Module Overview - PowerPoint PPT Presentation

Loading...

PPT – Module Overview PowerPoint presentation | free to download - id: 6830be-M2FhM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Module Overview

Description:

Title: Example Title with Registration Microsoft and Trademark SQL ServerTM Author: jessieg Last modified by: Windows User Created Date: 12/22/2006 12:28:54 AM – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 36
Provided by: jessieg
Learn more at: http://carrieclasses.wikispaces.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Module Overview


1
Module Overview
  • Installing the DNS Server Role
  • Configuring the DNS Server Role
  • Configuring DNS Zones
  • Configuring DNS Zone Transfers
  • Managing and Troubleshooting DNS
  • Overview of the Windows Internet Name Service
  • Configuring WINS Replication
  • Migrating from WINS to DNS

2
Overview of the Domain Name System Role
  • DNS supports accessing resources by using
    alphanumeric names
  • InterNIC is responsible for managing the domain
    namespace

Domain Name System is a hierarchical distributed
database
3
DNS Improvements for Windows Server 2008
New or enhanced features in the Windows Server
2008 version of DNS include
  • Background zone loading
  • IP version 6 support
  • Support for read-only domain controllers
  • Global single names
  • DNSSEC against Spoofing and Man-in-the-middle
    attack
  • Only available in R2 IPv6 environment
  • Three new types of records
  • Signature (SIG), Public Key (KEY), Next
    Domain (NXT)

4
Consideration for deploying DNS Server Role
Manually configuring the server to use a
static IP address
ü
Use the DNS console or dnscmd
ü
The user account must be a member of the
local administrators group or equivalent
ü
dnscmd dns_server_name /ageAllRecords /startSc
avenging /zoneinfo /zoneexport
/info /config /statistics /zoneresetty
pe zonename /primary /secondary /zoneresetse
condaries /zoneresetmaster zonename
5
What Are the Components of a DNS Solution?
DNS Servers on the Internet
DNS Servers
DNS Clients
Root .
Resource Record
.com
.edu
Resource Record
6
DNS Resource Records
DNS Resource Records
DNS resource records include
  • SOA Start of Authority
  • A Host Record
  • CNAME Alias Record
  • MX Mail Exchange Record
  • SRV Service Resources
  • NS Name Servers
  • AAAA IPv6 DNS Record

7
What Are Root Hints?
Root hints contain the IP addresses for DNS root
servers
Root (.) Servers
DNS Servers
Root Hints
com
DNS Server
microsoft
Client
8
What Is a DNS Query?
A query is a request for name resolution and is
directed to a DNS server
  • Queries are recursive or iterative
  • DNS clients and DNS servers both initiate queries
  • DNS servers are authoritative or nonauthoritative
    for a namespace
  • An authoritative DNS server for the namespace
    will either
  • Return the requested IP address
  • Return an authoritative No
  • A nonauthoritative DNS server for the namespace
    will either
  • Check its cache
  • Use forwarders
  • Use root hints

9
What Are Recursive Queries?
A recursive query is sent to a DNS server and
requires a complete answer
mail1.contoso.msft
Database
Local DNS Server
DNS Client
10
What Are Iterative Queries?
An iterative query directed to a DNS server may
be answered with a referral to another DNS server
Iterative Query
Root Hint (.)
Local DNS Server
Ask .com
Iterative Query
.com
Ask nwtraders.com
Recursive Query mail1.nwtraders.com
Iterative Query
172.16.64.11
Authoritative Response
Nwtraders.com
Client Server
11
What Is a Forwarder?
A forwarder is a DNS server designated to resolve
external or offsite DNS domain names
Iterative Query
Forwarder
Root Hint (.)
Ask .com
Iterative Query
.com
Ask nwtraders.com
Recursive Query
172.16.64.11
Iterative Query
Authoritative Response
172.16.64.11
Recursive Query for mail1.nwtraders.com
Nwtraders.com
Local DNS Server
Client Server
12
What Is Conditional Forwarding?
Conditional forwarding forwards requests using a
domain name condition
All other DNS domains
Local DNS
ISP DNS
contoso.msft
Query for www.contoso.msft
Client Computer
Contoso.msft DNS
13
How DNS Server Caching Works
DNS server cache DNS server cache DNS server cache
Host name IP address TTL
ServerA.contoso.msft 192.168.8.44 28 seconds
Wheres ServerA?
ServerA is at 192.168.8.44
ServerA
Client1
Wheres ServerA?
ServerA is at 192.168.8.44
Client2
14
What Is a DNS Zone?
Internet
.
DNS root domain
.com
microsoft.com domain
microsoft.com
www.microsoft.com
ftp.microsoft.com
example.microsoft.com
microsoft.com zone
WWW
FTP
Zone database
Delegated
example.microsoft.com zone
WWW.example
example.microsoft.com
www.example.microsoft.com
ftp.example.microsoft.com
FTP.example
Zone database
15
What Are the DNS Zone Types?
Zones Description
Primary Read/write copy of a DNS database
Secondary Read-only copy of a DNS database
Stub Copy of a zone that contains only records used to locate name servers
Active Directory integrated Zone data is stored in Active Directory rather than in zone files
16
What Are Forward and Reverse Lookup Zones?
Namespace training.nwtraders.msft
Forward zone Training DNS Client1 192.168.2.45
Forward zone Training DNS Client2 192.168.2.46
Forward zone Training DNS Client3 192.168.2.47
Reverse zone 2.168.192.in-addr.arpa 192.168.2.45 DNS Client1
Reverse zone 2.168.192.in-addr.arpa 192.168.2.46 DNS Client2
Reverse zone 2.168.192.in-addr.arpa 192.168.2.47 DNS Client3
DNS Server Authorized for training
DNS Client2 ?
192.168.2.46 ?
DNS Client3
DNS Client1
DNS Client2
17
What Are Stub Zones?
18
DNS Zone Delegation
Contoso.msft
Sales.contoso.msft
Training.contoso.msft
19
What Is a DNS Zone Transfer?
A DNS zone transfer is the synchronization of
authoritative DNS zone data between DNS servers
SOA query for a zone
1
SOA query answered
2
IXFR or AXFR query for a zone
3
IXFR or AXFR query answered (zone transferred)
4
Secondary server
Primary and Master server
20
How DNS Notify Works
A DNS notify is an update to the original DNS
protocol specification that permits notification
to secondary servers when zone changes occur
Resource record is updated
1
Source Server
Destination Server
SOA serial number is updated
2
DNS notify
3
Zone transfer
4
Secondary Server
Primary and Master Server
21
Securing Zone Transfers
  • Restrict zone transfer to specified servers
  • Encrypt zone transfer traffic
  • Consider using Active Directory-integrated zones

Primary Zone
Secondary Zone
22
What Is Time to Live, Aging, and Scavenging?
Feature Description
Time to Live (TTL) Indicates how long a DNS record will remain valid
Aging Occurs when records that have been inserted into the DNS server reach their expiration and are removed
Scavenging Performs DNS server resource record grooming for old records in DNS
23
Troubleshooting DNS
Tool Used to
Nslookup Troubleshoot DNS problems
Dnscmd Edit the DNS configuration
Dnslint Diagnose common DNS issues
You can test the DNS server configuration by
using
  • A recursive query to ensure that the DNS server
    can communicate with the upstream DNS service
  • A simple query to ensure that the DNS service is
    answering
  • Monitor DNS events in the event log to
  • Monitor zone transfer information
  • Monitor computer events

24
What is WINS and When Is WINS Required?
  • WINS resolves NetBIOS name (single label name) to
    ip address
  • WINS is required for the following reasons
  • Older versions of Microsoft operating systems
    rely on WINS for name resolution
  • Some applications, typically older applications,
    rely on NetBIOS names
  • When you need dynamic registration of
    single-label names
  • If users rely on the Network Neighborhood or My
    Network Places network browser features
  • If you are not using Windows Server 2008 as your
    DNS infrastructure

25
Overview of WINS Components
26
WINS Client Registration and Release Process
WINS Client
WINS Server
27
WINS Server Name Resolution Process
Up to three attempts
1
2
3
28
What Are NetBIOS Node Types?
A NetBIOS node type determines the method that a
computer uses to resolve a NetBIOS name
Node type Description Registry value
B-node Uses broadcasts for name registration and resolution 1
P-node Uses a NetBIOS name server, such as WINS, to resolve NetBIOS names 2
M-node Combines B-node and P-node, but functions as a B-node by default 4
H-node Combines P-node and B-node, but functions as a P-node by default 8
29
Compacting the WINS Database
Compacting recovers unused space in a WINS
database
Maintain WINS database integrity by using
  • Dynamic compacting. Automatically occurs while
    the database is in use
  • Offline compacting. Administrator stops the WINS
    server and uses the Jetpack.exe command-line
    tool

30
What Is Push Replication?
  • A push partner notifies replication partners
    based on the number of changes in its database
  • Push replication maintains a high level of
    synchronization

ServerB
ServerA
Subnet 1
Subnet 2
31
What Is Pull Replication?
  • A pull partner requests replication based on a
    time interval
  • Pull replication limits frequency of replication
    traffic across slow links

ServerB
ServerA
Subnet 1
Subnet 2
32
What Is Push/Pull Replication?
Push/pull replication ensures that the databases
on multiple WINS servers are nearly identical at
any given time by
  • Notifying replication partners whenever the
    database reaches a set threshold of changes
  • Requesting replication based on a set time

33
Name Resolution for a Single-Label Name
IPv6 does not support WINS Windows Server 2008
introduces a new zone type for DNS called
GlobalNames Zone
  • Resolves single-label names in the enterprise
    without using WINS
  • Mitigates the management and maintenance of DNS
    suffix search lists
  • Relies on static record creation
  • Requires the zone be available on DNS servers
    throughout the forest

34
What Is the GlobalNames Zone?
The GlobalNames zone
  • Enables Single-Label name resolution for IPV6
    enabled networks
  • Uses CNAME records to point to the FQDN of the
    computer that hosts the resource
  • Is recommended to be integrated in Active
    Directory with forest-wide replication
  • Can be a used as a method to decommission WINS
    servers
  • Requires no additional client configuration
    because the client resolves the name in standard
    DNS query form

35
Setup GlobalNames Zone
Functions of Content Advisor include
Requires authoritative name servers running
Windows Server 2008
ü
Configure forest-wide, Active Directory-integrated
replication of the GlobalNames zone
ü
Create static CNAME records that point to FQDN
records
ü
Disable dynamic updates on the GlobalNames zone
ü
Enable single-label GlobalNames zone support on
all DNS servers that host the zone
ü
Use the following command to enable support for
the GlobalNames zone on all DNS servers hosting
the zone dnscmd /config /EnableGlobalNamessupport
1
About PowerShow.com