects of DNS configuration:
◼ DNS zones
 Forward Lookup Zones
 Reverse Lookup Zones
◼ DNS resource records
 A
 NS
 MX
 AAAA
 CNAME
 PTR
◼ DNS server settings
12
Forward and Reverse Lookup Zones
 Two DNS zone categories that define what
kind of information is stored in a zone:
◼ Forward lookup zone (FLZ) – contains records
that translate names to IP addresses, such as
A, AAAA, and MX records
◼ Reverse lookup zone (RLZ) – contains PTR
records that map IP addresses to names and is
named after the IP network address (IPv4 or
IPv6) of the computers whose records it
contains

13
Zone Type
 Three different types of zones:
◼ Primary zone - contains a read/write master
copy of all resource records for the zone; it is
considered authoritative for the zone
◼ Secondary zone - contains a read-only copy of
all resource records for the zone; it is
considered authoritative for the zone
◼ Stub zone - contains a read-only copy of only
the SOA and NS records for a zone and the
necessary A records to resolve NS records; not
authoritative

14
Dynamic Updates
 The final step allows you to choose
whether and how to use dynamic updates,
which can be configured in one of three
ways:
◼ Allow only secure dynamic updates
◼ Allow both nonsecure and secure dynamic
updates
◼ Do not allow dynamic updates
 Dynamic updates enable DNS client
computers to register and dynamically
update their resource records with a DNS
server whenever changes occur
15
Dynamic Updates

16
Creating DNS Resource Records
 Resource records can be created
dynamically or as static records
 Dynamic records are created by the
resource or with a DHCP server
 Static records are created manually by an
administrator or automatically by Windows

17
Host (A and AAAA) Records

18
Canonical Name (CNAME) Records
 CNAME record - an alias for another
domain name record in the DNS database
◼ Used when multiple services are running on
the same server and you want users to be able
to refer to each service with a different name
◼ Can also create CNAME records that point to
records in other domains
Record type Name Value

CNAME www.csmtech.local server1.csmtech.local

CNAME ftp.csmtech.local server1.csmtech.local

A server1.csmtech.local 192.168.0.101

19
Pointer (PTR) Records
 PTR records are used to resolve a known
IP address to a hostname
◼ Useful for certain applications when only the IP
address is known and you want to find the
hostname
 PTR records are found only in RLZs
 They have much of the same information
as a host record
◼ When you create a host record, you have the
option to create the related PTR record for the
host automatically
20
Mail Exchanger (MX) Records
 MX records are used by mail services to
find the mail server for a domain
 When an outgoing mail server needs to
deliver an e-mail message
◼ It performs a DNS lookup for the MX record for
the domain name contained in the email
address
 To create an MX record, right-click the
zone where you want to create the record
and click New Mail Exchanger (MX)
21
Service Location (SRV) Records
 An SRV record specifies a hostname and
port number for servers that supply
specific services
 SRV records are critical to the operation of
an Active Directory domain
◼ Without them, client computers couldn’t find a
domain controller or global catalog server to
log on or join a domain
 SRV records for Active Directory are
usually created automatically when Active
Directory is installed
22
Service Location (SRV) Records

23
Service Location (SRV) Records

24
Creating Dynamic DNS Records
 Dynamic DNS records are created and
updated by the resource or by the DHCP
server when an IP address is leased or
renewed
 Each time a dynamic record is created or
updated, a time-to-live (TTL) value and
timestamp are added to the record
◼ The TTL specifies how long the record should
remain in the DNS database
◼ If the record expires, it’s deleted from the
database
25
Configuring DNS Zones

 Zones can be viewed

and changed in DNS
Manager
 DNS Manager provides
the following options:
◼ Status
◼ Type
◼ Replication
◼ Dynamic updates
◼ Aging 26
Start of Authority Records
 SOA records are found in every zone and contain
information that identifies the server primarily
responsible for the zone as well as some
operation properties for the zone
 The SOA record contains the following
information:
◼ Serial number
◼ Primary server
◼ Responsible person
◼ Minimum (default) TTL
 Discussed later are three other fields:
◼ Refresh interval
◼ Retry interval
27
◼ Expires after
Name Server Records
 NS records specify FQDNs and IP addresses of
authoritative servers for a zone
 NS records are also used to refer DNS queries to a name
server that has been delegated authority for a subdomain
 Glue A records are A records containing a name server’s
IP address, and are used to resolve NS record information
 On Windows DNS servers, glue records are created
automatically by a DNS lookup on the NS record’s FQDN
 A Glue Record is the IP Address of a name server at a
domain name registry.
 A domain name registry is a database of all domain
names and the associated registrant information in the top-
level domains of the Domain Name System of the Internet.

28
Creating Secondary Zones and
Configuring Zone Transfers
 When a secondary zone is created
◼ It must have the same name of an existing
primary zone and zone transfers must be
configured to load data from the primary zone
to the secondary zone
 Secondary zones are read-only
◼ All changes to the zone data occurs at the
server hosting the primary zone
◼ Are subsequently transferred to all secondary
zone servers
 Only one server can host a primary zone
◼ Multiple servers can host secondary zones 29
Zone Transfer Settings
 A zone transfer copies all or part of a zone
from one DNS server to another and
occurs as a result of a second server
requesting the transfer from another
server
 Zone transfers can be initiated in two
ways:
◼ Refresh interval
◼ DNS notify

30
Zone Transfer Settings
 Zone transfers are configured in the Zone
Transfers tab of a zone’s Properties dialog box,
which has the following options:
◼ Allow zone transfers
 To any server
 Only to servers listed on the Name Servers tab
 Only to the following servers
◼ Notify

31
Zone Transfer Settings
 Configure timing intervals of zone
transfers in the Start of Authority tab
◼ Refresh interval – specifies how often a
secondary DNS server attempts to renew its
zone information
◼ Retry interval – amount of time a secondary
server waits before retrying a zone transfer
that has failed
◼ Expires after – amount of time before a
secondary server considers its zone data
obsolete if it can’t contact the primary DNS
server
32
Configuring Traditional Forwarders
 To configure a traditional forwarder, right click
the server node in DNS Manager, click Properties,
and click the Forwarders tab
 If more than one server is specified, they are
queried in the order in which they are listed
 Additional servers are only queried if the first
server provides no response
 No response from any forwarders triggers a
normal recursive lookup process, starting with a
root server

33
Configuring Traditional Forwarders
 Conditional forwarders are configured in the
Conditional Forwarders node in DNS Manager
 With forwarders and/or conditional forwarders
configured, the DNS server attempts to resolve
DNS queries in this order:
1. From locally stored zone resource records (local DB)
2. From the DNS cache
3. From conditional forwarders
4. From traditional forwarders
5. Recursively by using root hints

34
Monitoring and Troubleshooting DNS
 To troubleshoot a DNS problem, you need
to know that DNS is actually used for
name resolution
 After determining that DNS is part of the
process, you can begin monitoring DNS
◼ If the problem is performance related
◼ Or, you can troubleshoot DNS queries and
zone activities when there are query failures

35
DNS Troubleshooting
 Windows has several tools to administer,
monitor, and troubleshoot DNS server operation,
including:
◼ DNS Manager
◼ dcdiag /test:dns
◼ dnscmd.exe
◼ PowerShell
◼ Event Viewer
◼ dnslint
◼ nslookup
◼ ping
◼ ipconfig
◼ Performance Monitor
36
◼ Protocol analyzer