Showing posts with label dns. Show all posts
Showing posts with label dns. Show all posts

Thursday, February 3, 2011

DNS Servers


   On the client side, a DNS resolver is used to send queries to DNS servers. The resolver is normally part of a library routine or it is built into the application. DNS uses zone files to keep name and IP address database information for the internet domain or hierarchical set of domains. Zones are storage of information in a file for a DNS domain or DNS sub-domains (DNS domains are not the same as Windows domains). DNS does not yet support dynamic configuration but has been modified for Windows systems to do so. Different aliases may be created by the administrator for the same host. Three types of name servers as defined by how it relates to the zone information:

  • Primary - Locally stored files exist on the name server data base. The master zone file copy is stored here.
  • Secondary - Gets data called a zone transfer from another server that is the zone authority.
  • Caching Only - Caches name server information and does not contain its own files.
  • Primary - Locally stored files exist on the name server data base. The master zone file copy is stored here.
  • Secondary - Gets data called a zone transfer from another server that is the zone authority.
  • Caching Only - Caches name server information and does not contain its own files.

   A primary and secondary name server should be used on a network. When a zone is defined, some server must be configured to be a master name server for the zone. There can be different master name servers for different zones. The master server provides copies of the zone information to the secondary DNS server. Name servers can be configured to get information from other name servers when the information is not found in the local database. These types are forwarders and slaves. Name servers as categorized by function:
  • Master - The zone authority that contains the master zone files.
  • Forwarders - A name server that passes name resolution requests to other name servers. This configuration is done on a per server basis.
  • Slaves - Slave name servers are configured to use forwarders.

Windows introduces additional terminology:
  • Standard primary - The same as a primary DNS server listed above. This is a master server by function.
  • Active Directory Integrated (primary) - DNS entries are stored with Active Directory data rather than a normal zone file. More than one of these Active Directory primary servers may exist due to Active directory replication. This term is used to refer to both the Active Directory Integrated zones and files that support the zone.
  • Standard secondary - The same as a secondary DNS server listed above. This is a slave server by function.
  • Root server - The server that has the DNS data for the root zone. The root zone is the organization internal network root zone or internet root zone. It is used when a private network is not directly on the internet (no connection or via proxy server).
   If the DNS server is connected to the internet, the DNS Server Wizard will not allow the DNS server to be configured as a root server.

DNS Zones
Possible zones include:
  • Forward lookup zone - Name to IP address map.
  • Reverse lookup zone - IP address to name map.
  • Standard primary zone (primary zone) - A master copy of a forward or reverse lookup zone.
  • Active Directory integrated zone - A copy of a standard primary or Active Directory integrated zone. The IP address and computer name is stored in Active Directory and replicated to all local domain controllers. DNS information is not replicated to domain controllers outside the domain.
  • Standard secondary zone (secondary zone)

Monitoring DNS
   Select "Start", "Programs", "Administrative Tools", "DNS". Highlight the DNS server name, select "Action", "Properties" and click the Monitoring tab. Tabs include:
  • Interfaces
  • Forwarders
  • Advanced
  • Root Hints
  • Logging - Used to set logging options to be sent to the file SystemRoot\system32\dns\dns.log. Options representing DNS events are Query, Notify, Update, Questions, Answers, Send, Receive, UDP, TCP, Full packets, and Write through.
  • Monitoring - Select and perform tests such as a simple query to this DNS server or a recursive query to another DNS server.
The Event Log will also show and DNS problems. The "Event Viewer" is an administrative tool.

Zone Properties Dialog Box
Tabs:
  • General - Sections:
    • Status - The status is indicated and a "Pause" button allows DNS to be paused.
    • Zone type - Has a "Change" button that allows setting the zone type to one of standard primary, standard secondary, and Active Directory integrated.
    • Allow dynamic updates - Updates can be allowed from DHCP servers.
  • Start of Authority (SOA) - Correspond to the SOA properties listed above.
    • Serial number - If less than master's SN, the slave will get a new copy of this file from the master.
    • Primary server
    • Responsible person
    • Refresh interval - The time in seconds between when the slave compares this file's SN with the master.
    • Retry Interval - The time the server should wait before asking again if the master fails to respond to a file update (SOA request).
    • Expires after - Time in seconds the slave server can respond even though it cannot get an updated zone file. Needs to be longer than the refresh interval.
    • Minimum TTL - The time to live (TTL) in seconds that a resolver will use data that was received from a nameserver before it will ask for the same data again.
    • TTL for this record - Defines the TTL for the SOA record.
  • Name Servers
  • WINS - Controls whether WINS is used to resolve names in this zone.
  • Zone Transfers - Determines how requests for zone transfers from other servers are handled. These are the choices:
    • No zone transfers.
    • Allow zone transfers only to specified servers listed in this tab.
    • Allow zone transfers to servers listed in the name servers tab only.
    • Allow zone transfers to any server.
  • Security

Configuring DNS
   Characters allowed in DNS names are:  A-Z a-z 0-9 -
The characters /. _ are illegal. Configuration keywords:
  • Interfaces - Specifies interfaces to use on a multi-homed host.
  • Forwarders - Specifies other name servers to use as a forwarder.
  • Boot Method - Display whether the boot method is through the use of the registry or data files.
DNS files are stored in: \WINNTROOT\System32\DNS

Hosts File
   The Hosts file at \SystemRoot\system32\drivers\etc can act as a replacement for DNS which is a file containing IP addresses and DNS names for hosts. Files in this directory include:
  • Hosts
  • Protocol
  • Lmhosts - NetBIOS name to IP address.

DNS Tools
NSLOOKUP - It is run from the command prompt. 
Syntax: nslookup [-options] [searchname] [-server]
To see options, "Help" can be typed at the NSLOOKUP command prompt.

DNS Record types:
  • A - Address record allowing a computer name to be translated into an IP address. Each computer must have this record for its IP address to be located. These names are not assigned for clients that have dynamically assigned IP addresses, but are a must for locating servers with static IP addresses.
  • AAAA Host resource record for IPv6 protocol.
  • AFDSB - Andrew File System Database resource record
  • ATMA - Asynchronous Transfer Mode resource record.
  • CNAME - Canonical name allowing additional names or aliases to be used to locate a computer.
  • HINFO - Host information record with CPU type and operating system.
  • ISDN - Integrated Services Digital Network resource record.
  • MB - Mailbox resource record.
  • MG - Mail group resource record.
  • MINFO - Mailbox mail list information resource record.
  • MR - Mailbox renamed resource record.
  • MX - Mail Exchange server record. There may be several.
  • NS - Name server record. There may be several.
  • PTR - Pointer resource record.
  • RP - Responsible person.
  • RT - Route through resource record for specifying routes for certain DNS names.
  • SOA - Start of Authority record defines the authoritative server and parameters for the DNS zone. These include timeout values, name of responsible person,
  • SRV - Service locator resource record to map a service to servers providing the service. Windows 2000 clients will use this record to find a domain controller.
  • TXT - Test resource record for informative text.
  • WKS - Well known service resource record.
  • X25 - To map a host name to an X.25 address.

http://www.comptechdoc.org/os/windows/win2k/win2kdns.html
Posted by at No comments:
Tags:

Tuesday, February 1, 2011

SRV Records of Domain Controller in DNS Zone


   The following knowledge helps you to determine the problem if SRV records of a domain controller is not registered in the DNS Zone of that domain.
   The following may happen when SRV records of a domain controller are not registered in DNS Zone of that domain:
  • All the client computers make take long time to log on to the domain.
  • Client computers stuck at Applying Computer Settings.
  • Group Policy settings may not apply.
  • Folder Redirection policy is not working
  • Software Installation is not working.
  • Replication between domain controllers is not happening.
  • An application is giving error about SRV records. An application may use DNS to locate domain controllers by sending SRV queries.
  • Nslookup returns error when querying using SRV records.
  • Pinging of SRV records (_ldap, _keberos etc) are not successful.
  • Group Policy Objects are not syncing.
   The SRV records may be the cause the above. The SRV Records of a domain controller in the domain plays an important role in Active Directory. Active Directory can not work without a DNS server. The DNS server in Active Directory is used to locate Domain Controllers in the forest or domain with the help of SRV records. Service Records or SRV records are registered specifically for domain controllers when you promote a member server to domain controller. The Netlogon service on domain controller is responsible to register SRV records.
   You can use the following methods to re-register SRV records of a domain controller in the domain DNS zone:
    1. Restart the Netlogon service on domain controller.
    2. Run DcDiag /fix
    3. Run NetDiag /ifx
    4. Re-register from Netlogon.dns file in \Windows or Winnt\System32\Config directory.
   The Netlogon.dns file is created when you promote a member server to domain controller.

http://msmvps.com/blogs/systmprog/archive/tags/Active+Directory/default.aspx
Posted by at No comments:
Tags: ,

Monday, January 31, 2011

Zones and Records

Zones are an important concept in DNS. A zone is a container that represents a domain on DNS server. The zone contains the records to that domain. There are three types of zones primary, secondary and stub zones.

Every domain, immediately below a TLD, has a zone, such as blogspot.com, but sub-domains, such as scorpits.blogspot.com can be contained within the parent zone or in their own zones. A zone represents a domain in a DNS server, and it contains all of the records of the domain. Sometimes a zone will also contain sub-domains. All zones begin with a SOA record and contain NS records. Zones are typically contained in a zone file, a specially formatted text file that contains all of the records for the zone.
  • A Primary zone is the master copy of the zone information; typically you'll only have one primary zone for a domain, but it is possible to have more than one in a multiple master configuration.
  • A Secondary zone contains a copy of all of the records in the primary zone; secondary zones are used for redundancy, in case the DNS server containing the primary zone goes down. The secondary zone still contains a copy of the data and can be used for DNS resolution.
  • Stub zones only contain name server records, and are used for delegation. When a DNS server is registered as the authoritative DNS server for a domain, stub zones are used to delegate that authority to other DNS servers. 
Those servers will then contain the primary and secondary zones for the domain. Only the primary zone can be edited; when primary zones are edited secondary zones are updated automatically through the zone transfer process, once their time to live expires. 
Zone transfers are used to copy the primary zone to any servers containing corresponding secondary zones. Incremental zone transfers are used where possible, primarily between Microsoft DNS servers. An incremental zone transfer only transfers the data that is changed, since the last zone transfer, so the process is faster and uses less bandwidth. When incremental transfers are not possible, or not supported, full zone transfers are done where the entire zone is transferred each time a change is made to the primary zone.

A sub-domain is set below parent domains; an example of a sub-domain is scorpits.blogspot.com, which resides below the parent domain blogspot.com. Sub-domains can be contained within the parent zone; they can also be contained in their own zone. In addition, through the use of stub zones, sub-domains can reside on other DNS servers. Stub zone indicates that the authority for the zone is delegated to another system.
Posted by at No comments:
Tags: ,
Subscribe to: Comments (Atom)