Microsoft Official Course

Module 1

Configuring and Troubleshooting

Domain Name System
Module Overview

Configuring the DNS Server Role

Configuring DNS Zones
Configuring DNS Zone Transfers
• Managing and troubleshooting DNS
Lesson 1: Configuring the DNS Server Role

Components of a DNS Solution

Demonstration: Installing the DNS Server Role
What Are DNS Queries?
What Are Root Hints?
What Is Forwarding?
How DNS Server Caching Works
Demonstration: Configuring the DNS Server Role
What Is DNS Round Robin?
• Considerations for Deploying the DNS Server Role
Components of a DNS Solution

Resource
Record
Root (.)

.com

Resource
Record

.edu

Internal DNS
DNS Resolvers DNS Servers on the Internet
Servers
Demonstration: Installing the DNS Server Role

In this demonstration, you will see how to install

the DNS server role
What Are DNS Queries?
A query is a request for name resolution and is directed to a
DNS server:
• Queries are recursive or iterative

• DNS clients and DNS servers initiate queries

• DNS servers are authoritative or nonauthoritative for

a namespace
• An authoritative DNS server for the namespace will do
one of the following:
• Return the requested IP address
• Return an authoritative “No”

• A nonauthoritative DNS server for the namespace will do

one of the following:
• Check its cache
• Use forwarders
• Use root hints
What Are Root Hints?

Root hints contain the IP addresses for DNS root servers

Root (.)
Servers
DNS
Servers
Root
Hints

DNS .com
Server

Microsoft
Client
What Is Forwarding?

A forwarder is a DNS server that is designated to resolve

external or offsite DNS domain names
Root Hint (.)
Forwarder
Iterative Query

Ask .com
Iterati
ve Quer y
ry

Ask C
ue

.com
ontos
eQ

o.com
1
. 0. 1
siv

Iter
ativ
r

07

e
cu

A ut Qu
1 .1

er y
Re

ho r
itat
13

13 1. 1 ive
0 7. 0. Res
11 po ns e
Recur
siv
mail1. e Quer y fo
conto r Contoso.com
Local so.com
DNS
Server Client
How DNS Server Caching Works

DNS server cache

Host name IP address TTL
ServerA.contoso.com 131.107.0.44 28 seconds

Whereisisat
ServerA
ServerA?
131.107.0.44

Client1
Where isis at
ServerA
ServerA?
131.107.0.44
Client2
ServerA
Demonstration: Configuring the DNS Server Role

In this demonstration, you will see how to:

• Configure DNS server properties
• Configure conditional forwarding
• Clear the DNS cache
What Is DNS Round Robin?

www.contoso.com 60 IN A 172.16.0.11
www.contoso.com 60 IN A 172.16.0.120
www.contoso.com 60 IN A 172.16.0.133

172.16.0.11 172.16.0.120 172.16.0.133

www.contoso.com

Register A records to DNS Zone DNS Server for

Contoso.com
Client
Client sends
sends http
http ‘get’
Next
DNS DNS Client
returns records
to ‘get’ to
172.16.0.11
requests
in list: record for
172.16.0.120
www.contoso.com
172.16.0.120
DNSClient
returns
172.16.0.133
DNS records
requests
in list:for
172.16.0.11
record
172.16.0.11
www.contoso.com
172.16.0.120
172.16.0.133
Considerations for Deploying the DNS Server Role

DNS Server

Subnet 2
DNS Zone

DNS Client

Subnet 1

DNS Client

DNS Server

Subnet 3
DNS Zone

DNS Client
Lesson 2: Configuring DNS Zones

DNS Resource Records

What Is a DNS Zone?
DNS Zone Types
What Are Active Directory–Integrated Zones?
Forward and Reverse Lookup Zones
Overview of Stub Zones
Demonstration: Creating Zones
DNS Zone Delegation
• What Is Split DNS?
DNS Resource Records

DNS resource records include:

• SOA: Start of authority resource record

• A: Host address resource record

• CNAME: Alias resource record

• MX: Mail exchanger resource record

• SRV: Service locator resource record

• NS: Name server resource record

• AAAA: IPv6 host address resource record

• PTR: Pointer resource record

What Is a DNS Zone?
Internet

“.” DNS Root Domain

.com
microsoft.com
domain
microsoft.com

WWW www.microsoft.com
microsoft.com zone
F TP ftp.microsoft.com
example.microsoft.com
Zone File

d
te
a
example.microsoft.com

leg
WWW
zone .e x a mp

De
le
F TP
.ex example.microsoft.com
am
ple
www.example.microsoft.com
Zone File ftp.example.microsoft.com
DNS Zone Types

Zones Description

Primary Read/write copy of a DNS database

Secondary Read-only copy of a DNS database

Copy of a zone that contains only records

Stub
used to locate name servers
Active
Zone data is stored in AD DS rather than in
Directory–
zone files
integrated
What Are AD DS Integrated Zones?
Normal
Normal Normal
Normal
replication
replication replication
replication
traffic
traffic traffic
traffic

Controllers----------
-------------Domain Controllers----------
-------------Domain

Zone
Zone
Transfer
Transfer

Primary
Primary DNS
DNS Server
Server Secondary
Secondary DNS
DNS Server
Server
 Forward and Reverse Lookup Zones

Namespace: training.contoso.com

DNS Client1 192.168.2.45

DNS Server Authorized
for Training Forward
Training
DNS Client2 192.168.2.46
zone
DNS Client3 192.168.2.47

192.168.2.45 DNS Client1

Reverse 2.168.192.in-
192.168.2.46 DNS Client2
zone addr.arpa
192.168.2.47 DNS Client3
DNS Client2 = ?

192.168.2.46 = ?

DNS Client1
 Overview of Stub Zones
Without stub zones, the ny.na.contoso.com server must query several
servers to find the server that hosts the na.fabrikam.com zone

DNS
Server
Contoso.com
DNS
(Root domain) Server

DNS DNS fabrikam.com

Server Server
DNS
Server
na.contoso.com sa.contoso.com

DNS
DNS na.fabrikam.com
Server
Server

ny.na.contoso.com rio.sa.contoso.com
Demonstration: Creating Zones

In this demonstration, you will see how to:

• Create a reverse lookup zone
• Create a forward lookup zone
DNS Zone Delegation

DNS
Server
Contoso.com

DNS
Zone
DNS
Subdomain DNS
Zone
Sales

DNS
Server
Marketing
What Is Split DNS?

Internal DNS servers host domain External DNS server hosts only
computer records, plus mail and records that are resolved from
Web server in perimeter subnet the outside mail and Web server

External
Web Server Mail Server DNS Server

Inside Firewall – Outside Firewall

Domain Controllers Perimeter Subnet

Running ADI DNS

1. Clients and servers on the internal

network send all DNS queries to
Domain controllers/Active
Directory–Integrated servers.

Servers and Computers on

Domain-Joined, Internal Network
What Is Split DNS?

Internal DNS servers host domain External DNS server hosts only
computer records, plus mail and records that are resolved from
Web server in perimeter subnet the outside: mail and Web server

External
Web Server Mail Server DNS Server

Inside Firewall Outside Firewall

Domain Controllers Perimeter Subnet

Running ADI DNS

2. Internal requests to perimeter

subnet Web and mail servers are
allowed to go to those servers
after resolving names from Active
Directory–Integrated DNS servers

Servers and Computers on

Domain-Joined, Internal Network
What Is Split DNS?

Internal DNS servers host domain External DNS server hosts only
computer records, plus mail and records that are resolved from
Web server in perimeter subnet the outside: mail and Web server

External
Web Server Mail Server DNS Server

Inside Firewall Outside Firewall

Domain Controllers Perimeter Subnet

Running ADI DNS

3. Requests to resolve resources

outside of the domain and
perimeter subnet are forwarded
to the external DNS server, which
uses iterative queries to root hints
or another forwarder to resolve
Servers and Computers on those queries.
Domain-Joined, Internal Network
What Is Split DNS?

Internal DNS servers host domain External DNS server hosts only
computer records, plus mail and records that are resolved from
Web server in perimeter subnet the outside: mail and Web server

External
Web Server Mail Server DNS Server

Inside Firewall Outside Firewall

Domain Controllers Perimeter Subnet

Running ADI DNS

4. Clients and servers on the internal

network send all DNS queries to
Domain controllers/Active
Directory–Integrated DNS servers

Servers and Computers on

Domain-Joined, Internal Network
Lesson 3: Configuring DNS Zone Transfers

What Is a DNS Zone Transfer?

Configuring Zone Transfer Security
• Demonstration: Configuring DNS Zone Transfers
What Is a DNS Zone Transfer?

A DNS zone transfer is the synchronization of authoritative

DNS zone data between DNS servers

1 SOA query for a zone

2 SOA query answered

3 IXFR or AXFR query for a zone

4 IXFR or AXFR query answered

(zone transferred)
Secondary Server Primary and
Master Server
Configuring Zone Transfer Security

• Restrict zone transfer to specified servers

• Encrypt zone transfer traffic

• Consider using Active Directory–integrated zones

Primary Zone Secondary Zone

Demonstration: Configuring DNS Zone Transfers

In this demonstration, you will see how to:

• Enable DNS zone transfers

• Update the secondary zone from the master server

• Update the primary zone, and verify the change on the

secondary zone
Lesson 4: Managing and troubleshooting DNS

TTL, Aging, and Scavenging

Demonstration: Managing DNS Records
Demonstration: Testing the DNS Server
Configuration
Monitoring DNS by Using the DNS Event Log
Monitoring DNS by Using Debug Logging
• Monitoring DNS with Windows PowerShell
TTL, Aging, and Scavenging

Feature Description
Indicates how long a DNS record will
TTL
remain valid
Occurs when records that have been
Aging inserted into the DNS server reach their
expiration and are removed
Performs DNS server resource record
Scavenging
grooming for old records in DNS
Demonstration: Managing DNS Records

In this demonstration, you will see how to:

• Configure TTL
• Enable and configure scavenging and aging
Demonstration: Testing the DNS Server
Configuration

In this demonstration, you will see how to use

Nslookup.exe to test the DNS server configuration
Monitoring DNS by Using the DNS Event Log
Monitoring DNS by Using Debug Logging
Monitoring DNS with Windows PowerShell

• Windows Server 2012 has added Windows

PowerShell cmdlets for DNS configuring,
managing, monitoring, and troubleshooting
• Windows Server 2012 R2 has added
DnsServerStatistics parameters
• Windows Server 2012 R2 also added Windows
PowerShell cmdlets for DNSSEC
Lab: Configuring and Troubleshooting DNS

Exercise 1: Configuring DNS Resource Records

Exercise 2: Configuring DNS Conditional
Forwarding
Exercise 3: Installing and Configuring DNS Zones
• Exercise 4: Troubleshooting DNS
Logon Information
Virtual machines: 20411D-LON-DC1, 20411D-LON-SVR1,
20411D-LON-CL1
User name: Adatum\Administrator
Password: Pa$$w0rd

Estimated Time: 60 minutes

Lab Scenario
A. Datum Corporation is a global engineering and
manufacturing company with its head office in
London, United Kingdom. An Information
Technology office and a data center are located in
London to support the head office and other
locations. A. Datum recently deployed a Windows
Server 2012 server and client infrastructure.
Management has asked you to add several new
resource records to the DNS service that is
installed on LON-DC1. Records include a new MX
record for Exchange Server 2013 and a SRV record
for a Microsoft Lync® Server 2013 deployment that
is occurring.
Lab Scenario

A. Datum is working with a partner organization,

Contoso, Ltd. You have been asked to configure
internal name resolution between the two
organizations. A small branch office has reported
that name resolution performance is poor. The
branch office contains a Windows Server 2012
server that performs several roles. However, there is
no plan to implement an additional domain
controller. You have been asked to install the DNS
server role at the branch office and to create a
secondary zone of Adatum.com. To maintain
security, you have been instructed to configure the
branch office server to be on the Notify list for
Lab Scenario

Adatum.com zone transfers. You also should

update all branch office clients to use the new
name server in the branch office.
You should configure the new DNS server role to
perform standard aging and scavenging, as
necessary and as specified by corporate policy.
After implementing the new server, you need to
test and verify the configuration by using standard
DNS troubleshooting tools.
Lab Review

In the lab, you were required to deploy a secondary

zone because you were not going to deploy any
additional domain controllers. If this condition
changed—that is, if LON-SVR1 was a domain
controller—how would that change your
implementation plan?
Module Review and Takeaways

Review Question(s)
• Tools