Domain Name Server (DNS)
Topics Covered
Introduction to Name Resolution
Introduction to DNS
DNS and DHCP Integration
DNS and Active directory Service
Installation of DNS
Creation of Zones
Creation of Resource Record (RR)
Zone Transfer
Delegation of DNS
Introduction
DNS (Domain Name Service)
DNS stands for Domain name Server. The primary and the basic function of DNS is to provide
name resolution service. DNS resolves Fully Qualified Name Domain (FQDN) to IP Address
.i.e www.visioninfosystems.org to 203.145.10.52. DNS is heart of WWW service. DNS is
widely used in Internet to resolve website names to IP address. In Windows 2008 AD DS based
network DNS plays an important Role.
1. DNS is used to resolve names of host in an AD DS based domain.
2. DNS contains and SRV record to all find resources like DC, Global Catalog, PDC, etc.
The DNS service provides name resolution for clients running Windows 2000/XP/2003. With
name resolution, users can access any host by name rather than having to use IP addresses that
are difficult to remember. Name resolution is similar to looking up a name in a telephone book,
where the name is associated with a telephone number. For example, when you connect to the
Vision Infosystems Web site, you use the name www.visioninfosystems.org. DNS resolves
www.visioninfosystems.org to its associated IP address, 203.145.10.52. The mapping of names to
IP addresses is stored in the DNS database or DNS zone.
DNS is used in hierarchical fashion same like the AD DS naming system. In fact, AD DS uses
the same DNS based naming systems. In DNS the top level of hierarchy is root domain. It is
represented by a period (.).
Under this root, there are many top level domains like .com, .org, .edu, .org, .mil, etc. Since this
top level domain names are registered in Internet it is recommended not to used this top level
names for your Pvt. ADS naming system. Microsoft recommends using .local as your top level
domain naming. Under the top level domain, there are other domains called as second level
domains. These domains are also called as sub-domains. These sub-domains are used by
organization, person, company, government, etc. as their domains. e.g. visioninfosystems.org.
Under this sub-domains you can assign names to each host called as resource records like
www.visioninfosystems.org, mail.visioninfosystems.org, forum.visioninfosystems.org, etc
Example:
How DNS name resolution Works
Suppose that a user wants to access the Vision official website i.e. www.visioninfosystems.org.
Now lets see how DNS plays roles to view Vision website :
1. The user types in a URL of www.visioninfosystems.org in Internet Explorer on his
Windows based computer.
2. Internet Explorer sends a query to the DNS client software (on the user’s computer) to
determine the IP address of www.visioninfosystems.org.
3. The DNS client software sends a query to the DNS server on the network or ISP, asking
that DNS server to resolve www.visioninfosystems.org to an IP address.
4. If the DNS server has the entry for the website to sends reply to the client, if it does not
have the entry it sends query to other DNS server under the request is replied.
5. If any of the DNS server name find the appropriate entry for the domain
www.visioninfosystems.org, the DNS server reply the query.
6. When the DNS client software on the user’s computer receives the IP address of
www.visioninfosystems.org, it caches this IP address for future use, and also forwards the
IP address to Internet Explorer.
7. Internet Explorer then establishes TCP network communications with
www.visioninfosystems.org, and opens the Web page for the user.
DNS Queries
DNS can be called as query and answering protocol where one asks question or query and other
reply the query. An DNS client ask a query and DNS server answers the query with a positive or
negative answer. DNS support 3 different types of query
1) Recursive Query
2) Iterative Query
3) Inverse Query
Recursive Query
Recursive query is a type of query where the DNS server must reply with a answer or no. A
recursive query means a DNS server must fully answer the query or give an error. Recursive
query is generated by DNS client or Forwarder DNS.
When a host sends a recursive query example: www.visioninfosystems.org to DNS server, the
server must reply YES or NO to the client. The process of recursive query is as under
1) A host sends a recursive query www.visioninfosystems.org to local DNS server.
2) The local DNS server check is zone database, cache, etc. If found it reply with the
solution.
3) If not found the DNS server then sends a iterative query to other DNS server or Root
Server.
4) The root server replies the DNS server with the IP address of “.org” server.
5) The DNS server goes to the “.org” server and the “.org” server replies the
visioninfosystems.org DNS server.
6) The DNS server then goes to the visioninfosystems.org DNS server and this server
replies the address of host www.visioninfosystes.org to the local DNS server.
7) The DNS server then replies the same to the client.
Iterative Query : An iterative name query is one in which a DNS client allows the DNS server
to return the best answer it can give based on its cache or zone data. If the queried DNS server
does not have an exact match for the queried name, the best possible information it can return is
a referral (that is, a pointer to a DNS server authoritative for a lower level of the domain
namespace). The DNS client can then query the DNS server for which it obtained a referral. It
continues this process until it locates a DNS server that is authoritative for the queried name, or
until an error or time-out condition is met.
DNS Zones
Before creating entry for domains in DNS server we must first understand what is Zone. A zone
is a storage unit for a domain and related records. The zone can be stored in a zone file or in
Active directory. For every domain we required a zone in DNS. A zone contains information
called as Resource Record (RR) for a specific domain. e.g. for visioninfosystems.org domain we
are require to create a zone called as visioninfosystems.org. Remember that the zone name and
domain name should be same. All domain information is that stored in zone example host(A)
record, MX record, SRV record, PTR record, etc. If a DNS server which is hosting zone for
visioninfosystems.org is down then we cannot resolve names. So it is recommended to place this
information on multiple servers for redundancy and also load balancing. So that if one DNS
server is down, the other DNS server is provide redundancy for the first DNS server. Microsoft
has divided DNS zone into 3 categories for provide redundancy and load balancing. They are :
Standard Primary Zone : A standard primary zone stored IP to FQDN mapping in a zone file.
This zone file is a normal TEXT/ASCII file located in default location i.e.
c:\windows\system32\dns\<domain.com.dns> file. Any changes made to the standard primary
zone are replicated to all secondary zone specified. There can be only one primary zone for a
domain. Primary zone is less secure because anyone can tamper the zone file. Replication
between primary and secondary is called full replication.
Standard Secondary Zone : A standard secondary zone contains a copy of primary zone file. A
standard secondary zone is a replica of an existing zone. Secondary zones are read-only and are
also stored in standard text files. Any changes made to primary are replicated to secondary. The
replication process is one-way replication. Primary-secondary zone works in master-slave
relationship.
Active Directory Integrated Primary Zone : This type of Zone is first introduced in Windows
2000. This DNS zone stores zone information in Active Directory. This zone is also like primary
zone. We can place multiple AD integrated zone for a domain. Any changes made to a zone are
replicated to all zones. AD integrated zone support multi-master replication i.e. it support two
way replication which is not possible in primary-secondary zones. AD integrated zones also
supported incremental replication. So if your domain contains active directory it is recommended
to use active directory integrated primary zone.
Stub Zone : A stub zone is like a secondary zone and also read-only like a secondary zone. But
the differences end here, as stub zones are quite different from secondary zones in a couple of
significant ways. First, while secondary zones contain copies of all the resource records in the
corresponding zone on the master name server, while stub zones contain only three kinds of
resource records:
• A copy of the SOA record for the zone.
• Copies of NS records for all name servers authoritative for the zone.
• Copies of A records for all name servers authoritative for the zone.
Stub zone does not contain CNAME records, MX records, SRV records, or A records for other
hosts in the zone. So while a secondary zone can be quite large for a big company's network, a
stub zone is always very small, just a few records. A stub zone is good for a remote location
where you do not want to maintain large no. of records.
DNS Zone Types
There are two zone lookup types: forward lookup zones and reverse lookup zones.
Forward Lookup Zones
A forward lookup zone enables forward lookup queries. On name servers, you must configure at
least one forward lookup zone for the DNS service to work A forward look zone resolves Host
name to IP address
Reverse Lookup Zones
A reverse lookup zone enables reverse lookup queries. Reverse lookup zones are not required. It
resolve IP address to host name. However, a reverse lookup zone is required to run
troubleshooting tools, such as NSLOOKUP, and to record a name instead of an IP address in
Internet Information Services (IIS) log files.
Resource Records
Resource records are entries in the zone database file that associate DNS domain names to
related data for a given network resource, such as an IP address. There are many different types
of resource records. When a zone is created, DNS automatically adds two resource records: the
Start of Authority (SOA) and the Name Server (NS) records
Resource Record
Host (A) : Lists the host name-to-IP-address mappings for a forward
lookup zone.
Alias (CNAME) : Creates an alias, or alternate name, for the specified host
name. You can use a Canonical Name (CNAME) record to
use more than one name to point to a single IP address. For
example, you can host a File Transfer Protocol (FTP)
server, such as ftp.visioninfosystems.org, and a Web server,
such as www.visioninfosystemst.org, on the same computer.
Host Information (HINFO) : Identifies the CPU and operating system used by the host.
Use this record as a low-cost resource-tracking tool. Mail
Exchanger (MX) Identifies which mail exchanger to
contact for a specified domain and in what order to use
each mail host.
Name Server (NS) : Lists the name servers that are assigned to a particular
domain.
Pointer (PTR) : Points to another part of the domain namespace. For
example, in a reverse lookup zone, it lists the IP-address-toname
mapping.
Service (SRV) : Identifies which servers are hosting a particular service. For
example, if a client needs to find a server to validate logon
requests, the client can send a query to the DNS server to
obtain a list of domain controllers and their associated IP
addresses.
Start of Authority (SOA) : Identifies which name server is the authoritative source of
information for data within this domain. The first record in
the zone database file must be the SOA record.
DNS Root Server
A Root DNS is a server which is last point to resolve the query. This DNS server does not
forward query to other DNS server. If you have only one DNS server on your network, and your
network is not connected to the Internet, you can consider configuring it to be a root server. If
you already have a root server on your network, or if your network is connected to the Internet,
you’ll need to configure this DNS server to use either the existing root server on your network or
the root servers on the Internet.
Note : There are total 13 Root DNS server in Internet each located at different location on
Internet. Root Servers are called as Root Hints
To view all the 13 Root Server goto the properties of DNS Server and then go to Root Hints tab
to view all the root server list with names and IP address.
Installation of DNS Server
To install a DNS server, go to Control Panel and double-click Add or Remove Programs Icon.
Then click Add/ Remove Windows Components. The DNS component, like the DHCP, WINS,
component, is a subcomponent of the Networking Services component in the Windows
Components Wizard.
After the installation wizard has completed, you can access the DNS console by selecting Start -
Administrative Tools and then select DNS.
Note : When you install Active directory server on a server you are prompted to install DNS on
the server. It is recommended to install DNS at that time.
Configure Client to use DNS server
1. From the desktop, select Start – Settings -Control Panel or right-click on My Network
places icon on your desktop.
2. In the Control Panel dialog box, double-click the Network and Dial-up Connections
folder.
3. In the Network and Dial-up Connections folder, right-click Local Area Connection and
select Properties from the menu that appears.
4. In the Local Area Connection Properties dialog box, highlight Internet Protocol (TCP/IP)
and click Properties.
5. In the Internet Protocol (TCP/IP) Properties dialog box, ensure that the “Use the
following DNS server addresses” option is selected. Then, in the Preferred DNS server
text box, type the IP address of this DNS server.
6. In the Internet Protocol (TCP/IP) Properties dialog box, click OK.
7. In the Local Area Connection Properties dialog box, click OK.
8. Close the Network and Dial-up Connections folder.
DHCP and DNS integration
If we are using DNS for name resolution then change in IP address of any Client computer
should affect DNS too. So in a network where there are frequent changes of IP address by DHCP
server can create an overhead for DNS server to manually change the information in DNS
database. In order to resolve this issue Windows 2008 DHCP has a feature of dynamic update of
client information in DNS. So when there is a change in IP address information of a client by a
DHCP server, the server sends the update of it to DNS server to update the client information in
DNS database. This feature is called as Dynamic DNS (DDNS).
Dynamic Update for Windows based Clients : Windows based client automatically register
their names in DNS server when there is change of IP address information by DHCP server
Dynamic Update for non - windows based Clients : Non - Windows based client does not
automatically register their names in DNS server when there is change of IP address information
by DHCP server. So to do so DHCP server automatically sends an update to DNS server
regarding the change.
DNS Query type
Recursive Queries : In a recursive query, the DNS name server is requested to respond with the
requested data from client, or with an error stating that data does not exist or that the domain
name specified does not exist. The DNS name server cannot refer or query the request to a
different name server.
Iterative Queries : In an iterative query, the DNS name server gives the best answer it currently
has back to the requester client. This answer may be the resolved name or a referral to another
name server that may be able to answer the client's original request.
Steps for creating Primary DNS zone
1. Go to Start – Programs – Administrative tools – DNS
2. Expand the server name icon and select Forward lookup
3. Right-click on the forward lookup icon and select New Zone
4. Select Primary zone from this window shown.
5. Do not select the checkbox “Store zone information in active directory” and then click
Next button.
Note : The option “Store zone information in active directory” is used to create active
directory integrated zone.
6. The Zone File window opens. The zone filename should match the zone name with a
.DNS extension.
7. Click Next. The Dynamic Update window opens. Select your update option. The Allow
Only Secure Dynamic Updates option will only be available for Active Directory
Integrated zones.
8. Click Next. The wizard displays a completion window.
9. Click Finish to complete the configuration and close the window. The new zone appears
as a folder under the Forward Lookup Zones icon in the left pane of the window.
Steps for creating Stub Zone
1. Go to Start – Programs – Administrative tools – DNS
2. Expand the server name icon and select Forward lookup
3. Right-click on the forward lookup icon and select New Zone
4. Select Stub zone from this list as show below
5. Click Next and the Active Directory Zone Replication Scope screen is appears, which
contains replication settings of stub zone information. The default is to replicate this
information to all domain controllers.
6. Next displays the Zone Name screen, and here we type your domain name for the stub
zone.
7. Next displays the Master DNS Servers screen, and here enter the IP address of Primary
DNS server. E.g. 10.0.0.5
8. Next click finish button to complete the creation of stub zone.
Creating DNS Zone using command line
If your DNS server is running Windows Server Core, you can create forward lookup zones from
the command-line by using the DNSCMD command. Here are 4 examples:
1. Use this command to create a forward lookup standard primary zone named visioninfo.com on
a DNS server named Server1 and store the database for this zone on the server in a file named
visioninfo.com.dns. The command stores the database for this zone on the server in a file named
visioninfo.com.dns:
dnscmd Server1 /zoneadd visioninfo.com /primary /file visioninfo.com.dns
2. Use this command to create a forward lookup AD DS–integrated primary zone named
vmail.com on a DNS server named Server that is also a domain controller and store the zone
information in the domain DNS partition within AD DS:
dnscmd Server /zoneadd vmail.com /dsprimary
3. Use this command to create a forward lookup standard secondary zone named visioninfo.com
on a DNS server named Server2 that is also a domain controller, store the database for this zone
in the domain DNS partition within AD DS, and assign the zone the address 10.0.0.1 as the
master DNS server for replication purposes:
dnscmd Server2 /zoneadd visioninfo.com /secondary 10.0.0.1 /file visioninfo.com.dns
4. Use this command to create a forward lookup standard stub zone named visioninfo.com on a
DNS server named Server3, store the database for the zone on the server in a file named
visioninfo.com.dns, and assign the zone the address 10.0.0.1 as the master DNS server for
replication purposes:
dnscmd Server3 /zoneadd visioninfo.com /stub 10.0.0.1 /file visioninfo.com.dns
Steps Creating Resource Record
GUI Method
1. Right click on the zone you have created i.e. visioninfo.com
2. Select new resource record
3. Select Host A record and a new window appears
4. Type the host name e.g. pc1 and then type the IP address e.g. 10.0.0.5
5. Then click on ADD button and next Close this window
Command-Line Method
C:\> dnscmd server1 /Recordadd pc1.visioninfo.com A 10.0.0.5
Forwarder DNS
A forwarder DNS means a DNS server forwards a query for a zone to other DNS server if it does
not found a zone information in its local DNS database. Forwarder is generally when you wants
your local DNS server to forward a DNS client query to other DNS server located on Internet.
The forwarder DNS server is generally your ISP DNS server.
Example : Suppose you have a DNS server with IP 10.0.0.1 which helps to resolve your local
zone query. So all clients will need this IP as their preferred DNS server in their TCP/IP
properties. Same way all clients also want to access Internet and they have and ISP DNS server
address as 203.10.10.5. So now all clients will need to add ISP DNS address and their secondary
DNS server address in TCP/IP properties. This will be an overhead for administrator.
So instead of setting up secondary DNS address on client, we can setup our Local DNS server to
forward external zone request automatically to ISP DNS server. To do so we have to add the ISP
DNS server address in DNS forwarder properties.
Step to setup DNS Forwarder
1. Start DNS from Administrative tools
2. Right-click on the Server Name and Go to properties
3. Under properties go to forwarder tab
4. Next set the IP of ISP DNS server in forwarder.
Conditional Forwarding
Conditional forwarding was first introduced in Windows 2003. It is an enhancement to forwarder
feature. In forwarder all external request is forwarder to a specific DNS server, whereas in
Conditional forwarding you can specify that a specific request to be forwarded to a specific DNS
server.
Example : you want to forward request for vmail.com to DNS server 20.0.0.1 and vnet.com to
DNS server 30.0.0.1. In this case conditional forwarding is best suited.
Step for to configure conditional forwarding
1. Start DNS from administrative tools
2. Select Conditional Forwarder
3. Right-click on Conditional Forwarder and select new conditional forwarder
4. In the new conditional forwarder and specify the zone i.e. vmail.com and then specify the
IP address of DNS server i.e 20.0.0.1
No comments:
Post a Comment