Thursday, April 2, 2015

DNS

DNS (Domain Naming Service):

DNS resolves host names to IP addresses IP addresses to host names. Supports all type of OS. Ex. Windows, Linux, UNIX, Mac.., etc...

DNS: defines a hierarchical namespace where each level of the namespace is separated by a “.

Resolver:

Resolving: It is a process of converting IPs to host names & host names to IPs.

Computer that requests DNS resolution.

Issues queries that ask for specific types of mapping of computers and IP addresses (records)
Query types determine behavior of DNS server receiving query.
Lookup types determine whether a name to IP mapping or an IP to name mapping is sought.



Query:

Query is a request to find an address of the DNS there are 2 types of queries.

Ø Recursive queries
Ø Iterative queries

Recursive Queries: When a client start a query, query is passed onto local DNS for resolution if  a query cannot find the solution then the DNS on behalf of client forwards the query to another DNS, And to another DNS and so on until it finds the mapping information or an answer.

Iterative Query: Query raised by the client to the DNS. If the DNS cannot resolve it sends a negative response to the client, then the client has to contact another DNS and so on.
In this case the DNS is not forwarding the query but the client itself is contacting other DNS.

Zone: Zone is a subtree of DNS database. Zone contains the mapping information with the help of forward lookup zone & reverse look up zone.

Forward Look up zone: Contains host record, which contain host names to IP, address mapping information

Reverse Lookup zone: it contains mapping information about IPs to host.

DNS requirements:

DC or member server
Static IP address

Installing DNS
Either on member server or on DC
Start - settings – control panel – add/remove programs – add/remove windows components – select networking services – details – check the box DNS – ok – next
Insert the CD - next

Creating a forward lookup zones:

Start – p – admin tools – DNS
Right click on forward lookup zone
New zone – next – select primary – next – specify the zone name – zone file – next –select allow both non secure & secure – next – finish



Records:
It is a database which contains information about the zone
There are a few types of records

Ø Host record (A record) used in FLZ
Ø PTR record (pointer) used in RLZ
Ø Alias record (nick name of a host record)
Ø MX record (used for mail server)

1. Creating a host record:

Right click on the zone you have created - new host – specify the servers address –and IP
Add host - ok - done

2. Creating an alias record:

Right click on zone – new alias
Specify www. – Click on browse the host records – ok

Verification:
Start - run – cmd – ping www.Yahoo.com
Or ping sys1.yahoo.com

Creating a Reverse Lookup zone:

Right click on the R-L zone
New zone – next  - zone type  - next – specify the IP address – zone file – next – allow both – next – finish

Creating a PTR record

Right click on reverse lookup zone.
New- pointer – specify IP
Browse host record – ok

Verification:
Start – run – cmd
Nslookup 192.168.1.17      - Reverse lookup zone
Nslookup www.yahoo.com Forward lookup zone.

DNS: DNS server can be configured as follows>
Ø Secondary
Ø Stub (feature of 2003)
Ø AD integrated
Ø Forwarders
Ø Root servers
Ø Caching only server
Ø Primary

Configuring a primary zone:

On DC
Start - p – admin tools – DNS - create a zone & host record

Creating a secondary zone:

On Member server
If DNS is not available install DNS first
Open DNS - right click on FLZ
New zone – next – specify the primary – DNS servers IP address –add – next – finish

Zone Transfer

On DC
On Primary DNS
Open DNS – right click on zone
Properties
Zone transfer – check box allow zone
Select only to the following servers
Specify the secondary DNS servers IP address
Apply – ok

Primary Zone: Primary zones are created on the primary  DNS servers. It is a read /write copy.

Secondary Zone: There are created on the second DNS server where it holds a read only copy of the zone.
Secondary zones provide fall tolerance and load balancing to the primary zone.
Secondary zone is a back up for primary zone

Zone transfer:
Zone transfer is a process of transferring the zone from primary to secondary or secondary to primary. Zone transfers occur when there is a change or modification taken place on either of the zones.

AD integrated zones:
These are useful when we want to maintain zone information in the AD . zone is saved in the AD as a result when we back  up AD we are also backing up zone information.
If it is a primary zone, zone is saved as a normal text file as a result we have to back p the zone separately, AD integrated zone is created when we install AD with a domain name.

Creating in AD integrated zone:
On DC
Open DNS
Right click on FLZ
New zone
Next - check the box store the zone
Next - specify zone name
Next – allow both – next – finish

Stub zone:
Stub zone is a newly added feature in WIN 2003 stub zone contains name server information or name server records and SOA records (Start of Authority)
Stub zones provide fault tolerance & load balancing besides providing the name server & SOA record information.
Stub zones are useful for resolving the query faster.

Creating stub zones:

On DC
Create a primary zone with a host record ex: hp.com
On member server
Open DNS
Right click on FLZ
New zone - next
Select stub zone
Next – zone name ex.hp.com
Zone file – specify the primary DNS server’s address - next – finish

Resource Records (RR):
RRS are useful to provide the information about the zone. There are a few types of resource records.
Host a record
Pointer record
Alias record
MX record
AAAA record
ATMA
HINFO etc…

Service Records: There are also called as SRV records. These are useful for locating the services. There are totally 6 service records created when we install AD. They  are located in DNS under domain subtree.

When we install AD, system automatically creates an AD integrated zone with the corresponding domain name.

Record types:

Ø Msdcs: Contains the Dc’s  information
Ø Default site: Contains site name
Ø Tcp: (server side) provides global catalog, Kerberos and LDAP information
Ø Udp: (client side) provides Kerberos information
Ø Domain DNS zone
Ø Forest DNS zones    both are the part of application partition. Provides DNS information in entire forest.

Creating a secondary zone for (DC) domain name zone:

On member server
Open DNS
right click on F L Z
next – secondary – specify the DC’s
Domain name (ex: zoom.com)
Specify the DC’s IP address
Next – finish

Move on to DC
Open DNS
DC’s zone properties
Zone transfers
Only on the following
Specify the IP address (secondary)

Move onto member server refresh the zone
This process is we call as safe zone transfer.

Note:

1) If the 6 service records are not found in secondary server we need to restart                   net logon & DNS services on DC & Member server.

2) Still if we can’t find the 6 service records we need to perform a forceful transfer

For accessing C drive through command prompt.
Ex. \\sys1\c$



Implementing forceful transfer:

Create secondary zone for dc zone.
On member server
Start – run - \\server name \c$
Open windows\System32\ config\netlogon.dns – open – select all – copy the contents – open my computer of local machine – windows – system32 – DNS open domain name.dns  ex. Zoom.com
Come down of the page   - paste - save - close –
Open DNS
Should be noticed 6 service files without refreshing

Verifying the type of zone:

Open DNS
right click on the zone properties
Type of zone secondary
If we want to change click on change

Dynamic Updates:
It is a feature of 2000 & 03 when a client machine or a network node comes on line; automatically get their names registered in DNS database.
Dynamic updates take place when there is a modification or change done at the client or when we have DHCP server.

There are 2 types of Dynamic updates
Secure & Non-secure

Secure Updates:

Useful when we do not want our DNS maintain outside our network host information.

Non-secure updates:

DNS gets updated as and when what all the hosts come online get their names registered with DNS server.

Note: secure updates can occur only when the client machines have their a/cs in DC

Configuring secure &non secure updates:
Zone – properties
Dynamic updates
Select either secure or non-secure
Apply - ok

Zone properties:

Ø Name Server - Existing DNS server’s address
Ø Zone transfer
Ø General (status, type, aging, Dynamic Update)
Ø SOA (Serial no., Responsible person, refresh interval)
Ø WINS (existing WINS address, used for NetBIOS resolution)

DNS Server Properties:

Ø forwarders
Ø event logging
Ø interfaces ( used when we have multiple NICs)
Ø Monitoring
Ø Security
Ø Root hints
Ø Debug logging
Ø Advanced

Interfaces:
Useful when our system has multiple NICs and the DNS can listen the queries from all available NICs
Offers load balancing

Forwarders: If the query is not resolvable by the local DNS it is being forwarded to another DNS server for name resolution

Configuring Forwarding
:
On DC
Create a primary zone with a host
On Member server
Open DNS – properties
Forwarders
Add the DC’s IP (DNS1’s IP)

Verification:
On Member server
Start - run   cmd – ping www.Zonename.com

Advanced:

Ø Disable recursion
Ø BIND secondary (Berkeley internet naming domain)
Ø Fail on load if bad zone data
Ø Enable round robin
Ø Enable net mask ordering
Ø Secure cache against pollution

Disable recursion: By default this is disabled i.e., recursion is enabled

BIND secondaries: useful when we have older BIND servers (ex. UNIX) as secondaries BIND is a standard followed by DNS.
All UNIX based machines older version used BIND servers as DNS. Ex. BIND version 4.0 series.
Useful when our network has old BIND version based DNS servers with new BIND versions like 9.1.2, to provide zone transfer at faster rate to BIND secondaries.
Faster zone transfer is possible by transferring multiple zones at a time besides compression.

Fail on Load if bad zone data:

If the secondary zone comes across stale records or unwanted records the zone will not be loaded if we check this box.

Enable Round Robin (RR):

Useful when the DNS has multiple NICs to listen the queries all NICs. If the query is not resolvable by one NIC it can be listened by another NIC

Enable net mask ordering:

Secure cache against pollution: By default the cache DNS information is secured against pollution.
In windos\system32\DNS\cache.dns 

Root Hints: Root hints provide the root server’s information
There are totally 13 root servers throughout the world.

2003 server can be configured as root server. Once configured as root sever disable forwarders and root hints.
Root servers zone name is always represented by a dot. (.)

Configuring a root server:

On DC
Open DNS
Right click on FLZ - new zone –
Primary – next – specify the root name as dot (.)
Next - zone file – allow both-Next – finish

* We should notice that forwarders &root servers are disabled.

Security: We can add sub administrator for administrator and set permission on these administrators.

Monitoring: used for troubleshooting DNS.

Event logging: Used for maintaining events occurred pertaining to DNS can be
Ø Errors only
Ø Errors & warnings
Ø All events (by default)

Debug Logging: to assist with debugging we can record the packets sent and received by the DNS server to a log file. Debug logging is disabled by default.

Implementing Round Robin:

Assigning multiple IPs to the NIC. By going to TCP/IP properties – advanced – add – multiple ips – ok (ex. 192.168.1.17, 192.168.1.18, 192.168.1.19)
Open DNS
create a primary zone – create a host record - create 3 more host records with the IPs created above

Verification:
Go to command prompt.
For clearing DNS cache

C:\> ipconfig /flushdns
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)