Lesson 4

Configuring and Managing the DNS Server Role

DNS Domain Name System

Windows Server 2008 includes both DNS and Windows Internet Naming System (WINS) name resolution services to allow 2008 computers to translate between human-readable names, which are easier for us humans to understand and remember then IP addresses but they are necessary for TCP/IP communications.
The DNS namespace is hierarchical and based on a unique root that can have any number of subdo-mains. A Fully Qualified Domain Name (FQDN) is the name of a DNS host in this namespace indicating the host’s location relative to the root of the DNS domain tree. An example of an FQDN is host1.subdomain.microsoft.com. The top level is com The Second level domain is microsoft.com which are registered to individuals or organizations. Then second level domains have many subdomains and any domain can have hosts. A host is a specific computer or network device with in a domain such as a computer.
DNS names and the DNS protocol are required for Active Directory domains and for compatibility with the Internet.
A DNS zone is a contiguous portion of a namespace for which a server is authoritative. A server can be authoritative for one or more zones, and a zone can contain one or more contiguous domains. A DNS server is authoritative for a zone if it hosts the zone, either as a primary or secondary DNS server. Each DNS zone contains the resource records it needs to answer queries for its portion of the DNS namespace.

There are several types of DNS servers: primary, secondary, master name, and caching-only.

• A DNS server that hosts a primary DNS zone is said to act as a primary DNS server. Primary DNS servers store original source data for zones. With Windows Server 2003, you can implement primary zones in one of two ways: as standard primary zones (zone data is stored in a text file) or as an Active Directory–integrated zone (zone data is stored in the Active Directory database).
• A DNS server that hosts a secondary DNS server is said to act as a secondary DNS server. Secondary DNS servers are authoritative backup servers for the primary server. The servers from which secondary servers acquire zone information are called masters.
• A caching-only server forwards requests to other DNS servers and hosts no zones, but builds a cache of frequently requested records.

A DNS zone is a collection of host name-to-IP address mappings for hosts in a contiguous portion of the DNS namespace. Contiguous meaning that is, connected by a parent child relationship. For each DNS domain name included in a zone, the zone becomes the authoritative source for information about that domain. These zones are stored in text files or within active directory. Recommended is to have a primary and secondary zone to provide fault tolerance if one of the servers fail. There are four Standard Zones, Standard primary, Standard secondary, Reverse lookup and Stub zones.

• The Standard primary zone hosts a read/write copy of the DNS zone in which resource records are created and managed.
• The Standard secondary zone is a copy of the Standard primary zone. These are copied from the in what is called a zone transfer which can be a full zone transfer (called an AXFR) or an incremental zone transfer (called an IXFR) which only sends updates from the Standard primary zone.
• The reverse zone is a zone which gives the ability to lookup either by IP address or DNS name.
• The Stub zone is a pointer the DNS server that is authoritative for that zone, and it is used to maintain or improve DNS resolution efficiency.

Active Directory – Integrated zones has the following benefits:

• Fault tolerances keeping redundant copies stored on multiple servers.
• Security DNS stored in active directory you can modify the discretionary access control list (DACL). DACL enables you on specify which users and groups may modify the DNS zones.
• These Zones are multi-master meaning that zones can be updated in more than one location.
• Replication is efficient zone transfers are replaced by more efficient Active Directory replication.
• Maintain the use of secondary zones by transferring which can also be transferred in to secondary zones similar to the way file-backed secondary zones are transferred.

DNS Resource Record is the information that is related to the DNS Domain; the host record defining a host IP address and are represented in binary form in packets. Typical Resource record fields are Owner, TTL(time to live), Class, Type and RDATA(Resource Record Data). The following are the different types of resource records:

• SOA(Start of Authority) This record indicates the starting point of the authority for information stored in a zone. It is the first record created when creating a zone and contains zone specific information used for maintaining the zone. It’s RDATA fields are, Authoritative Server, Responsible Person, Serial Number, Refresh, Retry, Expire, and Minimum TTL.
• A(Host) Record maps FQDN to an IPv4 IP address and AAAA(Host) Record maps FQDN to an IPv6 IP address.
• PTR Record performs the reverse function of the A resource record by mapping an IP address to FQDN.
• NS (Name Server) Record identifies a DNS server that is authoritative for a zone; that is, a DNS server that hosts a primary or secondary copy of the DNS zone in questions.
• MX(Mail Exchanger) Record specifies a server that is configured to act as a mail server for a DNS name.
• CNAME (Canonical Name/Alias) Record creates an alias for a specified FQDN. You ca use CNAME records to hide the implementation details of your network from the clients connecting to it.
• SRV (Service Locator) Record enables you to specify the locations of servers that provide a specific network server over a specific protocol and in a specific domain.

The DNS Name Resolution Process starts and passes the query to h the local DNS resolver client service for resolution. If the query cannot be resolved locally it is sent to the preferred DNS server as configured in the clients TCP/IP properties. IF the query does not match an entry in cache the resolution process continues with the client querying a DNS server to resolve the name.

When a query is sent to a DNS the following are the most common responses:

• Authoritative answer is a positive answer returned to the client and delivered with the authority bit set in the DNS message to indicate the answer was obtained from a server with direct authority for the queried name.
• Positive answer can consist of the queried resource record or a list of featured records that fits the queried DNS domain name and record type specified in the query message.
• Referral answer contains additional resource records not specified by the name or type in the query.
• Negative answer is where an authoritative server reported that the queried name exsists but no records of the specified type exist for that name.

Root hints contain the names and IP addresses of the DNS servers authoritative for the root zone. By default, DNS Servers use root hints file, called cache.dns on MS Servers. The DNS Server service must be configured with root hints to resolve queries for names that it is not authoritative for or for which it contains no delegations.

Recursion is one of the two process types for DNS name resolution. A DNS client will request that a DNS server provide a complete answer to a query that does not include pointers to other DNS servers, effectively shifting the workload of resolving the query from the client to the DNS server. The iterative type of query keeps the workload on the client going from one server to the next to get it name resolution. For the DNS server to perform recursion properly, the server needs to know where to begin searching for names in the DNS namespace. This information is provided by the root hints file, cache.dns, which is stored on the server computer.

A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. Conditional forwarding enables a DNS server to forward queries to other DNS servers based on the DNS domain names in the queries.