Contents Overview

Module 5: Resolving Host Names by Using Domain Name System (DNS)
1 3 12 28 43 50 68 76 80

Multimedia: The Role of DNS in the Network Infrastructure 2 Lesson: Installing the DNS Server Service Lesson: Configuring the Properties for the DNS Server Service Lesson: Configuring DNS Zones Lesson: Configuring DNS Zone Transfers Lesson: Configuring DNS Dynamic Updates Lesson: Configuring a DNS Client Lesson: Delegating Authority for Zones Lab A: Resolving Host Names by Using Domain Name System

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, MSDN, PowerPoint, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Module 5: Resolving Host Names by Using Domain Name System (DNS)

iii

Instructor Notes
Presentation: 4 hours 15 minutes Lab: 15 minutes This module provides students with the knowledge and ability to resolve names. After completing this module, students will be able to: Describe the role of Domain Name System (DNS) in the network infrastructure. Install the DNS Server service. Configure the properties of the DNS Server service. Configure DNS zones. Configure DNS zone transfers. Configure DNS dynamic updates. Configure a DNS client. Delegate authority for zones. Required materials To teach this module, you need the following materials: Microsoft® PowerPoint® file 2277b_05.ppt. The Implementation Plan Values document located in the Appendix at the end of the student workbook. The multimedia presentation The Role of DNS in the Network Infrastructure The multimedia presentation Overview of DNS Dynamic Updates Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Complete all practices and the lab. Practice demonstrating all procedures on the How To pages. Review the multimedia presentation The Role of DNS in the Network Infrastructure. Review the multimedia presentation Overview of DNS Dynamic Updates. Review prerequisite courses and modules.

An answer key for each lab exercise is located on the Student Materials compact disc. At the end of each module. and demonstrated the How To procedures for the lesson. the lab enables the students to practice the tasks that are discussed and applied in the entire module. The multimedia files are installed on the instructor computer. The details of how DNS works are provided in the topic and How To pages. To open a multimedia presentation. Practices After you have covered the contents of the topic. . In the right column are specific instructions that the students will need to perform the task (for example: From Active Directory Users and Computers. The students do not perform the tasks on the How To page with the instructor. Explain that this multimedia presentation provides a visual and high-level overview of DNS and the domain namespace. How To Pages. the module concludes with a lab. For the demonstrations that are not required. Using scenarios that are relevant to the job role. click the animation icon on the slide for that multimedia presentation. Most lessons include How To pages and a practice. explain that a practice will give students a chance for hands-on learning of all the tasks discussed in the lesson. A module includes two or more lessons. Estimated time for the multimedia presentation is 7 minutes. After students complete the lessons. practices.iv Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Teach This Module This section contains information that will help you to teach this module. the lab gives students a set of instructions in a two-column format. you can use London or Glasgow computers to demonstrate these How To procedures. They can also refer to the practices and How To pages in the module. The left column provides the task (for example: Create a group). double-click the domain node). in case the students need step-by-step instructions to complete the lab. It is important to not change any setting that could affect the successful completion of the practices and labs. How To pages The How To pages are designed for the instructor to demonstrate how to do a task. and labs are designed for this course. Labs Multimedia: The Role of DNS in the Network Infrastructure This section describes the instructional methods for teaching this multimedia presentation. They will use these steps to perform the practice at the end of each lesson. Practices. Important It is recommended that the trainer demonstrate each of the tasks on the How To page. and Labs Explain to the students how the How To pages.

domain. • For more information about InterNIC. What Is a Domain Namespace? Explain the purpose of a domain namespace. see the Configuring the Properties for the DNS Server Service lesson in this module. To present and demonstrate how to configure the DNS server. root domain. Direct the students to complete the following practice task: • Install the DNS Server service. Discuss the DNS naming standards. Direct the students to read the scenario. Important For instructional purposes. Explain the purpose of DNS. top-level domain. domain. root domain. this procedure only covers installing a DNS Server service. you can go to http://www. Practice: Installing the DNS Server Service Refer students to the Implementation Plan Values document at the end of their student workbooks. Standards for DNS Naming Explain the purpose of DNS naming standards. and subdomain are. top-level domain. Overview of Domain Name System Define Domain Name System (DNS). On the Welcome to the Configure a DNS Server Wizard page. and subdomain.Module 5: Resolving Host Names by Using Domain Name System (DNS) v Lesson: Installing the DNS Server Service This section describes the instructional methods for teaching this lesson. Explain what a fully qualified domain name (FQDN) is. second-level domain. Explain the purpose of Internet Network Information Center (InterNIC). . click Cancel. second-level domain. Reconvene class after all students have completed the practice. Provide examples of DNS names that comply with the DNS naming standards. Tell the students that they can refer to the How To pages covered in the lesson. How to Install the DNS Server Service Demonstrate how to install the DNS Server service. Explain the history of DNS. and discuss the results of the practice.internic. by referring to the illustration in the slide. Provide examples of domain namespace. Explain what a domain namespace.net.

by referring to the example illustrated in the slide. Explain the characteristics of an iterative query. Describe how a DNS server will respond if it is non-authoritative.vi Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring the Properties for the DNS Server Service This section describes the instructional methods for teaching this lesson. because this content is explained in depth later in the lesson. How Iterative Queries Work Define iterative query. including the DNS server. and DNS resource records. • This topic has a detailed animated slide. Describe how recursion works. Explain the purpose of a recursive query. so be sure to review the slide prior to class. by referring to the slide. so be sure to review the slide prior to class. Explain that a DNS server can be either authoritative or non-authoritative for the namespace of the query. Define query. DNS client. • Only briefly describe resource records. by referring to the slide. Describe how a recursive query works. What Are the Components of a DNS Solution? Describe the components of DNS. Describe the function of a root hint on the Internet and within the organization. Describe how both DNS clients and DNS servers can initiate queries for name resolution. Explain the characteristics of a recursive query. Describe how an iterative query works. . because there are topics later in this lesson that explain recursive and iterative queries in detail. Explain the purpose of an iterative query. How a Root Hint Works Define a root hint. What Is a DNS Query? Define recursive query. Describe how a referral works. • Only briefly explain that there are two types of queries. • • How Recursive Queries Work Describe how a DNS server will respond if it is authoritative. • This topic has a detailed animated slide.

Describe how DNS server caching works. Demonstrate how to clear the DNS server cache by using the DNS console. How to Configure Properties for the DNS Server Service Demonstrate how to update root hints on a DNS server. Explain the purpose of forwarders. Reconvene class after all students have completed the practice.Module 5: Resolving Host Names by Using Domain Name System (DNS) vii How Forwarders Work Define forwarder. Demonstrate how to configure a DNS server to use a forwarder. Practice: Configuring Properties for the DNS Server Service Refer students to the Implementation Plan Values document at the end of their student workbooks. Managing. Describe forwarder behavior. Implementing. exclusive mode. . see Module 4. by referring to the example illustrated in the slide. Describe how negative caching works. and conditional forwarding. How DNS Server Caching Works Define caching. • If students want more information about the DNS client resolver. “Resolving Names” in Course 2277. • This topic has a detailed animated slide. Explain what caching-only servers are. • This topic has a detailed animated slide. Direct the students to read the scenario. Direct the students to complete the task of configuring a DNS server to use a forwarder. Demonstrate how to clear the DNS server cache by using the dnscmd command. and Maintaining a Microsoft Windows® Server 2003 Network Infrastructure: Network Services. Explain the purpose of DNS server caching. so be sure to review the slide prior to class. Describe how a forwarder works. Tell the students that they can refer to the How To pages covered in the lesson. including nonexclusive mode. so be sure to review the slide prior to class. and discuss the results of the practice. Briefly explain what DNS client-side resolver caching is. by referring to the example illustrated in the slide.

Explain the purpose of DNS forward and reverse lookup zones. by referring to the illustrations in the slide. What Are DNS Zone Types? Explain that there are three DNS zone types: primary. and when it is beneficial to use a secondary zone. by referring to the slide. What Is a DNS Zone? Explain the purpose of a DNS zone. Describe how DNS data is stored and maintained. Describe the resource types. and when it is beneficial to use a primary zone. because these two topics will be covered in depth later in this lesson. Provide an example of a forward lookup zone and a reverse lookup zone. How to Change a DNS Zone Type What Are Forward and Reverse Lookup Zones? Demonstrate how to change a DNS zone type. by referring to the illustrations in the slide. Explain what a stub zone is. • Only briefly describe resource records and zones. What Are Resource Records and Record Types? Define resource record set. Discuss the characteristics of a DNS zone. you could create different types of resource records for the Demo.viii Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring DNS Zones This section describes the instructional methods for teaching this lesson. Provide an example of a resource record and record types. secondary. zone. Explain what a forward lookup and a forward lookup zone are. Explain the purpose of DNS zone types. and stub. Provide an example of a resource record set.com zone. and when it is beneficial to use a stub zone. Explain what a primary zone is. Explain what a reverse lookup and a reverse lookup zone are. Provide examples of DNS zones. . How DNS Data Is Stored and Maintained Define resource record. Explain what a secondary zone is. and zone file. Explain the purpose of resource records. • For example.

Demonstrate how to configure a forward lookup zone on a secondary zone type. Tell the students that they can refer to the How To pages covered in the lesson. DNS zone transfer. Reconvene class after all students have completed the practice. Explain the purpose of a DNS zone transfer. • Configure a reverse lookup zone on a secondary zone type. by referring to the illustrations in the slide. secondary server. • This topic has a detailed animated slide. master server. so be sure to review the slide prior to class. Direct the students to read the scenario. Define primary DNS server. incremental zone transfer. Describe process of DNS notify. so be sure to review the slide prior to class. Lesson: Configuring DNS Zone Transfers This section describes the instructional methods for teaching this lesson. .Module 5: Resolving Host Names by Using Domain Name System (DNS) ix How to Configure Forward and Reverse Lookup Zones Demonstrate how to configure a forward lookup zone on a primary zone type. • Configure a forward lookup zone on a primary zone type. full zone transfer. Explain the purpose of DNS notify. AXFR. How DNS Zone Transfers Work Explain that there are two types of DNS zone transfers: full and incremental. Demonstrate how to configure a forward lookup stub zone. • This topic has a detailed animated slide. and IXFR. and discuss the results of the practice. Direct the students to complete the following practice tasks: • Configure a forward lookup zone on a secondary zone type. Practice: Configuring DNS Zones Demonstrate how to configure a reverse lookup zone on a secondary zone type Refer students to the Implementation Plan Values document at the end of their student workbooks. Describe the DNS zone transfer process. Demonstrate how to configure a reverse lookup zone on a primary zone type. How DNS Notify Works Define DNS notify and notify list. by referring to the illustrations in the slide.

and discuss the results of the practice. Discuss types of DHCP clients that can dynamically register and update resource records. Describe the process of dynamically updating Microsoft Windows XP clients. To open a multimedia presentation. How DNS Clients Register and Update Their Own Resource Records by Using Dynamic Updates How a DHCP Server Registers and Updates Resource Records by Using Dynamic Updates Discuss types of DNS clients that can dynamically register and update resource records. and how DHCP interoperates with DNS. Describe the process of dynamically updating DNS clients. Direct the students to complete the task of configuring DNS zone transfer and DNS notify on a primary forward lookup zone. Lesson: Configuring DNS Dynamic Updates This section describes the instructional methods for teaching this lesson. Define down-level client. Reconvene class after all students have completed the practice. Refer students to the Implementation Plan Values document at the end of their student workbooks. Explain the purpose of DNS dynamic updates by using a DHCP server. click the animation icon on the slide for that multimedia presentation. Tell the students that they can refer to the How To pages covered in the lesson. by referring to the illustrations in the slide. Direct the students to read the scenario.x Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure DNS Zone Transfers Practice: Configuring DNS Zone Transfers Demonstrate how to configure a DNS zone transfer and DNS notify. Describe the process of dynamically updating down-level clients. Explain the purpose of dynamic updates. The multimedia files are installed on the instructor computer. by referring to the illustrations in the slide. Details are provided in the topic and How To pages. Estimated time for the multimedia presentation is 5 minutes. Discuss circumstances for manually configuring dynamic updates. Explain that this multimedia presentation provides a visual and high-level overview of DNS dynamic updates. the difference between manual and dynamic updates. What Are Dynamic Updates? Define dynamic update and manual update. Multimedia: Overview of DNS Dynamic Updates This section describes the instructional methods for teaching this multimedia presentation. .

Demonstrate how to configure a Windows XP Professional client to dynamically update its DNS resource records in DNS. students must configure the: • • DNS server to accept dynamic updates. What Is an Active Directory–Integrated DNS Zone? How Active Directory– Integrated DNS Zones Use Secure Dynamic Updates Define Active Directory-integrated DNS zone. DHCP server to create dynamic updates on behalf of the DHCP clients. Explain the characteristics of Active Directory-integrated DNS zones. Explain the difference between nonsecure and secure-only dynamic updates. Demonstrate how to manually create DNS resource records. Demonstrate how to configure a DHCP server running Windows Server 2003 to dynamically update DNS resource records in DNS on behalf of DHCP clients. How to Configure Active Directory-Integrated DNS Zones to Allow Secure Dynamic Updates Demonstrate how to configure Active Directory-integrated DNS zones to allow secure dynamic updates. Explain that to use a DHCP server for dynamic updates. • This topic has a detailed animated slide. Explain the purpose of secure dynamic updates. Define secure dynamic update. .Module 5: Resolving Host Names by Using Domain Name System (DNS) xi How to Configure DNS Manual and Dynamic Updates Explain that to use a DNS client for dynamic updates. Demonstrate how to configure security on an Active Directory-integrated DNS zone. Describe the sequence of events in the secure dynamic update process. DNS clients to create dynamic updates for themselves. Demonstrate how to configure a DNS server running Windows Server 2003 to accept dynamic updates of DNS resource records. Explain the purpose of Active Directory-integrated DNS zones. students must configure the: • • DNS server to accept dynamic updates. so be sure to review the slide prior to class.

Demonstrate how to manually configure a DNS client to use preferred and alternate DNS servers.xii Module 5: Resolving Host Names by Using Domain Name System (DNS) Practice: Configuring DNS Dynamic Updates Refer students to the Implementation Plan Values document at the end of their student workbooks. Demonstrate how to configure the DNS server option and the DNS suffix option in Dynamic Host Configuration Protocol (DHCP). and discuss the results of the practice. Tell the students that they can refer to the How To pages covered in the lesson. Direct the students to read the scenario. and discuss the results of the practice. Explain the Connection-specific suffix by referring to the illustration in the slide. Direct the students to read the scenario. Tell the students that they can refer to the How To pages covered in the lesson. Describe the process of contacting preferred and alternate servers. • Configure a DHCP server to dynamically update DNS resource records on behalf of DHCP clients. Describe how suffixes are applied. Direct the students to complete the following practice tasks: • Configure a DNS server to accept dynamic updates for a forward lookup zone. by referring to the illustrations in the slide. Reconvene class after all students have completed the practice. • View DNS client settings by using ipconfig. Explain the Suffix selection option by referring to the illustration in the slide. Practice: Configuring a DNS Client Refer students to the Implementation Plan Values document at the end of their student workbooks. How to Configure a DNS Client . Direct the students to complete the following practice tasks: • Configure a DNS client. Explain the purpose of preferred and alternate DNS servers. Reconvene class after all students have completed the practice. • Manually create DNS host resource records. Lesson: Configuring a DNS Client This section describes the instructional methods for teaching this lesson. How Suffixes Are Applied Explain the purpose of configuring suffixes. How Preferred and Alternate DNS Servers Work Define preferred DNS server and alternate DNS server.

Explain the purpose of delegation. as there is no practice for this lesson. • The students will not have an opportunity to practice this task. by referring to the illustrations in the slide. How to Delegate a Subdomain to a DNS Zone Explain how to apply the guideline. What Is Delegation of a DNS Zone? Define delegation. Demonstrate how to delegate a subdomain to a DNS zone.Module 5: Resolving Host Names by Using Domain Name System (DNS) xiii Lesson: Delegating Authority for Zones This section describes the instructional methods for teaching this lesson. . Provide an example of delegating a DNS zone.

.

Configure a DNS client. After completing this module. Configure dynamic updates.Module 5: Resolving Host Names by Using Domain Name System (DNS) 1 Overview *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A network solution needs to include Domain Name System (DNS) to connect the components of the network infrastructure. Objectives . Configure a DNS zone. you will learn how to resolve host names by using DNS. In this module. Install the DNS Server service. Delegate authority for zones. An important factor in connecting components is the resolution of the host names to Internet Protocol (IP) addresses. Configure DNS zone transfers. you will be able to: Describe the role of DNS in the network infrastructure. Configure the properties for the DNS Server service.

Define the key components of DNS. or map. click Multimedia. DNS is used by most internetworking software (such as electronic mail programs and Web browsers) to locate servers and to resolve. Discuss DNS zones and zone transfer. Discuss the DNS domain namespace. Explain forward lookup queries. a user-friendly name of a computer to its IP address. Discuss DNS name servers. which are discrete and contiguous areas of the domain namespace. Domains can be organized into zones. Key points DNS is a distributed database system that can serve as the foundation for name resolution in an Internet Protocol (IP) network. Objectives . The domain namespace provides the structure of a DNS distributed database.2 Module 5: Resolving Host Names by Using Domain Name System (DNS) Multimedia: The Role of DNS in the Network Infrastructure *****************************ILLEGAL FOR NON-TRAINER USE****************************** File location To start the Role of DNS in the Network Infrastructure presentation. open the Web page on the Student Materials compact disc. and then click the title of the presentation. you will be able to: Explain the role and benefits of DNS in the network infrastructure. Explain how the hosts name resolution process works. At the end of this presentation. The name-to-IP address data for all computers located in a zone is stored in a zone database file on a DNS name server.

Module 5: Resolving Host Names by Using Domain Name System (DNS) 3 Lesson: Installing the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives The first step in being able to resolve host names is to install the DNS Server service. you will be able to: Explain the purpose and basics of DNS. Install the DNS Server service. After completing this lesson. Explain the standards for DNS naming. . Explain what a domain namespace is.

com) into IP addresses (such as 192. DNS is the foundation of the Internet naming scheme. such as e-mail servers and domain controllers in the Active Directory® directory service.microsoft. DNS supports accessing resources by using alphanumeric names. With DNS. distributed database that contains mappings of DNS host names to IP addresses. you would have to locate the IP addresses of resources to access those resources. Because the DNS database is distributed. and it is also the foundation of an organization’s Active Directory domain-naming scheme. it would be difficult to maintain an accurate list of which IP addresses match which resources. DNS allows users to focus on alphanumeric names. the host names reside in a database that can be distributed among multiple servers. Purpose of DNS .0. DNS also enables the discovery of network services.4 Module 5: Resolving Host Names by Using Domain Name System (DNS) Overview of Domain Name System *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Definition DNS is a name resolution service. Because resource IP addresses can change.168. rather than on IP addresses. its size is unlimited and performance does not degrade much when more servers are added. DNS supports hierarchical names and allows registration of various data types in addition to the host name-to-IP address mapping that is used in the Hosts files.1). DNS enables the location of computers and services by using alphanumeric names. which are easy to remember. decreasing the load on any one server and providing the ability to administer this naming system on a per-partition basis. which remain relatively constant in an organization. Without DNS. DNS resolves human readable addresses (such as www. Domain Name System (DNS) is a hierarchical.

History of DNS DNS began in the early days of the Internet. Note For more information about InterNIC. when the Internet was a small network that the United States Department of Defense established for research purposes. and also for registering domain names. The Internet Network Information Center (InterNIC) manages the root.net. go to http://www.Module 5: Resolving Host Names by Using Domain Name System (DNS) 5 InterNIC The conceptual naming system on which DNS is based is a hierarchical and logical tree structure called the domain namespace. which are located throughout the network. or the highest level of the domain namespace. There was an increasing need for a new system that would offer features such as scalability. The host names of the computers in this network were managed by the use of a single Hosts file that was located on a centrally administered server. Domain names are managed through the use of a distributed database system of name information stored on name servers. .internic. the traffic that was generated by the update process increased—in addition to the size of the Hosts file. InterNIC is responsible for delegating administrative responsibility for portions of the domain namespace. DNS was introduced in 1984 and became this new system. Each site that needed to resolve host names on the network downloaded this single file. Each name server has database files that contain recorded information for a selected region within the domain tree hierarchy. As the number of hosts on the Internet grew. decentralized administration. and support for various data types.

in DNS. It is sometimes represented in DNS names by a trailing period (. organizing and locating resources is greatly simplified. The domain namespace is a hierarchical naming tree that DNS uses to identify and locate a given host in a given domain relative to the root of the tree. The principal convention is simply this: for each domain level. from the top-level root of the tree to the bottomlevel branches of the tree. Purpose of a domain name space Domain namespace Root domain . The domain name identifies a domain’s position in the name tree relative to its parent domain. they are not the same as and should not be confused with Active Directory domains. The names in the DNS database establish a logical tree structure called the domain namespace. is any tree or subtree within the overall domain namespace. top-level domains. second-level domains. the domain namespace refers to any domain name tree structure in its entirety. the DNS namespace and the host name are the fully qualified domain name (FQDN). This is the root node of the DNS tree. Domain A domain. and (possibly) subdomains.6 Module 5: Resolving Host Names by Using Domain Name System (DNS) What Is a Domain Namespace? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A DNS namespace includes the root domain.) is used to separate each subdomain descendent from its parent-level domain. It is unnamed (null). For the purposes of using and administering a DNS service. Together. Because of the hierarchical structure of the DNS namespace. a period (. Although the names for DNS domains are used to name Active Directory domains. The DNS namespace allows display names of resources to be organized in a logical structure that is easy for users to understand.) to designate that the name is at the root or highest level of the domain hierarchy. The tree must fit the accepted conventions for representing DNS naming.

which InterNIC registers and assigns to the Microsoft Corporation.microsoft. .microsoft. that portion of the namespace under the administrative control of the Internet governing body.microsoft.com.sales.corp.. Examples of subdomain names are as follows. The illustration in the slide shows the DNS namespace for a company that is Internet-connected. The second-tier domain nwtraders. east.microsoft” portion of the domain name.com. and the subdomain sales. The root domain and first-tier domains . . the top-level domain name is the “.net. You can use the domain corp.. Northwind Traders.example. In the example www. for internal purposes. such as an Active Directory forest. Subdomain Fully qualified domain name Example A fully qualified domain name (FQDN) is a DNS domain name that has been stated unambiguously for the purpose of indicating with absolute certainty its location in the domain namespace tree. Note An internal corporate namespace. The FQDN for the host server1.microsoft.local. under administrative control of the company. . . or another namespace that is not recognized on the Internet. server1.com.org represent the Internet namespace.south.com.com.com. the second-level name is the “. In addition to a second-level name that is registered with InterNIC. Second-level domain A second-level domain name is a unique name of varying length that InterNIC formally registers to an individual or organization that connects to the Internet. which indicates that this name has been registered to a business organization for commercial use.nwtraders.finance. all represent the private namespace. .com” portion of the domain name.Module 5: Resolving Host Names by Using Domain Name System (DNS) 7 Top-level domain This is the trailing (rightmost) portion of a domain name. south.sales.local. a large organization can choose to further subdivide its registered domain name by adding further subdivisions or departments that are each represented by a separate name portion.example. In the example of www. and its subdomains west. does not have to end in a valid top-level domain. Usually a top-level domain is stated as a two or three-character name code that identifies either organizational or geographical status for the domain name. and . tells you exactly where this host resides in the namespace relative to the root of the namespace.

The underscore (_) character is reserved for special purposes in SRV records.8 Module 5: Resolving Host Names by Using Domain Name System (DNS) Standards for DNS Naming *****************************ILLEGAL FOR NON-TRAINER USE****************************** Purpose of DNS naming standards DNS naming standards are designed to allow for consistency between any implementations of DNS. their implementation can interoperate with other DNS implementations. For example. Request for Comments (RFC) 1123 specifies the following characters as valid for DNS names. A-Z a-z 0-9 Hyphen (-) All characters that are invalid are replaced by hyphens. it is strongly recommended that DNS names be limited to the characters specified in RFC 1123. so that no matter who implements DNS. if you use an underscore in the computer name. see RFC 2782 DNS naming standards . Although DNS servers running Microsoft® Windows® 2000 and later include support for extended ASCII and Unicode characters. then it will be replaced by a hyphen. DNS naming standards allow a limited subset of the ASCII character set for DNS. DNS naming standards are the global rules. For more information. Because of DNS naming standards. organizations that implement a DNS namespace can also use the same namespace on the Internet.

and then select Run as. and then click Control Panel. select The following user. On the Server Role page. To install a DNS server: Note For instructional purposes. Click Start. and then click Next. In Control Panel.Module 5: Resolving Host Names by Using Domain Name System (DNS) 9 How to Install the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The first step in creating a DNS solution for resolving host names is to install the DNS Server service. select DNS server. 5. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. 6. type a user account and password that has the appropriate permissions to complete the task. 4. 1. . see the Configuring the Properties for the DNS Server Service lesson. 7. in this module. Guideline Procedure for installing the DNS Server service You need to have administrative rights to install the DNS Server service. On the Preliminary Steps page. right-click Manage Your Server. open Administrative Tools. and then click OK. 2. click Next. this procedure only covers installing a DNS Server service. In the Run As dialog box. In the Manage Your Server Wizard window. 3. Log on with a non-administrative user account. To learn about and practice configuring the DNS server. click Add or remove a role.

9. Note You will configure the DNS service in a later practice. If prompted. On the Configure Your Server Wizard page.10 Module 5: Resolving Host Names by Using Domain Name System (DNS) 8. click Finish. . click Next. 10. On the Summary of Selections page. On the Welcome to the Configure a DNS Server Wizard page. 11. click Cancel. insert the Microsoft Windows Server 2003 CD.

you will install the DNS Server service. Scenario The Lab department has been designed to use a corporate DNS server for name resolution. refer to the Implementation Plan Values document. do not configure the DNS server at this time. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the task. Install the DNS Server service Complete this task from both student computers User name: nwtraders\ComputerNameAdmin Password: P@ssw0rd For practice purposes. You will install the DNS Server service for your subnet. Practice . The systems engineer has approved a new DNS server for each Lab department subnet.Module 5: Resolving Host Names by Using Domain Name System (DNS) 11 Practice: Installing the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice. To complete this practice. located in the Appendix at the end of your student workbook.

After completing this lesson. Describe how DNS server caching works. you will be able to: Explain what the components of a DNS solution are. Configure the properties for the DNS Server service.12 Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring the Properties for the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A DNS solution is made up of the DNS server. Describe how root hints work. and the resources that are referenced by the resource records in DNS. After installing the DNS Server service. the next step is to properly configure the DNS server for your environment. Describe how forwarders work. Lesson objectives . Describe how iterative queries work. Explain what a DNS query is. DNS clients. Describe how recursive queries work.

. Component DNS Server Description • A computer running the DNS service • Hosts a namespace or portion of a namespace (domain) • Authoritative for a namespace or domain • Resolves the name resolution requests that DNS clients (DNS Client=Resolver) submit DNS Client DNS Resource Records • A computer running the DNS Client service • Entries in the DNS database that map host names to resources Note For the purposes of this course.Module 5: Resolving Host Names by Using Domain Name System (DNS) 13 What Are the Components of a DNS Solution? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Components of DNS The components of a DNS solution are described in the following table. The resource records are located in the DNS server database. if your DNS solution is connected to the Internet. Example The components of a DNS solution are the DNS clients. and the DNS resource records. then the DNS servers on the Internet can be used. Alternatively. the name server is referred to as a DNS server. the DNS servers.

DNS clients and DNS servers both initiate queries for name resolution. A client-system may issue a query to a DNS server. Note Recursive and iterative queries will be covered later in this lesson. How DNS queries are initiated . A DNS query is the DNS client resolver asking the DNS server for the IP address of the supplied name. and that DNS server may then issues queries to other DNS servers.14 Module 5: Resolving Host Names by Using Domain Name System (DNS) What Is a DNS Query? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition A query is a request for name resolution that is sent to a DNS server. The DNS query is how the service or application obtains the IP address of the resource so that it can access it. Purpose of a DNS query The purpose of a DNS solution is to allow users to access resources by using alphanumeric names. There are two types of queries: recursive and iterative.

Module 5: Resolving Host Names by Using Domain Name System (DNS) 15 Authoritative and nonauthoritative DNS servers A DNS server can be either authoritative or non-authoritative for the namespace of the query. If the DNS server is authoritative for the namespace of the query. the DNS server will either: Forward the unresolvable query to a specific server called a forwarder. see the Configuring DNS Zones lesson in this module. To be authoritative means that a DNS server hosts a primary or secondary copy of a DNS zone. For more information about root hints. This process is also called root hints. the DNS server will either: Check the cache.” If the local DNS server is non-authoritative for the namespace of the query. check the zone. and then return the requested address. Return an authoritative. “No. Note Forwarders are discussed later in this lesson. Use well-known addresses of multiple root servers to step up the DNS tree to locate an answer for the query. .

By using a recursive query. The answer to a recursive query will always be either a positive or negative response. in which the DNS client asks the DNS server to provide a complete answer to the query. The DNS client asks the DNS server for the host-to-IP address mapping. A recursive query puts the burden of delivering a final answer on the queried server. Recursive queries can be initiated either by a DNS client or by a DNS server that is configured for forwarders. the DNS client can trust the DNS server to locate the host name-to-IP address mapping.16 Module 5: Resolving Host Names by Using Domain Name System (DNS) How Recursive Queries Work *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition A recursive query is a query made to a DNS server. Purpose of a recursive query Recursive query . and then accepts the response from the DNS server. A recursive query cannot redirect to another DNS server. The only acceptable response to a recursive query is either the full answer or a reply that the name could not be resolved. A response stating that the domain name specified does not exist. An error stating that data of the requested type does not exist. the queried DNS server is petitioned to respond with one of the following responses: The requested data. In a recursive query.

If the answer to the query is found. The DNS server checks the cache to locate the record.msft. it searches the zone for the resource record. 2. If an answer is not found. then the DNS server returns the answer to the client. Example In the illustration. If the cache does not contain the record. 4. the DNS client is asking the DNS server for the IP address of the supplied display name. The DNS client. then the server returns the IP address for the queried record. then the DNS server locates the authoritative DNS server for the nwtraders. The client sends a recursive query to the local DNS server. If the record does not exist.msft domain. then the DNS server informs the client that the record was not found. using the DNS resolver service. . If the DNS server is authoritative for the domain. then the DNS server uses a forwarder address or root hints to locate an answer.Module 5: Resolving Host Names by Using Domain Name System (DNS) 17 How a recursive query works The following steps describe how a recursive query from a client to that client’s configured DNS server works: 1. The DNS client then accepts the response from the DNS server. If the record exists.nwtraders. The local DNS server checks the forward lookup zone and cache for an answer to the query. 3. sends a DNS query to the DNS server for the IP address of mail1.

because in it only the internal domains can be resolved.18 Module 5: Resolving Host Names by Using Domain Name System (DNS) How a Root Hint Works *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Function of a root hint Root hints are DNS resource records. If the DNS server does not have the IP address of the authoritative DNS server for that domain. The DNS root server then returns the IP address of the domain to the left of the root domain and the DNS server continues down the FQDN till it locates the authoritative domain. then the DNS server will query a root server for the domain to the left of the root domain of the query. Root hints are stored in the file Cache. stored on a DNS server. When the DNS server receives a DNS query. that list the IP addresses for the DNS root servers. located in the %Systemroot%\System32\Dns folder. and if the DNS server is configured with the root hints IP addresses.dns. then the only names that will be available for resolution are those to which the local DNS server can refer (normally local addresses only). This configuration can sometimes be used for security purposes. Root hints can also point to a local DNS server. root hints list the IP addresses for the DNS root servers that InterNIC maintains on the internet. If the root hints point to a local server. Function of root hints within the organization Under normal circumstances. . it checks the cache. The DNS server then attempts to locate the authoritative DNS server for the queried domain.

which can now use the client’s recursive query.Module 5: Resolving Host Names by Using Domain Name System (DNS) 19 How Iterative Queries Work *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition An iterative query is a query made to a DNS server in which the DNS client requests the best answer that the DNS server can provide without seeking further help from other DNS servers. and will even query DNS servers at different levels in the domain namespace to eventually locate the authoritative DNS server for the original query. Negative answers. For clarification. The purpose of an iterative query is that the DNS server. is responsible for finding an answer to the client’s question. Referrals to other servers. In an iterative query. Answers to iterative queries can be: Positive answers. that issues the iterative query. Note One local DNS server usually issues iterative queries to another DNS server elsewhere in the namespace while trying to resolve a name query on behalf of a client. The result of an iterative query is often a referral to another DNS server lower in the DNS tree. on the local DNS server. A DNS server typically makes an iterative query to other DNS servers after it has received a recursive query from a client. it is the DNS Client service. Iterative queries are also sometimes called nonrecursive queries. The DNS server will search its own database for an answer. A referral would not be an acceptable response to a recursive query. Purpose of an iterative query Iterative query . the queried name server returns the best answer it currently has to the requestor.

For example: The local DNS server receives a recursive query from Computer1 for mail1. For example: The local DNS server then makes an iterative query to the DNS server for . on the local DNS server.com. The Root server responds with a referral to a DNS server closer to the submitted domain name. So it begins the process of locating the authoritative DNS server by querying additional DNS servers. or until an error or a time-out condition is met.com. The local DNS server receives a recursive query from a DNS client. The local DNS server sends an iterative query to the root server to obtain an authoritative name server. For example: The local DNS server sends this authoritative response to Computer1.com. transparent to the user. To locate the authoritative DNS server for the domain. can then query the DNS server for which it obtained a referral. the local DNS server has failed to resolve the requested name by using cached data and is not authoritative for the domain.20 Module 5: Resolving Host Names by Using Domain Name System (DNS) Referral A referral is a list of targets. The process continues until the local DNS server receives an authoritative response. How an iterative query works In the illustration. . A referral points to a DNS server that is authoritative for a lower level of the domain namespace. 3. which the querying server follows until it receives a definitive answer.com by using the appropriate IP address. The local DNS server then receives an authoritative response from the DNS server for nwtraders. Recursion always ends when a server that owns the namespace gives either a positive or negative reply. The referral information is cached on the client for a time period specified in the DNS configuration. For example: The DNS server for .nwtraders. The response is then sent to the DNS client. which can then connect to mail1.com responds with a referral to the DNS server for nwtraders. It continues this process until it locates a DNS server that is authoritative for the queried name. the DNS server resolves the FQDN from the root to the host by using iterative queries. For example: The root server responds with a referral to the DNS server for . 2. the local DNS server sends an iterative query to the DNS server for nwtraders. Recursion Recursion is a DNS server function in which one DNS server issues a series of several iterative queries to other DNS servers while responding to a recursive query that a DNS client issues.com to obtain an authoritative name from the authoritative name server. 1. The queried DNS servers return referrals. which a client receives from DNS when the user is accessing a root or a link in the DNS namespace. then the best possible information it can return is a referral.com.nwtraders.com. The process that this example uses is as follows. The DNS client. 4. The local DNS server then makes an iterative query to the DNS server that is closer to the submitted domain name. 6. If the queried DNS server does not have an exact match for the queried name. Next. 5.

The forwarder sends an iterative query to the root server to obtain an authoritative name from an authoritative name server. On a globally connected network like the Internet. 3. it attempts to locate the requested information within its own zone files. . The forwarder then begins the process of querying other name servers by using iterative queries. DNS forwarders use the following process: 1. either because the server is not authoritative for the domain requested or because it does not have the record cached from a previous lookup. The local DNS server receives a recursive query from a DNS client. 2. Creating DNS forwarders is a way to designate specific name servers as being responsible for WAN-based DNS traffic. the server must communicate with other name servers to resolve the request. For example: The local DNS server receives a recursive query from Computer1. The local DNS server forwards the request to the forwarder. DNS queries that are outside a local zone may require interaction with DNS name servers across wide area network (WAN) links outside of the organization. the local DNS server has failed to resolve the requested name by using its zone files and cached data. Process of DNS forwarders In the illustration. Specific DNS name servers can be selected to be forwarders. If this fails. which servers will resolve DNS queries on behalf of other DNS servers.Module 5: Resolving Host Names by Using Domain Name System (DNS) 21 How Forwarders Work *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Purpose of forwarders A forwarder is a DNS server that other internal DNS servers designate to forward queries for resolving external or offsite DNS domain names. so it forwards the request to the forwarder. When a DNS name server receives a query.

The forwarder then makes an iterative query to the DNS server that is closer to the submitted domain name. The forwarder then receives an authoritative response from the DNS server for nwtraders.com responds with a referral to the DNS server for nwtraders. 7. The process continues until the forwarder receives an authoritative response. Forwarder behavior Nonforwarding name servers are configured to use forwarders. 6. For example: The forwarder then makes an iterative query to the DNS server for .22 Module 5: Resolving Host Names by Using Domain Name System (DNS) 4. the name server that received the original query attempts to resolve the query on its own. which then sends the response to the DNS client. The forwarder sends the response to the local DNS server. which then sends the response to Computer1. 5. A name server can use a forwarder either in a nonexclusive or in an exclusive mode. if the forwarder is unable to resolve the request. Conditional forwarding allows a DNS server to use a forwarder when the server resolves a selected set of domains. . The root server responds with a referral to a DNS server that is closer to the submitted domain name. For example: The DNS server for . For example. the forwarder sends an iterative query to the DNS server for nwtraders. DNS servers may be configured with the address of one or more forwarders. In an exclusive mode.com. For example: The forwarder sends the response to the local DNS server. if the forwarder is unable to resolve the query. conditional forwarding would allow a DNS server to forward IP address resolution requests for hosts in a partner organization that has a private DNS infrastructure to the DNS server in the partner organization.com. while all other requests could be resolved in the normal manner.com. the forward-only server returns a query failure to the original requestor.com. Forward-only servers make no attempt to resolve the query on their own if the forwarder is unable to satisfy the request. For example: The root server responds with a referral to the DNS server for . Next.com to obtain an authoritative name server. In a nonexclusive mode.

Caching provides faster query responses and reduces DNS network traffic. changes made in resource records might not be immediately available to the entire Internet. The server administrator for the primary zone that contains the data decides on the TTL for the data. the local name server starts at the top of the DNS tree with one of the root name servers and works its way down until the requested data is found. the TTL starts to count down so that the DNS server will know when to delete the data from its cache. and uses the TTL that the server sends. Smaller TTL values help ensure that information about the domain is more consistent across the network. This greatly reduces response time. However. it includes the remaining TTL for the data.Module 5: Resolving Host Names by Using Domain Name System (DNS) 23 How DNS Server Caching Works *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Purpose of DNS server caching Caching is the process of temporarily storing recently accessed information in a special memory subsystem for quicker access. When a server is processing a recursive query. and it also increases Internet traffic. a smaller TTL also increases the load on the name servers that contain the name. The resolver then caches this data. By caching DNS responses. it might be required to send out several queries to find the definitive answer. Because data is cached. in the event that this data changes often. and eliminates the associated network traffic of sending the query out to another DNS server. This amount of time is referred to as Time to Live (TTL) and is specified in seconds. The server caches all of the information that it receives during this process for a time period that is specified in the returned data. After a DNS server caches data. In a worst-case scenario for resolving a name. When the DNS server answers a query by using its cached data. the DNS server can resolve future queries for that record from the cache. The process for DNS server caching .

the DNS server can respond from the cached response for this resource. cachingonly servers are DNS name servers whose only job is to perform queries. The DNS client first checks the local cache before contacting the DNS server. (The TTL is provided by the authoritative DNS server that supplies the response. This eliminates the network traffic that would have to take place to resolve the query if it had not been in cache. DNS client-side resolver caching The DNS client resolver also caches resolved host-to-IP mapping data.msft. Caching-only server Although all DNS name servers cache queries that they have resolved.24 Module 5: Resolving Host Names by Using Domain Name System (DNS) Negative caching In addition to caching positive query responses (which contain resource record information in the reply) from DNS servers. With the help of root hints.com. the DNS Client service also caches negative query responses. Example In the illustration. provided that the data is still in the cache.. and return the results. and they only contain information that they have cached while resolving queries. Any query information that is negatively cached is kept for a shorter period of time than positive query responses. “Resolving Names. Note For more information about DNS client resolver.) The DNS client also caches the record in its local DNS resolver cache by using the TTL that the DNS server provides. because the local DNS server does not have to query DNS servers outside of the organization.contoso.contoso. DNS clients can also perform negative caching. and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services. the DNS server caches the resource with a TTL value. see Module 4. Managing. When Client2 queries for clientA. you can see that the first time Client1 sends a query for clientA. the DNS server must use iterative queries to locate the resource. by default. When the authoritative response is sent to the local DNS server. cache the answers. This means that the DNS server can respond faster to the query. Negative caching prevents the repeating of additional queries for names that do not exist.” in Course 2277. Caching-only servers do not have primary or secondary zones. .msft. A negative response results when a resource record for the queried name does not exist. Implementing. They are not authoritative for any domains. it becomes a caching-only server in its initial state. no more than 5 minutes.. A DNS server running Windows Server 2003 in its initial installation configuration does not have any zones. The 5 minute value limits continued negative caching of stale information if the records later become available.

Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. you need to update the root hints on a DNS server. . Enter the FQDN and IP address of the Name Server.Module 5: Resolving Host Names by Using Domain Name System (DNS) 25 How to Configure Properties for the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure properties for the DNS Server service. Root hints determine whether your servers go to the root server on the Internet or an internal root server. 3. Edit the FQDN or IP address of the Name Server. In the DNS console. On the Root Hints tab. click Properties. On the Action menu. • Remove to remove a Name Server. • Edit to edit a Name Server. 4. Open the DNS console. select the appropriate server. • Copy from Server to copy the list of Name Servers from a DNS server. you can click: • Add to add a Name Server. You may also want to configure a DNS server to use a forwarder in addition to updating the DNS cache. Click OK to close the Properties dialog box. 5. Procedure for updating root hints on a DNS server To update root hints on a DNS server: 1. 2. and then close the DNS console.

On the DNS server. 6. On the Action menu. and then click OK. select the server. On the DNS server. install Support Tools from the Windows 2003 Server CD. Procedure for clearing the DNS server cache by using the DNS console To clear the DNS server cache by using the DNS console: 1. 3. 2. 8. In the DNS console. On the Action menu. 2. at the command prompt. 4. click New. Open the DNS console. and then click OK. click Properties. and then click Add. If required. click Clear Cache. On the Forwarders tab. Close the DNS console.26 Module 5: Resolving Host Names by Using Domain Name System (DNS) Procedure for configuring a DNS server to use a forwarder To configure a DNS server to use a forwarder: 1. type the name of the DNS domain that the DNS server will forward queries for. select the appropriate server. 9. on the Forwarders tab. In the New Forwarder dialog box. Note The dnscmd command will be discussed in Module 6. select the option Do not use recursion for this domain. In the DNS console. “Managing and Monitoring Domain Name System (DNS).” . type dnscmd Server_Name /clearcache (where Server_Name is the name of the DNS server). 5. Open the DNS console. in the Number of seconds before forward queries time out box. On the Forwarders tab. type the IP address of the DNS server that will act as the forwarder for queries that are in the server’s DNS domain. type the value in seconds. 2. On the Forwarders tab. Procedure for clearing the DNS server cache by using the command line To clear the DNS server cache by using the dnscmd command: 1. in the Selected domain’s forwarder IP address list field. 3. 7.

You have configured a specific DNS server to send DNS queries out to the Internet. To complete this practice. located in the Appendix at the end of your student workbook. To minimize DNS traffic you have decided to limit the number of DNS servers that can send DNS traffic out. you will configure properties for the DNS Server service.Module 5: Resolving Host Names by Using Domain Name System (DNS) 27 Practice: Configuring Properties for the DNS Server Service *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice.200 Do not use recursion for this domain: enable Practice . Scenario Your company is concerned about the amount of DNS traffic that is sent across the Internet. you are going to configure them to use this DNS server as a forwarder.168. refer to the Implementation Plan Values document. You will configure your DNS server to forward DNS queries to the DNS server that is acting as the forwarder DNS server.x. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the task. To allow your remaining DNS servers to resolve Internet DNS queries. Configure a DNS server to use a forwarder Complete this task from both student computers User name: nwtraders\ComputerNameAdmin Password: P@ssw0rd DNS domain: leave defaults Forwarder IP address: 192.

Explain what DNS zone types are. then the DNS service will be able to support host name resolution. Differentiate when to use stub zones and when to use conditional forwarders. After completing this lesson. Explain what resource records and record types are. you will be able to: Describe how data is stored and maintained. Change a DNS zone type. Explain what forward lookup zones and reverse lookup zones are.28 Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring DNS Zones *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction After you have created DNS zones. and when the DNS zones are populated with resource records. Explain what a DNS zone is. Configure forward lookup zones and reverse lookup zones. Lesson objectives .

you are ready to complete the DNS service by adding host name-to-IP address mappings. Process After you have installed the DNS Server service and configured the properties of the DNS service. A zone file is the file on the DNS server’s local hard drive that contains all of the configuration information for a zone and the resource records contained therein. and the zones that you will create are dictated by your DNS needs in your environment. A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS namespace. the DNS service will be able to support host name resolution. you create a zone file to store the zone properties and resource records. Before you can add the resource records. After you have created DNS zones. . you must have a structure in DNS that can hold them. and when the DNS zones are populated with resource records. When you create a zone. These logical containers are called zones in DNS. There are many different types of resource records. There are several different configurations of zones in DNS. These mappings are referred to as resource records in DNS. The types of resource records that you create in DNS will depend on your DNS needs.Module 5: Resolving Host Names by Using Domain Name System (DNS) 29 How DNS Data Is Stored and Maintained *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definitions A resource record is a standard DNS database structure containing information that is used to process DNS queries.

30 Module 5: Resolving Host Names by Using Domain Name System (DNS) What Are Resource Records and Record Types? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Purpose of resource records Users can access DNS resource records for themselves.microsoft. • An A record resolves from a host name to an IP address. the logon process locates a domain controller by querying a DNS server.1. Resource types Different record types represent different types of data stored within the DNS database. 10.com resolves to 10. The following tables list record types. • A records are the most common and most frequently used DNS records. • The PTR record is found only in the reverse lookup zone. or they can have networking components access the records for them. Examples of when DNS resource records are used include: A user browsing for a Web site sends a forward lookup query to a DNS server.1. Description • An A record represents a computer or device on the network.5 Record type Host (A) . Pointer (PTR) • A PTR record is used to find the DNS name that corresponds to an IP address. • PTR records resolve from an IP address to a host name.101 resolves to Computer1. When a user logs on to a computer in a domain.1.com Example Computer5.1. along with a description and an example for each type.microsoft.

microsoft. Alias (CNAME) • A CNAME resource record is a host name that refers to another host name. • An SOA resource record identifies the e-mail address for the administrator in charge of the zone. • Whenever a DNS server needs to send a query to a delegated domain.com zone.com resolves to DC01. and the expiry values for the zone).com resolves to NS2. www. • An NS record resolves from a domain name (which is the same as the parent folder) to a host name.microsoft. the refresh interval. The resource record set would provide the MX record that points to smtp.com _TCP.com resolves to webserver12.168. which maps smtp.1.msft and the A record. • An SOA resource record specifies the information required for replication (such as the serial number.microsoft. the retry interval.com Microsoft.microsoft.Module 5: Resolving Host Names by Using Domain Name System (DNS) (continued) Record type Start of Authority (SOA) Description • An SOA resource record is the first record in any zone file.com Example microsoft. . Nameserver (NS) • An NS record facilitates delegation by identifying DNS servers for each zone. • An SOA resource record resolves from a domain name (which is the same as the parent folder) to a host name.com resolves to mail.microsoft._LDAP. Mail Exchanger (MX) • An MX resource record indicates the presence of a Simple Mail Transfer Protocol (SMTP) e-mail server. Service Record (SRV) • An SRV resource record indicates a network service that a host offers. • An SOA resource record identifies the primary DNS name server for the zone. • A CNAME resource record resolves from a host name to another host name.com microsoft.msft to 192.17. • An SRV resource record resolves from a service name to a host name and port.com 31 Examples of resource records and record types Example of a resource record set The slide provides a view of the DNS Manager snap-in in Microsoft Management Console (MMC).microsoft. which shows the resource records and record types in the Demo. For example: A DNS client might query for the SMTP server at nwtraders. it refers to the NS resource record for DNS servers in the target zone.com resolves to NS1.msft. • An MX resource record resolves to a host name.microsoft.nwtraders.nwtraders. • An NS record appears in all forward and reverse lookup zones.

32

Module 5: Resolving Host Names by Using Domain Name System (DNS)

What Is a DNS Zone?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Purpose of a DNS zone A zone can hold the resource records for one domain or it can hold the resource records for multiple domains. A zone can host more than one domain only if the domains are contiguous—that is, connected by a direct parent-child relationship. A zone is also the physical representative of a DNS domain or domains. For example, if you have a DNS domain namespace of south.nwtraders.com, you could create a zone on a DNS server called south.nwtraders.com, and this zone could contain all resource records found in the Training domain DNS zone DNS allows a DNS namespace to be divided up into zones. For each DNS domain name included in a zone, the zone becomes the authoritative source for information about that domain. Zone files are maintained on DNS servers. You can configure a single DNS server to host zero, one, or multiple zones. Each zone may be authoritative for one, or more than one, DNS domain as long as they are contiguous in the DNS tree. Zones may be stored either in flat text files or in the Active Directory database. Characteristics of a zone include the following ones: A zone is a collection of host name-to- IP address mappings for hosts in a contiguous portion of the DNS namespace. Zone data is maintained on a DNS server and is stored in one of two ways: • • As a flat zone file containing lists of mappings In an Active Directory database

A DNS server is authoritative for a zone if it hosts the resource records for the names and addresses that the clients request in the zone file.

Module 5: Resolving Host Names by Using Domain Name System (DNS)

33

A DNS zone is: Either a primary, secondary, or stub zone type. Either a forward or reverse-lookup zone. Note Zone types and lookup zones are covered in detail later in this lesson. Securing a DNS zone To increase security, you can control who can administer DNS zones by modifying the discretionary access control list (DACL) on the DNS zones that are stored in Active Directory. The DACL allows you to control permissions for Active Directory users and groups that may control the DNS zones. Note For more information about securing a DNS zone, see “Securing DNS Zones” in the Windows Server 2003 Help documentation. Example Referring to the illustration, there are three zones represented: north.nwtraders.com sales.north.nwtraders.com support.north.nwtraders.com The first zone (north.nwtraders.com) is authoritative for two contiguous domains (north.nwtraders.com and training.north.nwtraders.com), whereas the other two zones (sales.north.nwtraders.com and support.north.nwtraders.com) each represent a single domain.

34

Module 5: Resolving Host Names by Using Domain Name System (DNS)

What Are DNS Zone Types?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When you configure a DNS server, you can configure it either with several zone types or with none at all, depending on the type of role that the DNS server has in the network. There are numerous options for optimal configuration of the DNS server, based on decisions that you make about such things as the network topology and the size of the namespace. Normal DNS server operation involves three zones: Primary zone Secondary zone Stub zone Purpose of DNS zone types By using different zones, you can configure your DNS solution to best meet your needs. For example, it is recommended that you configure a primary zone and a secondary zone on separate DNS servers, to provide fault tolerance should one server fail. You can configure a stub zone if the zone is maintained on a separate DNS server. A primary zone is the authoritative copy of the DNS zone, in which resource records are created and managed. When setting up DNS servers to host the zones for a domain, the primary server is normally located where it will be accessible for administering the zone file. Secondary zone A secondary zone is a copy of the DNS zone that contains the read-only copy of the DNS zone. Records in the secondary zone cannot be changed; administrators can only change records in the primary DNS zone. At least one secondary server is normally configured for fault-tolerance. However, multiple secondary servers might be configured at other locations so that the records from the zone could be resolved without the query crossing WAN links.

Primary zone

also known as a glue record. the DNS server is designed only to resolve certain zones. Note Caching-only servers do not have a zone. A stub zone is like a bookmark that simply points to the DNS server that is authoritative for that zone. . A stub zone contains a subset of zone data consisting of a SOA. and A record.Module 5: Resolving Host Names by Using Domain Name System (DNS) 35 Stub zone Stub zones are copies of a zone that contain only the resource records that are necessary to identify the authoritative DNS server for that zone. For security purposes. Stub zones can be used where root hints point to an internal DNS server rather than to the root servers on the Internet. NS.

SOA (start of authority). 3. 5. and. In the Change Zone Type dialog box. Procedure To change a DNS zone type: 1. • Primary zone if this zone will contain a copy of the zone that can be updated directly. On the General tab.36 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Change a DNS Zone Type *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure a DNS zone. select one of the following options. 6. Open the DNS console. click OK. • Stub zone if this zone stores a copy of a zone containing only NS (name server). you may need to change the DNS zone type. In the zone Properties dialog box. click Change. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. and then click OK. 2. . select the zone that you wish to change. glue records. 4. possibly. click Properties. On the Action menu. • Secondary zone if this zone stores a copy of an existing zone. In the DNS console.

Client1 sends a query for the host name for 192. You can choose the type of mapping that you need for a zone. Purpose of DNS forward and reverse lookup zones Forward lookup zone .2. In DNS Manager.msft) for the IP address that is associated with the host name and returns the IP address to Client1. Resource records can be stored either in forward lookup zones or in reverse lookup zones.training. a forward lookup is a query process in which the display name for the DNS domain of a host computer is searched to find its IP address.nwtraders.msft.nwtraders. secondary.Module 5: Resolving Host Names by Using Domain Name System (DNS) 37 What Are Forward and Reverse Lookup Zones? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction After you have decided whether the zone is a primary. In DNS Manager. In DNS.168. You can store a mapping as either a host name-to-IP address mapping or an IP address-to-host name mapping.arpa domain name and typically hold pointer (PTR) resource records.168. depending upon how you want your clients and services to query resource records.arpa) for the host name that is associated with the IP address and returns the host name to Client1. you must decide what type of lookup zone the resource records will be stored in.in-addr. reverse lookup zones are based on the in-addr. a reverse lookup is a query process by which the IP address of a host computer is searched to find its display name for the DNS domain.46 The DNS server searches its reverse lookup zone (1. Example Client1 sends a query for the IP address for client2. The DNS server searches its forward-lookup zone (training.192. forward lookup zones are based on DNS domain names and typically hold host address (A) resource records. or stub zone type. Reverse lookup zone In DNS.

and then click Next. 8. b. and then click Next. This option is not recommended. verify that Primary zone is selected. because updates can be accepted from untrusted sources. This option requires you to update records manually. and then click New Zone. and then click Next. click Finish. Allow both nonsecure and secure dynamic updates. 7. To configure a forward lookup zone on a primary zone type: 1. You also have the option of configuring a stub zone. click Next. Procedure for configuring a forward lookup zone on a primary zone type . 3. type the DNS name of the zone that this server will be authoritative for. Open the DNS console. 9. verify that Forward lookup zone is selected. In the DNS console. On the Dynamic Update page. and then click Next. a. click Next to accept the defaults. 6. Close the DNS console. On the Forward or Reverse Lookup Zone page. select one of the following options. Allow only secure dynamic updates (recommended for Active Directory). 4. This option is only available for Active Directory-integrated zones. right-click the DNS server. 10. 2.38 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure Forward and Reverse Lookup Zones *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can configure either a forward lookup zone or a reverse lookup zone on either a primary zone type or a secondary zone type. Do not allow dynamic updates. After completing the New Zone Wizard page. c. On the Zone Type page. On the Zone File page. 5. On the Zone Name page. On the Welcome to the New Zone Wizard page.

On the Master DNS Servers page. in the IP address field. 5. and then click Next. verify that Primary zone is selected. 10. Click Add. In the DNS console. right-click the DNS server and then click New Zone. On the Forward or Reverse Lookup Zone page. 8. 4. and then click Next. 6. and then click Next. click Finish. On the Welcome to the New Zone Wizard page. type the DNS name of the zone that this server will be authoritative for. On the Zone Type page. Open the DNS console. 5. and then click Next. and then click Next. On the Reverse Lookup Zone Name page. and then click Next. click Next. On the Completing the New Zone Wizard page. 6. and then click Next. select Reverse lookup zone. On the Forward or Reverse Lookup Zone page. 7. select Forward lookup zone. On the Zone Type page. 4. On the Forward or Reverse Lookup Zone page. 2. in the Network ID field. Close the DNS console. . click Finish. 3. Open the DNS console. verify that Forward lookup zone is selected. On the Welcome to the New Zone Wizard page. On the Welcome to the New Zone Wizard page. and then click Next.Module 5: Resolving Host Names by Using Domain Name System (DNS) 39 Procedure for configuring a forward lookup stub zone To configure a forward lookup stub zone: 1. click Next to accept the defaults. type the DNS namespace. On the Master DNS Servers page. 2. 3. right-click the DNS server. On the Zone File page. 7. and then click Next. in the IP address field. 4. click Add. 5. type the network ID portion of the IP address of the zone. 9. click Next to accept the defaults. Open the DNS console. and then click New Zone. 8. On the Zone Name page. 3. select Secondary zone. and then click Next. In the DNS console. On the Zone File page. On the Zone Type page. click Next. 6. 7. select Stub zone. 9. In the DNS console. click Next. On the Zone Name page. 2. and then click Next. Procedure for configuring a forward lookup zone on a secondary zone type To configure a forward lookup zone on a secondary zone type: 1. right-click the DNS server and then click New Zone. Procedure for configuring a reverse lookup zone on a primary zone type To configure a reverse lookup zone on a primary zone type: 1. type the IP address of the DNS server that this DNS server will copy the zone from. On the Completing the New Zone Wizard page. Close the DNS console. type the IP address of the master DNS server.

and then click Next. 8. On the Forward or Reverse Lookup Zone page. 10. 10. On the Master DNS Servers page. and then click Next. 5. 3. and then click Next. in the Network ID field. a. Procedure for configuring a reverse lookup zone on a secondary zone type To configure a reverse lookup zone on a secondary zone type: 1. b. 9. On the Welcome to the New Zone Wizard page. . in the IP address field. On the Zone Type page. In the DNS console. Close the DNS console. select Reverse lookup zone. On the Completing the New Zone Wizard page. type the network ID portion of the IP address of the zone. On the Completing the New Zone Wizard page. On the Dynamic Update page. and then click Next. click Add. and then click Next. 6. Open the DNS console.40 Module 5: Resolving Host Names by Using Domain Name System (DNS) 8. On the Reverse Lookup Zone Name page. click Next to accept the defaults. right-click the DNS server and then click New Zone. c. type the IP address of the master DNS server. On the Zone File page. 9. select one of the following options. 4. click Finish. Allow both nonsecure and secure dynamic updates. click Finish. Allow only secure dynamic updates (recommended for Active Directory). click Next. Do not allow dynamic updates. 7. Close the DNS console. select Secondary zone. 2.

To complete this practice.msft domain namespace has grown too large. Scenario The nwtraders. you will configure a DNS zone.Module 5: Resolving Host Names by Using Domain Name System (DNS) 41 Practice: Configuring DNS Zones *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice. and. Practice . Configure a forward lookup zone on a secondary zone type Complete this task from both student computers Zone Name: nwtraders.168. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the task. select this DNS secondary forward lookup zone.x.msft Master DNS server IP address: 192. You will create a primary forward lookup zone and a primary reverse lookup zone on your DNS computer. located in the Appendix at the end of your student workbook. view the DNS records to verify that the zone loaded from the master DNS server.200 After you complete this task. refer to the Implementation Plan Values document. in the details pane. The systems engineer has planned for each DNS server in the Lab department to maintain both a forward lookup zone and a reverse lookup zone.

view the DNS records to verify that the zone loaded from the master DNS server.x.nwtraders.42 Module 5: Resolving Host Names by Using Domain Name System (DNS) Configure a reverse lookup zone on a secondary zone type Complete this task from both student computers Zone name: 192. Configure a forward lookup zone on a primary zone type Complete this task from both student computers Zone name: srv. in the details pane.x Master DNS server IP address: 192. and.168.168. This is not ordinarily a recommended configuration. . select this DNS secondary forward lookup zone.200 After you complete this task.msft (where srv is the three-letter label of the computer name) Dynamic update: Allow both nonsecure and secure dynamic updates Note For purposes of demonstration you are configuring Dynamic update to allow both nonsecure and secure dynamic updates.

Lesson objectives . then the primary DNS server notifies the secondary DNS servers that these changes have occurred and that the changes are replicated to all the secondary DNS servers for that zone by using zone transfers. After completing this lesson. you will be able to: Describe how DNS zone transfers work. Describe how DNS notify works. Configure DNS zone transfers.Module 5: Resolving Host Names by Using Domain Name System (DNS) 43 Lesson: Configuring DNS Zone Transfers *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Zone transfers are the complete or partial transfer of all data in a zone from the primary DNS server that is hosting the zone to a secondary DNS server that is hosting a copy of the zone. When changes are made to the zone on a primary DNS server.

the entire zone is transferred as the response. A full zone transfer is the standard query type that all DNS servers support to update and synchronize zone data when the zone has been changed. A secondary server is a server that maintains a copy of an existing DNS zone. An AXFR query is a request for a full zone transfer. A master server is a DNS server that transfers zone changes to another DNS server. An incremental zone transfer is an alternate query type that some DNS servers use to update and synchronize zone data when a zone is changed since the last update. When two DNS servers support incremental zone transfer. The primary DNS server both contains the read/write copy of the zone database and controls changes to the zone. depending on how the server obtains its zone data. the servers can keep track of and transfer only those incremental resource record changes between each version of the zone. An IXFR query is a request for an incremental zone transfer.44 Module 5: Resolving Host Names by Using Domain Name System (DNS) How DNS Zone Transfers Work *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Definitions There are two types of DNS zone transfers: a full zone transfer and an incremental zone transfer. A master server can either be a primary DNS server or a secondary DNS server. A DNS server configured with a secondary zone periodically queries the master DNS servers to synchronize its zone data. When a DNS query is made by using AXFR as the specified query type. A DNS zone transfer is the synchronization of authoritative DNS data between DNS servers. . A primary DNS server is both the administrative location for and the master copy of a zone.

For a full zone transfer. This is a secure configuration. 4. Note When you create a secondary zone. Zone transfer process . which transfers resource records that have been modified since the last transfer. Then the secondary server queries the master server for its SOA. then its zone database is out of date. select the option to allow zone transfers only to specified IP addresses. Without zone transfers. The master server then sends an AXFR query to request a full zone transfer. Important By default. Allowing zone transfers to any server might expose your DNS data to an attacker attempting to footprint your network. for an incremental zone transfer. If the DNS server supports incremental zone transfers (as in Windows Server 2003 and Windows 2000). the data on the primary server would be current. but the secondary DNS server would not have up-to-date zone information. and therefore the secondary DNS server could not support name resolution for that zone. If the serial number that the master server sends for the zone is higher than its own serial number. 2. then it sends an IXFR to request an incremental zone transfer. the master server sends only that zone data that has changed.Module 5: Resolving Host Names by Using Domain Name System (DNS) 45 Purpose of a DNS zone transfer The purpose of zone transfer is to ensure that both DNS servers that host the same zone have the same zone information. the DNS Server service only allows zone information to be transferred to servers that are listed in the name server (NS) resource records of a zone. the DNS server performs a full zone transfer to initially populate the database. 3. the master server for the zone sends the zone database to the secondary server. The following process outlines the steps for either a full or an incremental zone transfer. The secondary server for the zone waits through a certain period of time (specified in the Refresh field of the SOA resource record that the secondary server attained from the master server). 1. The secondary server for the zone compares the returned serial number to its own serial number. The master server for the zone responds with the SOA resource record. For increased security. however.

so that only the data that has been changed in the master DNS server is transferred to the secondary DNS server. When the listed servers are notified of a change to the zone. The notify list that the master server maintains is made up of IP addresses for DNS servers that are configured as secondary servers for the zone. Several minutes may have passed before a zone transfer is initiated. The zone may have had many zone changes occur and these changes have not yet transferred to the secondary DNS server. if DNS zone transfers only occur at certain times. updates occur whenever changes occur. When you use DNS notify. two situations can occur within a time period: No changes may have occurred to a DNS zone. This is an improvement over the time intervals that are set on the secondary DNS server’s copy of the zone. the copies of the DNS zone are updated when unscheduled changes occur. With DNS notify. A notify list is a list for the zone of other DNS servers that should be notified when zone changes occur. For example. DNS servers running Windows Server 2003 or Windows 2000 support incremental transfers. Purpose of DNS notify Servers that are notified can initiate a zone transfer to obtain zone changes from their master servers and update their local replicas of the zone.46 Module 5: Resolving Host Names by Using Domain Name System (DNS) How DNS Notify Works *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definitions DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur. they will initiate a zone transfer with another DNS server and update the zone. DNS notify can help improve consistency of zone data among secondary servers. . Furthermore.

The Serial Number field in the SOA record is updated to indicate that a new version of the zone has been written to a disk.Module 5: Resolving Host Names by Using Domain Name System (DNS) 47 Process of DNS notify Referring to the illustration. All secondary servers for the zone that receive the notify message respond by initiating an SOA-type query back to the notifying primary server. the following steps outline the DNS notify process: 1. 4. . The local zone on a primary DNS server is updated. 2. The primary server then sends a notify message to all other servers that are part of its notify list. 3. This query begins the DNS zone transfer process.

On the Action menu. 10. type the IP address of the DNS server that the zone data will be transferred to. 2. In the Properties dialog box for the DNS zone. verify that Allow zone transfers is selected. and then click Add. In the IP address field. In the Notify dialog box. on the Zone Transfers tab. 8.48 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure DNS Zone Transfers *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To both synchronize the authoritative DNS data between DNS servers and update DNS zone data when unscheduled changes occur. click the option The following servers. 6. click Properties. click OK. In the Properties dialog box for the DNS zone. Procedure To configure a DNS zone transfer and DNS notify: 1. and then click OK. In the IP address field. 7. Expand the appropriate server. 5. type the IP address of the DNS server that will receive the automatic notify. 4. Select the appropriate DNS zone. 11. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. 12. Close the DNS console. and then expand either Forward Lookup Zones or Reverse Lookup Zones. 9. Open the DNS console. on the Zone Transfers tab. Select Only to the following servers. 3. . On the Zone Properties tab. you can configure a DNS zone transfer and a DNS notify. click Notify.

Configure DNS zone transfer and DNS notify on a primary forward lookup zone Complete this task from both student computers Primary forward lookup zone: srv.x.msft (where srv is the three-letter label of your computer name) IP address of server requesting zone transfer: 192.168.200 Practice . you will configure DNS zone transfers. To complete this practice.nwtraders. Scenario A new DNS server has been configured as the secondary server to your DNS server in the lab.Module 5: Resolving Host Names by Using Domain Name System (DNS) 49 Practice: Configuring DNS Zone Transfers *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice. located in the Appendix at the end of your student workbook. refer to the Implementation Plan Values document.x. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the task.168.200 IP address of server to notify: 192. You will configure zone transfer settings on the DNS zone on your DNS server. Then you will verify that zone transfer completed.

administrators must either configure the DNS clients to update DNS records in DNS. without DNS administrator interaction. If a DNS resource record is created manually in DNS. In addition.50 Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring DNS Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Because DNS is used to access resources. or configure the DHCP server supporting the DNS clients to update the DNS records on behalf of the DNS clients. To enable DNS updates to happen automatically. Because of the volume of resource records in DNS. . the administrator must configure the DNS zone to allow dynamic updates. Dynamic updates allow DNS clients to update and maintain their own resource records in DNS. The solution to this problem is to create a method for allowing DNS clients to update and maintain their own resource records in DNS. manually updating the records quickly becomes overwhelming for a DNS administrator to maintain. then the DNS administrator must manually update the DNS resource record to reflect the changes to the resource when the IP address of the resource changes. it is imperative that resources in DNS are current. Errors can occur when DNS resource records are not current.

Describe how Active Directory-integrated DNS zones use secure dynamic updates.Module 5: Resolving Host Names by Using Domain Name System (DNS) 51 Lesson objectives After completing this lesson. Explain what dynamic updates are. Explain what an Active Directory-integrated DNS zone is. Configure Active Directory-integrated DNS zones to use secure dynamic updates. Describe how DNS clients register and update their own resource records by using dynamic update. Configure DNS manual and dynamic updates. you will be able to: Describe how DNS dynamic updates work. Describe how a DHCP server registers and updates resource records by using dynamic update. .

such as host (A) records and pointer (PTR) records. . provide DNS clients with various types of information. Have DHCP perform dynamic updates in DNS on their behalf. Explain the difference between manual and dynamic updates. you will be able to: Explain why DNS dynamic updates are important.52 Module 5: Resolving Host Names by Using Domain Name System (DNS) Multimedia: Overview of DNS Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** File location To start the Overview of DNS Dynamic Updates presentation. Key points For users to successfully access DNS resources. At the end of this presentation. Explain that client computers can either: • • Dynamically update resource records in DNS themselves. You can use a manual update process to add and update DNS resource records. DNS resource records can be updated either by the DNS clients themselves or by DHCP on behalf of the clients. click Multimedia. and then click the title of the presentation. it is vital that DNS resource records reflect the current TCP/IP configuration of both server computers and client computers. open the Web page on the Student Materials compact disc. Objectives Explain what secure dynamic updates are. Various types of DNS resource records. A secure way of updating DNS resource records is secure dynamic update. or you can enable client computers to dynamically update and maintain their own resource records in DNS.

or updated. Circumstances for manually configuring dynamic updates The DNS administrator may benefit from manually registering or updating the resource record if the organization has: A smaller environment with few changes to the resource records. As the number of DNS records in a zone increases and becomes unmanageable for the administrator to maintain manually. registered.Module 5: Resolving Host Names by Using Domain Name System (DNS) 53 What Are Dynamic Updates? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction There are two ways that DNS resource records can be created. or updating its records in zones which are maintained by DNS servers that can accept and process messages for dynamic updates. such as when a larger organization chooses to control every address on every host. When resource records are created. registering.0 and older BIND versions. . A manual update is the process of an administrator manually creating. then dynamic update becomes essential. Dynamic registration and update enables DNS client computers to interact automatically with the DNS server to register and update their own resource records. In a DNS implementation that uses a DNS server running Microsoft Windows NT® 4. registered. A large organization that has dynamic changes must rely on the dynamic method of updating DNS resource records. Definitions A dynamic update is the process of a DNS client dynamically creating. Purpose of dynamic updates The process of manually updating client resource records does not scale well in a large organization that has continuous changes to DNS resource records. or updating the resource record. Isolated instances. they are stored in the DNS zone file. registering. the administrator has to edit the appropriate zone file manually if the authoritative information of a resource record must be changed. and updated in the DNS database: dynamically and manually.

. the DHCP Client service must be running for the static client to register its resource records in DNS. Regardless of whether a DNS client is assigned an IP address by using DHCP or assigned an IP address statically. The DNS server responds to the DNS client. Windows 2000. Even on clients that are configured with data for a static IP address. 4. If no registration exists in the DNS zone. then the DNS client sends a dynamic update package to register the resource record. a DNS client can dynamically register and update its host name and IP address in DNS. The DNS client sends an SOA query to the DNS server that is authoritative for the resource record that the DNS client wishes to register with.54 Module 5: Resolving Host Names by Using Domain Name System (DNS) How DNS Clients Register and Update Their Own Resource Records by Using Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Types of DNS clients that can dynamically register and update resource records DNS clients running Windows Server 2003. and Windows XP are configured by default to dynamically register and update their host names and IP addresses in DNS. The DNS server returns the zone name and IP address of the DNS server that is authoritative for the zone that the DNS client wants to register on the DNS server. Process The following process outlines the steps for dynamically updating DNS clients: 1. The DNS client then sends the authoritative DNS server of the zone an Assertion Update to verify that no existing registration exists in the zone. 5. 2. 3. The component that registers the DNS resource record for a DNS client is the DHCP Client service.

Multiple primary servers will only be an option with an Active Directory-integrated zone. then the client continues to attempt updating its resource record in DNS. The records are also not updated if the connection fails unexpectedly. 3. The DNS client attempts to register the record with other primary servers in the zone.Module 5: Resolving Host Names by Using Domain Name System (DNS) 55 If the DNS client fails to update its resource record in the DNS database as described in the previous process. For example. but the records are not updated (meaning that they are not current or valid) if the update failed. Note A remote access client works the same way as a client configured with configuration data for a static IP address. . the client is responsible for dynamically updating both A and PTR resource records in DNS. 1. When the remote access client connects to the network. a remote access server attempts deregistration (meaning that the remote access server attempts to remove the stale record) of the corresponding PTR record. 2. no interaction occurs between the client and the DHCP server. the client tries to register the record again after five minutes. Failures result in a repeated pattern of attempts 50 minutes after the last retry. If all the attempts fail. such as when a DNS server is not running. In these cases. and then again after ten minutes. The remote access client attempts to delete both records before closing the connection.

Any down-level DHCP clients that do not request dynamic updates. Purpose of DNS dynamic update by using a DHCP server Types of DHCP clients that can dynamically register and update resource records . Microsoft designed their implementation of the DHCP server with the ability to register DNS client resource records in DNS on behalf of the DHCP clients. Down-level clients are unable to register or update their resource records in DNS on their own. you can configure the DHCP server to dynamically update the resource records in DNS on behalf of DHCP clients on the network. Administrators can configure DHCP servers running Windows Server 2003 and Windows 2000 to update DNS client resource records for the following client types. Clients that are running Windows NT 4. Any DHCP client.0 or earlier. On a DHCP server running Windows Server 2003 or Windows 2000.0 and earlier can have their resource records entered in the DNS database if DHCP is configured to dynamically update the DNS records on their behalf. including those that are running Windows XP and Windows 2000. Because down-level clients cannot register or update their own resource records. regardless of whether it requests a dynamic update.56 Module 5: Resolving Host Names by Using Domain Name System (DNS) How a DHCP Server Registers and Updates Resource Records by Using Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition A down-level client is a DHCP client running Windows NT 4.

3. The DHCP server automatically generates the client's FQDN by appending the domain name that is defined for the DHCP scope to the client name. The ability to register both A and PTR record types allows a DHCP server running Windows Server 2003 to act as a proxy for down-level clients for the purpose of DNS registration. DNS forward (A) name for the client. the DHCP server running Windows Server 2003 performs dynamic updates for a down-level client: 1. 2. The DHCP client makes an IP lease request that includes the client FQDN in option 81 of the DHCP request. .Module 5: Resolving Host Names by Using Domain Name System (DNS) 57 Process of performing dynamic updates for a down-level client In the illustration. Using the dynamic update protocol. The DHCP server updates the DNS reverse (PTR) name for the client by using the dynamic update protocol. 3. Process of performing dynamic updates for a Windows XP client The following steps reflect the process for a DHCP server running Windows Server 2003 with the default configuration to perform DNS dynamic updates for a Windows XP client: 1. b. The client name is obtained from the DHCPREQUEST message that the client sends. 4. The DHCP server grants an IP lease. 2. 4. the DHCP server updates the: a. The DHCP client makes an IP lease request. The DHCP server grants an IP lease. DNS reverse (PTR) name for the client. The client connects to the DNS server to update the A record for itself.

Procedure for configuring a DNS server to accept dynamic updates To configure a DNS server running Windows Server 2003 to accept dynamic updates of DNS resource records: 1. To manually create a DNS resource record. 4. In the console tree.58 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure DNS Manual and Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure dynamic updates as a solution. To use a DNS client for dynamic updates. Click OK to close the DNS zone Properties dialog box. right-click the applicable zone. and then close the DNS console. 2. and then click Properties. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. configure the: 1. DNS server to accept dynamic updates. . 2. 3. 2. To use a DHCP server for dynamic updates. you need to choose and configure one or both of the following options. DHCP server to create dynamic updates on behalf of the DHCP clients. you need to add a host (A) resource record to a forward lookup zone. configure the: 1. Dynamic updates are supported on Primary DNS zones. DNS server to accept dynamic updates. click Nonsecure and secure. Open the DNS console. in the Dynamic updates drop-down list. DNS clients to create dynamic updates for themselves. On the General tab.

In the DHCP console. click OK. In the Properties dialog box. and then select one of the two options: • Dynamically update DNS A and PTR records only if requested by the DHCP clients • Always dynamically update DNS A and PTR records 5. Close the DHCP console. select Register this connection’s addresses in DNS. select Use this connection’s DNS suffix in DNS registration if required.Module 5: Resolving Host Names by Using Domain Name System (DNS) 59 Procedure for configuring DNS clients running Windows XP Professional to dynamically update To configure a Windows XP Professional client to dynamically update its DNS resource records in DNS: 1. . In the Internet Protocol (TCP/IP) Properties dialog box. 6. select the option Dynamically update DNS A and PTR records for DHCP clients that do not request updates. In the Network Connection Properties dialog box. 3. select Internet Protocol (TCP/IP). Procedure for configuring a DHCP server to dynamically update DNS resource records on behalf of DHCP clients To configure a DHCP server running Windows Server 2003 to dynamically update DNS resource records in DNS on behalf of DHCP clients: 1. On the DNS tab if required. 7. On the DNS tab of the Advanced TCP/IP Settings dialog box. In Control Panel. click Advanced. 4. 4. and then click Properties. In the Advanced TCP/IP properties dialog box. 7. 5. open the Properties dialog box for the appropriate network interface. click Close. On the DNS tab. click OK. 8. select the appropriate DHCP server. and then click OK. 2. 3. Open the DHCP console. On the Action menu. click Properties. In the Internet Protocol Properties dialog box. 6. On the DNS tab of the Advanced TCP/IP Settings dialog box. verify that the option Discard A and PTR records when lease is deleted is selected. On the DNS tab. verify that Enable DNS dynamic updates according to the settings below is selected. 2.

click Add Host to add the new host record to the zone. click Done. 9. 2. 7. type the DNS computer name for the new host. Open the DNS console. type the IP address for the new host. In the DNS message box. 8. In the New Host dialog box. based on the information that you entered in the Name and IP address boxes. 4. click OK. in the IP address field. In the New Host dialog box. In the New Host dialog box. in the Name field. In the New Host dialog box. and then click New Host (A). As an option. Close the DNS console. 5.60 Module 5: Resolving Host Names by Using Domain Name System (DNS) Procedure for manually creating DNS resource records To manually create a DNS resource record: 1. . In the console tree. 3. select Create associated pointer (PTR) record to create an additional pointer record in a reverse zone for this host. right-click the applicable primary forward lookup zone. 6.

In an Active Directory-integrated DNS zone. Active Directory-integrated DNS zones have several advantages over nonActive Directory-integrated DNS zones. Active Directory requires that DNS be installed. Active Directoryintegrated DNS zones In a non-Active Directory-integrated DNS zone. . there is a single master copy of the DNS zone (primary) and there can be any number of additional copies of the DNS zone (secondary). Each domain controller can manage changes to the DNS zone. can be Active Directory-integrated DNS zones. Multi-master means that if a domain controller has an Active Directoryintegrated zone. When you configure a domain controller.Module 5: Resolving Host Names by Using Domain Name System (DNS) 61 What Is an Active Directory-Integrated DNS Zone? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Purpose of Active Directory-integrated DNS zones An Active Directory-integrated DNS zone is a DNS zone stored in Active Directory. then any domain controller that contains that DNS zone information can act as a primary server. so that there can be a multi-master model. Note Active Directory Application mode does not support hosting Active Directory-Integrated DNS. which are created on a DNS server that is an Active Directory domain controller. and can make changes to the DNS zone. To use Active Directory Replication instead of zone transfers. Active Directory-integrated DNS zones can use Active Directory: To store zone configuration data in Active Directory. the zone data is stored in Active Directory. To allow only secure dynamic updates (instead of secure and nonsecure updates on a non-Active Directory-integrated DNS zone). instead of storing zone configuration data in a zone file. Zones.

The other method is to configure a zone that is on a non-Active Directoryintegrated DNS server. Secure dynamic updates are only available on Active Directory-integrated zones. and the server attempts the update only if the client can prove its identity and has the proper credentials to make the update. By allowing dynamic updates on a DNS zone. then you cannot control who dynamically updates the server. Enabling you to specify exactly which users and groups can modify zones and resource records.62 Module 5: Resolving Host Names by Using Domain Name System (DNS) How Active Directory-Integrated DNS Zones Use Secure Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition A secure dynamic update is a process in which a client submits a dynamic update request to a DNS server. Secure dynamic update provides several benefits. to allow only secure dynamic updates. If you are using a stand-alone DNS server that is non-Active Directory-integrated. such as: Protecting zones and resource records from being modified by users who do not have authorization. Purpose of secure dynamic updates DNS on Windows Server 2003 supports secure dynamic update. you cannot control what DNS clients can dynamically update. then you could have a security issue. to allow both secure and nonsecure dynamic updates. on a domain controller that is configured with a DNS zone. and if the laptop dynamically updates in DNS. . The preferred method is. For example: If an external consultant brings a laptop into your organization that is not a part of the domain. However. you do not need to manually create and maintain all of the resource records.

it can be configured as Secure Only. and the local name server responds with the reference to the authoritative server. 2. if secure dynamic update is enabled. Referring to the illustration. the server would instead have attempted to make the update. and the server refuses the nonsecure update. Note If a DHCP server performs the first secure dynamic update on a DNS resource record. 4. attempts to dynamically update in the DNS zone.msft and then stopped responding. all DHCP servers should be placed in a special security group called DNSUpdateProxy. because DHCP2 does not own the name. it will be denied. The client queries the local name server to discover which server is authoritative for the name that the client is attempting to update. then that DHCP server becomes the owner of that record. or about secure dynamic updates. and only that DHCP server can update that record. the following procedure provides the sequence of events in the secure dynamic update process: 1. For example: Suppose that the DHCP server (DHCP1) created a record for the name nt4host1. see the Windows Server 2003 Help documentation about securing DNS by using ACLs. A zone configured as Secure Only authenticates the computer that is attempting to make the update. Had the server been configured for nonsecure dynamic update for the appropriate zone. DHCP2 is not able to update the name. can be configured to allow nonsecure updates. then the authoritative DNS server accepts the update and responds to the DNS client. Zones hosted in Active Directory. 3. in addition to those that are not. which is not a member of the domain. The client then attempts a secure update. This can cause problems in a few different circumstances. Note Because the DNS zone is Active Directory-integrated. you can control dynamic updates by allowing only domain members to dynamically update their records. The client attempts a nonsecure update.Module 5: Resolving Host Names by Using Domain Name System (DNS) 63 However. and that the backup DHCP server (DHCP2) tried to update the name. and only allows the update if the permissions on the record allow it. Using domain security. which would allow DNS registrations and modifications without authenticating the client computer. you can configure the access control list (ACL) on resource records to further secure DNS. if a DNS server hosts the DNS zone on an Active Directoryintegrated zone. If the update has the proper credentials. Non-secure versus secure-only dynamic updates If a zone is Active Directory-integrated. see the Windows Server 2003 Help documentation. Objects created by members of the DNSUpdateProxy group have no security. then you can configure the DNS zone to allow only secure updates. Therefore. The client queries the authoritative server to verify that the DNS server is authoritative for the name that the client is attempting to update. rather than for secure dynamic update. any authenticated user can take ownership of the objects. For more information. For more information about DNSUpdateProxy. This means that if the same laptop. Process . and the server confirms the query. therefore.nwtraders.

and then close the DNS console. 3. 2.64 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure Active Directory-Integrated DNS Zones to Allow Secure Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can configure both Active Directory-integrated DNS zones and non-Active Directory-integrated DNS zones to allow secure dynamic update. On the General tab. In the console tree. select Secure only. Procedure for configuring Active Directory-integrated DNS zones to allow secure dynamic updates To configure Active Directory-integrated DNS zones to allow secure dynamic updates: 1. right-click the applicable zone. In the Dynamic updates drop-down list. . 5. You can also configure security on Active Directory-integrated DNS zones. and then click Properties. Click OK to close the DNS zone Properties dialog box. 4. verify that the Type is Active Directory-integrated. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. Open the DNS console.

right-click the applicable zone. . 4. and then click Properties. Click OK to close the DNS zone Properties dialog box. On the Security tab. and then close the DNS console. In the console tree. 2. 3.Module 5: Resolving Host Names by Using Domain Name System (DNS) 65 Procedure for configuring security on an Active Directoryintegrated DNS zone To configure security on an Active Directory-integrated DNS zone: 1. Open the DNS console. configure the permissions appropriately for your network.

66 Module 5: Resolving Host Names by Using Domain Name System (DNS) Practice: Configuring DNS Dynamic Updates *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice. there has been an increase in the number of DNS resource records that need to be manually created. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the task. You will configure the DHCP server to automatically create the resource records in DNS on behalf of the DHCP clients. As a result. To complete this practice.nwtraders.msft (where srv is the three-letter label of your computer name) Dynamic updates: Nonsecure and secure Configure a DHCP server to dynamically update DNS resource records on behalf of DHCP clients Complete this task from both student computers. DHCP Server: your DHCP server Select Always dynamically update DNS A and PTR records. Configure a DNS server to accept dynamic updates for a forward lookup zone Complete this task from both student computers. Practice . Primary forward lookup zone: srv. Scenario The number of computers in the development subnet has increased. refer to the Implementation Plan Values document located in the Appendix at the end of your student workbook. you will configure DNS dynamic updates.

nwtraders. Primary forward lookup zone: srv.msft (where srv is the three-letter label of your computer name) Host name: ComputerName2 (where ComputerName is the name of your partner’s computer) IP address: Partner Network Connection (where Partner Network Connection is the IP address of your partner) .Module 5: Resolving Host Names by Using Domain Name System (DNS) 67 Manually create a DNS host resource record Complete this task from both student computers.

Describe how suffixes are applied. After completing this lesson.68 Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Configuring a DNS Client *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You have installed and configured the DNS server properties and created the appropriate zones on the DNS server. you will be able to: Describe how preferred and alternate DNS servers work. Lesson objectives . Configure a DNS client. Now you need to ensure that clients can register or create their resource records in DNS and use DNS to resolve queries.

then that server is temporarily removed from the list. the DNS client cannot query a DNS server. then the DNS client sends the query or update to the next DNS server in the list. and if the DNS client is configured with the additional IP addresses of DNS servers. 4. The following steps outline the process for contacting preferred and alternate DNS servers: 1. an alternate server. 5. then the DNS client query or update fails. Without an alternate DNS.Module 5: Resolving Host Names by Using Domain Name System (DNS) 69 How Preferred and Alternate DNS Servers Work *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definitions A preferred DNS server is a server that is the recipient of DNS queries that the DNS client sends. The preferred DNS server responds first to a DNS query or a DNS update. . is unresponsive. If none of the DNS servers are responsive. If the preferred DNS server does not respond to a DNS query or a DNS update. Purpose of preferred and alternate DNS servers Process Without a preferred DNS server. If any of the DNS servers (a preferred server. If the alternate DNS server does not respond. An alternate DNS server is a server that is used if the preferred DNS server is unreachable or cannot resolve DNS queries from a particular DNS client because the DNS service has failed. It is also the server on which the DNS client updates its resource records. You can have more than one alternate DNS server. 2. The alternate server is not queried in the case of a negative name response. then the query or update is redirected to the alternate DNS server. your queries will not be resolved if the preferred DNS server fails. 3. or any other server on the list).

nwtraders. and if you attempt to contact Server1. Connection Specific Suffix The Connection Specific Suffix provides a space to configure a DNS suffix for this specific connection. If a DHCP server configures this connection. in addition to any suffixes that are configured in the connection specific suffixes. then the computer queries for Server1. then the computer queries server1. For example: If your primary DNS suffix is nwtraders.south. then name resolution and update may not function correctly.nwtraders. For example: If your primary DNS suffix is sales. then the computer queries server1.nwtraders. If the query is still not resolved. If the query is not resolved.nwtraders.nwtraders. you ensure that name resolution is successful. The Append Parent Suffixes option specifies that resolutions for unqualified names on this computer are limited to the domain suffixes of the primary suffix and connection specific suffix. then the DHCP server assigns a DNS suffix if the server is configured to do so. The Suffix Selection option specifies that resolutions for unqualified names on this computer are limited to the domain suffixes of the primary DNS suffix up to the second level domain.msft. and if you do not specify a DNS suffix. .70 Module 5: Resolving Host Names by Using Domain Name System (DNS) How Suffixes Are Applied *****************************ILLEGAL FOR NON-TRAINER USE****************************** Purpose of configuring suffixes Suffix Selection option If you do not have a DNS suffix configured on the client.south. and if you attempt to contact Server1. then the computer then queries server1. By properly configuring DNS suffixes on the client.south.msft.sales.msft.msft.msft.msft.

and so on. Instead.com. 4. both the primary DNS suffix and the connection-specific domain name are ignored. server1.nwtraders. If resolution is not successful. 2.south. and the parent of that suffix. if the user has entered a domain suffix search list. the DNS client resolver appends each connection-specfic DNS suffix. which then devolves to server1. until only two labels are left.nwtraders.Module 5: Resolving Host Names by Using Domain Name System (DNS) 71 How suffixes are applied When a user enters an FQDN.com. However. the DNS resolver devolves the FQDN by appending the parent suffix of the primary DNS suffix name. Neither the primary DNS suffix nor the connection-specific domain name is appended to the host name before the FQDN is submitted to DNS. If resolution is still not successful.nwtraders. .sales. the DNS resolver appends each suffix from the domain search list in order and submits it to the DNS server until it either finds a match or reaches the end of the list. 3. the DNS resolver queries DNS by using that FQDN as follows: 1. The DNS client resolver sends the query to the primary DNS server by using the primary DNS suffix.south. For example.com devolves to server1.

In the Preferred DNS server field. From Network Connections. 5. and then click Properties. select Use the following DNS server addresses. On the General tab. you must be logged on as an administrator or a member of the Administrators group to complete the first procedure. In the Internet Protocol (TCP/IP) Properties dialog box. type the IP address of the preferred DNS server. In the Advanced TCP/IP Settings dialog box. There are two ways that a DNS client can receive IP address configuration data: manually or by using DHCP. in the DNS suffix for this connection field. Procedure for manually configuring a DNS client to use preferred and alternate DNS servers To manually configure a DNS client to use preferred and alternate DNS servers: 1. 7. . type the DNS suffix to be attached to the host name of the computer. select Internet Protocol (TCP/IP) Protocol. In the Alternate DNS server field. 6. 3. on the DNS tab.72 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Configure a DNS Client *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You need to configure a DNS client so that the client can use DNS servers to resolve and update information for the IP address configuration. 2. Log on as ComputerNameAdmin for the first procedure. Close any open windows. 8. log on as ComputerNameUser (where ComputerName is the name of your computer). and then click Advanced. Important In this scenario. In the Internet Protocol (TCP/IP) Properties dialog box. 4. When you have completed this procedure. type the IP address of the alternate DNS server. open the Properties dialog box for the Network Interface that you want to configure DNS on. and then click OK. click OK.

5. 8. click Configure Options. Open the DHCP console. select 006 DNS Servers. 2. In the Scope Options dialog box. Under the appropriate scope. In the IP address field. and then. 4.Module 5: Resolving Host Names by Using Domain Name System (DNS) 73 Procedure for configuring the DNS server option and the DNS suffix option in DHCP To configure the DNS server option and the DNS suffix option in DHCP: 1. In the Scope Options dialog box. click Scope Options. type the DNS domain suffix. In the String value field. Close the DHCP console. 7. ensure that the DHCP clients renew their leases to update their IP configuration data with these new scope options. on the Action menu. and then click Add. 3. Using the ipconfig command. and then click OK. select 015 DNS Domain Name. . 6. type the IP address of the DNS server.

In this practice. refer to the Implementation Plan Values document located in the Appendix at the end of your student workbook. Log on as ComputerNameAdmin for the entire practice.msft Practice . To complete this practice. Scenario You have added two DNS servers to your development subnet. Configure a DNS client Complete this task from both student computers User name: ComputerNameAdmin Password: P@ssw0rd Domain: nwtraders Interface: Classroom Network Connection Preferred DNS server IP address: Classroom Network Connection (where Classroom Network Connection is the IP address for the network connection of your computer) Alternate DNS server IP address: 192. you will configure a DNS client to use a preferred DNS server.x.168.200 DNS suffix: nwtraders. you must be logged on as an administrator or a member of the Administrators group to complete parts of this procedure. You need to configure the lab computers on your subnet to use a preferred and an alternate DNS server. You will configure your DNS client with the appropriate DNS settings. When you have completed the practice. log on as ComputerNameUser. and a DNS suffix.74 Module 5: Resolving Host Names by Using Domain Name System (DNS) Practice: Configuring a DNS Client *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice. an alternate DNS server.

Module 5: Resolving Host Names by Using Domain Name System (DNS) 75 View DNS client settings by using ipconfig Complete this task from both student computers User name: ComputerNameUser Password: P@ssw0rd Domain: nwtraders Interface: Classroom Network Connection .

The process by which these DNS namespace changes are accomplished on the DNS server is called delegation. you may find that you need to modify your DNS namespace.76 Module 5: Resolving Host Names by Using Domain Name System (DNS) Lesson: Delegating Authority for Zones *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction After you have your DNS solution working. Delegate a subdomain to a DNS zone. you will be able to: Explain what delegation of a DNS zone is. After completing this lesson. Lesson objectives .

com and offloads administration of DNS for that part of the namespace. This also reduces the workload on the administrator and DNS server for the nwtraders. improve DNS name resolution performance.com level of the namespace delegates authority for training. As the manager of a DNS domain.nwtraders.com now has its own administration and DNS server to resolve queries in that part of the namespace. These additional zones can be delegated to other administrators to manage. or create a more fault-tolerant DNS environment. Purpose of delegation . which can then be stored. DNS provides the option of creating child domains and their respective zones. delegation is the process of assigning authority over child domains in your DNS namespace to another entity by adding records in the DNS database. A need to divide one large zone into smaller zones for distributing traffic loads among multiple servers. Example In the illustration.nwtraders. A need to extend the namespace by adding subdomains (for example. and replicated to other DNS servers.com level. the administrator for the nwtraders. When deciding whether or not to divide your DNS namespace to delegate zones. Training.Module 5: Resolving Host Names by Using Domain Name System (DNS) 77 What Is Delegation of a DNS Zone? *****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition In technical terms. distributed. to accommodate the opening of a new branch or site). consider the following potential reasons for doing so: A need to delegate management of part of your DNS namespace to another location or department within your organization.

type the delegated domain name. click Next. Procedure To delegate a subdomain to a DNS zone: 1. type the FQDN of the DNS server to delegate the domain to. When delegating zones within your namespace. and then click Next. in other zones. you will need delegation records. 6. On the Action menu. be aware that for each new zone that you create. On the Delegated Domain Name page. In the New Resource Record dialog box. you can delegate a subdomain to a DNS zone. click Add. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has appropriate administrative credentials to perform this task. expand Forward Lookup Zones or Reverse Lookup Zones. that point to the authoritative DNS servers for the new zone. Open the DNS console. click New Delegation. On the Welcome to the New Delegation Wizard page. and then select the appropriate zone to delegate. On the Name Servers page. in the Server fully qualified domain name field. 4. Expand the appropriate DNS server. 5. 7. 2. This is necessary both to transfer authority and to provide correct referrals to other DNS servers and clients of the new servers that are being made authoritative for the new zone. in the Delegate Domain field. and then click Resolve.78 Module 5: Resolving Host Names by Using Domain Name System (DNS) How to Delegate a Subdomain to a DNS Zone *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Guidelines To assign authority over portions of your DNS namespace to another entity. . 3.

10. On the Completing the New Delegation Wizard page. Close the DNS console. . 9. click Finish. 11. On the Name Servers page. In the New Resource Record dialog box. in the IP address field. verify that the correct IP address displays for the server that was resolved. and then click OK.Module 5: Resolving Host Names by Using Domain Name System (DNS) 79 8. click Next.

80

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Lab A: Resolving Host Names by Using Domain Name System

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives In this lab, you will: Configure an alias resource record. Configure a secondary forward lookup zone. Estimated time to complete this lab: 15 minutes

Module 5: Resolving Host Names by Using Domain Name System (DNS)

81

Exercise 1 Configuring an Alias Resource Record
In this exercise, you will create an alias resource record. Then you will verify the resource record configuration by using the ping command.

Instructions
Refer to the Implementation Plan Values document located in the Appendix at the end of the Student Workbook. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the tasks. When completing the lab, assume that you will log on with a non-administrative account (example: ComputerNameUser), unless the Specific Instructions in the lab state otherwise.

Scenario
The systems engineer has moved the Lab department’s development file shares to another server computer in the lab. The lab computers are all configured to access the original file server by using the host name FileServer2. You will create an alias DNS record for the server to allow DNS clients in the lab to continue accessing the file server by using the old host name of FileServer2.

Tasks

Specific instructions

Perform the following tasks on both student computers.
1.

Verify that you cannot connect to FileServer2 by using the ping command.

Use the ping command to contact FileServer2. Verify that the ping command was unsuccessful. Question: Why was the ping command unsuccessful?

2.

Create an alias name for FileServer2 by using the FQDN of ServerName2.srv.nwtrader s. msft in the srv.nwtraders.msft forward lookup zone (where srv is the three-letter label of the computer name). Verify that you cannot connect to FileServer2 by using the ping command; then view your DNS settings by using the ipconfig command.

Primary forward lookup zone: srv.nwtraders.msft zone New alias (CNAME): FileServer2 Fully qualified domain name: ComputerName2.srv.nwtraders.msft. (Refer to the Implementation Plan Values document.) Question: What allows the alias record FileServer2 to be resolved to an IP address if the alias record is mapped to the FQDN for the host record ComputerName2.srv.nwtraders.msft?

3.

Use the ping command to locate FileServer2. Verify that the ping command was unsuccessful. Question: Why was the ping command unsuccessful? Use the ipconfig command to view your DNS suffix.

82

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Tasks
4.

Specific instructions Use the ping command to locate FileSrver2.srv.nwtraders.msft. Question: Why was the ping command successful?

Verify that you can connect to FileServer2.srv.nwtraders. msft. (where srv is the three letter label of the computer name) by using the ping command. Configure the Classroom Network Connection interface with the DNS suffix search order of nwtraders.msft and srv.nwtraders.msft, and then use the ipconfig command to view the DNS suffix search order. Finally, use the ping command to locate FileServer2.

5.

Interface: Classroom Network Connection DNS suffix search order: nwtraders.msft, srv.nwtraders.msft Use the ipconfig command to verify DNS suffix search order. Use the ping command to locate FileServer2. Question: Why was the ping command successful?

assume that you will log on with a non-administrative account (example: ComputerNameUser).msft On the details pane. Create the secondary forward Secondary forward lookup zone: nwtraders.x. Scenario The subnet in the lab was affected by a power outage during the weekend. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has appropriate administrative credentials to complete the tasks.200.168. 1. Instructions Refer to the Implementation Plan Values document located in the Appendix at the end of the Student Workbook.vbs script to remove the secondary forward lookup zone nwtraders.msft Master DNS server IP address: 192.vbs 2.msft to verify that the transfer occurred on the secondary forward lookup zone. you will create a secondary forward lookup zone.200 3. It appears that the DNS secondary forward lookup zone has been removed.Module 5: Resolving Host Names by Using Domain Name System (DNS) 83 Exercise 2 Configuring a Secondary Forward Lookup Zone In this exercise.x. verify that the records display to ensure that the zone transferred. You will re-create the secondary forward lookup zone. At a command prompt.msft from your DNS server. lookup zone nwtraders. When completing the lab.168. Tasks Specific instructions Perform the following tasks on both student computers. View the resource records of Secondary forward lookup zone: nwtraders. User name: nwtraders\ComputerNameAdmin Password: P@ssw0rd In the Run dialog box. Then you will verify the secondary forward lookup zone resource record configuration by using the ping command. .msft with the master server IP address 192. run the C:\Moc\2277\Labfiles\Lab05\ Dns. nwtraders. type C:\moc\2277\labfiles\lab05\dns. unless the Specific Instructions in the lab state otherwise.

THIS PAGE INTENTIONALLY LEFT BLANK .

Sign up to vote on this title
UsefulNot useful