Implementing Domain Name
•Transferir como PPTX, PDF•
0 gostou•23 visualizações
Implementing Domain Name
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Implementing Domain Name
Semelhante a Implementing Domain Name (20)
Mais de Napoleon NV
Mais de Napoleon NV (14)
Último
Último (20)
Implementing Domain Name
- 1. Microsoft® Official Course Module 7 Implementing Domain Name System
- 2. Module Overview • Name Resolution for Windows Clients and Servers • Installing and Managing a DNS Server • Managing DNS Zones
- 3. Lesson 1: Name Resolution for Windows Clients and Servers • What Are Computer Names? • What Is DNS? • DNS Zones and Records • How Internet DNS Names Are Resolved • What Is LinkLocal Multicast Name Resolution? • How a Client Resolves a Name • Troubleshooting Name Resolution
- 4. What Are Computer Names? Name Description Host name • Up to 255 characters long • Can contain alphabetic and numeric characters, periods, and hyphens • Part of FQDN NetBIOS name • Represent a single computer or group of computers • 15 characters used for the name • 16th character identifies service • Flat namespace
- 5. What Is DNS? DNS can be used to: •Resolve host names to IP addresses •Locate domain controllers and global catalog servers •Resolve IP addresses to host names •Locate mail servers during email delivery
- 6. DNS Zones and Records A DNS zone is a specific portion of DNS namespace that contains DNS records Zone types: • Forward lookup zone • Reverse lookup zone Resource records in forward lookup zones include: • A, MX, SRV, NS, SOA, and CNAME Resource records in reverse lookup zones include: • PTR
- 7. How Internet DNS Names Are Resolved Workstation 207.46.230.219 Local DNS server What is the IP address of www.microsoft.com? Root DNS server .com DNS server Microsoft.com DNS server
- 8. What Is LinkLocal Multicast Name Resolution? LLMNR is an additional method for name resolution that does not use DNS or WINS • LLMNR is designed for IPv6 • Works only on Windows Vista, Windows Server 2008, and all newer Windows operating systems • Network Discovery must be enabled • Can be controlled via Group Policy
- 9. How a Client Resolves a Name 4. NetBIOS Name Cache 5. WINS Server 6. Broadcast 2. DNS Resolver Cache / Hosts file content 1. Local Host Name 7. Lmhosts File 3. DNS Server
- 10. Troubleshooting Name Resolution Common tools for troubleshooting name resolution are: • Consider using the new cmdlets in Windows PowerShell to manage and troubleshoot DNS • Always clear DNS resolver cache before troubleshooting • Use the hosts file for troubleshooting • Isolate problem • Nslookup • Dnscmd • Dnslint • Ipconfig • DNS Server Monitoring
- 11. Lesson 2: Installing and Managing a DNS Server • What Are the Components of a DNS Solution? • What Are Root Hints? • What Are DNS Queries? • What Is Forwarding? • How DNS Server Caching Works • How to Install the DNS Server Role • Demonstration: Installing the DNS Server Role
- 12. What Are the Components of a DNS Solution? DNS Servers on the Internet DNS Servers DNS Resolvers Resource Record Root “.” .com .edu Resource Record
- 13. What Are Root Hints? microsoft DNS Servers DNS Server com Client Root Hints Root (.) Servers Root hints contain the IP addresses for DNS root servers
- 14. What Are DNS Queries? DNS client mail1.contoso.com 172.16.64.11 A recursive query is sent to a DNS server and requires a complete answer Database Local DNS server An iterative query directed to a DNS server may be answered with a referral to another DNS server client Local DNS server Root hint (.) .com Iterative query Ask .com contoso.com • Queries are recursive or iterative • DNS clients and DNS servers initiate queries • DNS servers are authoritative or nonauthoritative for a namespace • An authoritative DNS server for the namespace will either: • Return the requested IP address • Return an authoritative “No” • A nonauthoritative DNS server for the namespace will either: • Check its cache • Use forwarders • Use root hints
- 15. What Is Forwarding? ISP DNS All other DNS domains Local DNS contoso.com DNS Conditional forwarding forwards requests using a domain name condition Client computer A forwarder is a DNS server designated to resolve external or offsite DNS domain names contoso.com Root hint (.) .com Iterative query Ask .com Forwarder Local DNS server client
- 16. Where’s ServerA? ServerA is at 131.107.0.44 Where’s ServerA? ServerA is at 131.107.0.44 How DNS Server Caching Works Client1 Client2 ServerA DNS server cache Host name IP address TTL ServerA.contoso.com 131.107.0.44 28 seconds
- 17. How to Install the DNS Server Role DNS Server Installation Methods • Server Manager • Active Directory Domain Services Installation Wizard Tools available to manage DNS Server • DNS Manager Snap-In • Server Manager • DNS Manager console (dnsmgmt.msc) • DNSCmd command-line tool • Windows Powershell • Remote Server Administrative tools
- 18. Demonstration: Installing the DNS Server Role In this demonstration, you will see how to: • Install a second DNS server • Configure forwarding
- 19. Lesson 3: Managing DNS Zones • What Are DNS Zone Types? • What Are Dynamic Updates? • What Are Active Directory–Integrated Zones? • Demonstration: Creating an Active Directory– Integrated Zone
- 20. What Are DNS Zone Types? Zones Description Primary Read/write copy of a DNS database Secondary Read-only copy of a DNS database Stub Copy of a zone that contains only records used to locate name servers Active Directory– integrated Zone data is stored in AD DS rather than in zone files
- 21. What Are Dynamic Updates? 1. Client sends SOA query 2. DNS server returns SOA resource record 3. Client sends dynamic update request(s) to identify the primary DNS server 4. DNS server responds that it can perform update 5. Client sends unsecured update to DNS server 6. If zone permits only secure updates, update is refused 7. Client sends secured update to DNS server Resource Records DNS Server 1 2 3 4 5 6 7
- 22. What Are Active Directory–Integrated Zones? Benefits of an Active Directory–integrated zone include: • Allows multimaster writes to zone • Replicates DNS zone information by using AD DS replication • Leverages efficient replication topology • Uses efficient incremental updates for Active Directory replication processes • Enables secure dynamic updates • Security: Can delegate zones, domains, resource records contoso.com • hqdc01 • filesvr01 • desktop101 zone
- 23. Demonstration: Creating an Active Directory– Integrated Zone In this demonstration, you will see how to: • Promote a server as a domain controller • Create an Active Directory–integrated zone • Create a record • Verify replication to a second DNS server
- 24. Lab: Implementing DNS • Exercise 1: Installing and Configuring DNS • Exercise 2: Creating Host Records in DNS • Exercise 3: Managing the DNS Server Cache Logon Information Virtual machines 20410B-LON-DC1 20410B-LON-SVR1 20410B-LON-CL1 User name AdatumAdministrator Password Pa$$w0rd Estimated Time: 40 minutes
- 25. Lab Scenario A. Datum Corporation has an IT office and data center in London, which supports the London location and other locations. A. Datum has recently deployed a Windows 2012 Server infrastructure with Windows 8 clients. You need to configure the infrastructure service for a new branch office. Your manager has asked you to configure the domain controller in the branch office as a DNS server. You have also been asked to create some new host records to support a new application that is being installed. Finally, you need to configure forwarding on the DNS server in the branch office to support Internet name resolution.
- 26. Lab Review • Can you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations? • What is the most common way to carry out Internet name resolution on a local DNS? • How can you browse the content of the DNS resolver cache on a DNS server?
- 27. Module Review and Takeaways • Review Questions • Tools • Best Practice • Common Issues and Troubleshooting Tips
Notas do Editor
- Presentation: 45 minutes Lab: 30 minutes After completing this module students will be able to: Describe name resolution for clients and servers. Install and manage Domain Name System (DNS) service. Manage DNS zones. Required Materials To teach this module, you need the Microsoft® Office PowerPoint® file 20410B_07.pptx. Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, all the features of the slides might not display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance.
- Provide a brief overview of the module content.
- This is the introductory lesson to name resolution. Some students may already be familiar with these concepts. If you have students that already understand the basics of name resolution, you can briefly review the first four topics, and then spend more time on Link‑Local Multicast Name Resolution and troubleshooting.
- Discuss different types of names that computers can use. Emphasize that NetBIOS names are rarely used today, and that newer operating systems support them only for legacy applications.
- Describe the tasks for which DNS is used. Emphasize the need to use DNS to locate domain controllers and global catalog servers. DNS that is configured incorrectly is one of the most common causes of slow workstation logons and logon failures. In addition, Active Directory® Domain Services (AD DS) replication may fail if DNS is configured incorrectly.
- Explain to students that a DNS zone is specific portion of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. If students are interested, you can discuss that subdomains can be either a separate zone, or part of the same zone. Explain to students what each type of resource record is used for: host (A). Resolves names to IP addresses (you can use websites as an example) server (SRV). Locates a domain controller mail exchanger (MX). Locates a mail server pointer (PTR). Resolves an IP address to a host name, when troubleshooting Mention that, in most cases, the DNS records required for AD DS are added automatically to the necessary zone by domain controllers and global catalog servers. In addition, workstations and servers create their own A records and PTR records automatically.
- Describe the DNS name resolution process for locating the IP address for www.microsoft.com: A workstation queries the local DNS server for the IP address of www.microsoft.com. If the local DNS server does not have the information, it then queries a root DNS server for the location of the .com DNS servers. The local DNS server then queries a .com DNS server for the location of the Microsoft.com DNS servers. The local DNS server then queries the Microsoft.com DNS server for the IP address of www.microsoft.com. The IP address of www.microsoft.com is returned to the workstation. Mention to students that understanding this process is important when troubleshooting name resolution issues for clients and servers—for example, when a client is unable to access a web-based application or file server. Consider mentioning forwarding and caching as two options that modify the resolution process.
- Explain the basics of LLMNR. Emphasize that this protocol is supported only on newer operating systems. In addition, explain the Network Discovery feature in Network and Sharing Center, and if possible, demonstrate how to turn it on.
- Explain how the name resolution process works, step-by-step. Emphasize the switch from DNS to NetBIOS methods in the process. Mention GlobalNames zone support.
- Discuss troubleshooting techniques for DNS.
- Briefly describe the lesson content.
- List the components of a DNS solution. Ask students to identify the elements that they have used already for a DNS solution.
- Explain what root hints are, and how they are used in name resolving process.
- Explain that a DNS query is used to request name resolution, and that the query is sent to a DNS server. Briefly explain that there are two types of queries: recursive and iterative. DNS servers also can act as DNS clients and send DNS queries to other DNS servers. Explain that a DNS server can be either authoritative or non‑authoritative for the namespace of the query. Explain how recursive queries work. Inform students that they should consider disabling recursive queries for specific domains. In doing so, the DNS server in question will not attempt to forward its DNS requests to another server. This is useful when you do not want a particular DNS server communicating outside of its network. Disabling recursion is performed in the DNS administrative Microsoft Management Console (MMC). Describe the purpose of an iterative query.
- In this topic emphasis the following: Define forwarders and explain their purpose. A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. Define conditional forwarding. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. Go over the example: You can configure a DNS server to forward all of the queries that it receives for names ending with contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers. Describe how conditional forwarding works by referring to the slide. Best Practice. Use conditional forwarders if you have multiple internal namespaces. This results in faster name resolution.
- Explain DNS caching on server and client side. If you have enough time, demonstrate how to view cache content on server and on client.
- Discuss how you can install and manage the DNS server role.
- Preparation Steps Start 20410B‑LON‑DC1 and 20410B‑LON‑SVR1. Demonstration Steps Install a second DNS server Sign in to LON‑DC1 and LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd. On LON‑SVR1, in the Server Manager console, click Add roles and features. On the Before you begin page, click Next. On the Select installation type page, click Next. On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next. On the Select server roles page, click DNS Server. In the Add Roles and Features Wizard window, click Add Features, and then click Next. On the Select Features page, click Next. On the DNS Server page, click Next. On the Confirm installation selections page, click Install. On the Installation progress page, when a message displays that installation succeeded, click Close. Configure forwarding On LON‑SVR1, open the DNS Manager console. In the DNS Manager console, right‑click LON‑SVR1, click Properties, and then click the Forwarders tab.
- In the Forwarders dialog box, click Edit. In the Edit Forwarders page, type 172.16.0.10, and then click OK two times. Note: Leave all virtual machines in their current state for the next demonstration.
- Provide a brief overview of the lesson content.
- Explain that there are four DNS zone types: primary, secondary, stub, and Active Directory–integrated. Make the following points about the zones: Primary Zone DNS server is the primary source for zone information. Stores the master copy of zone data in either a local file or in AD DS. File is named zone_name.dns by default, and is located in %windir%\System32\Dns. Secondary Zone The server is a secondary source for zone information. Must be obtained from another remote DNS server that also hosts the zone. Cannot be stored in AD DS. Stub Zone Windows 2003 introduced stub zones, which solved several problems with large DNS namespaces and multiple tree forests. Active Directory–Integrated Zone Introduce the concept of Active Directory–integrated zones.
- Describe how dynamic updates work. Explain to students that when an IP address is configured (by DHCP or fixed), it is actually the DHCP client service (not to be confused with the DHCP server) that registers a client’s host records. This is triggered when an IP address is added or changed on any network connection. Registration also happens during computer startup. Remind students that you can also activate registration manually using the ipconfig /registerdns command, or by using the Windows PowerShell cmdlet Register-DNSClient. Ask students what would happen if dynamic updates were not enabled. They should answer that the biggest problem would be that domain controllers would not be able to register their records in DNS, so the domain controller records would have to be added manually. Mention to students that the DHCP server can also update client computer resource records dynamically in DNS. Mention that, by default, Windows Server 2012 DNS servers are configured to support secure-only updates for Active Directory–integrated zones. You will be discussing Active Directory–integrated zones more in-depth during the next topic.
- Explain how DNS stores data in AD DS. Briefly review the benefits. Question Can you think of any disadvantages to storing DNS information in AD DS? Answer If you want to replicate DNS data to other non‑Microsoft DNS servers, then you should not store it in AD DS.
- Preparation Steps You need the 20410B‑LON‑DC1, and 20410B‑LON‑SVR1, virtual machines to complete this demonstration. They should already be running after the preceding demonstration. Demonstration Steps Promote LON‑SVR1 as an additional domain controller In the Server Manager console, click Add roles and features. On the Before you begin page, click Next. On the Select installation type page, click Next. On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next. On the Select server roles page, click Active Directory Domain Services. When Add Roles and Features Wizard window displays, click Add Features, and then click Next. On the Select features page, click Next. On the Active Directory Domain Services page, click Next. On the Confirm installation selections page, click Install. On the Installation progress page, when the Installation succeeded message displays, click Close. In the Server Manager console, on the navigation page, click AD DS. At the title bar where Configuration required for Active Directory Domain Services at LON‑SVR1 displays, click More. On the All Server Task Details and Notifications page, click Promote this server to a domain controller.
- In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, ensure that Add a domain controller to an existing domain is selected, and then click Next. On the Domain Controller Options page, select the Domain Name System (DNS) server check box, and leave the Global Catalog (GC) check box selected. Type Pa$$w0rd in both text fields, and then click Next. On the DNS Options page, click Next. On the Additional Options page, click Next. On the Paths page, click Next. On the Review Options page, click Next. On the Prerequisites Check page, click Install. Note: The server will automatically restart as part of the procedure. After LON‑SVR1 restarts, sign in as Adatum\Administrator. Create an Active Directory–integrated zone On LON‑DC1, open Server Manager. Click Tools, and then click DNS. In the DNS Manager console, click and then right‑click LON‑DC1, and then select New Zone. In the New Zone Wizard, click Next. On the Zone Type page, click Primary zone, ensure that the Store the zone in Active Directory option is selected, and then click Next. Note: To the instructor: Point out that this option determines that that zone is in AD DS. On the Active Directory Zone Replication Scope page, review the available options, and then without making any changes, click Next.
- On the Forward or Reverse Lookup Zone page, select Forward lookup zone, and then click Next. On the Zone Name page, in the Zone name field, type Contoso.com, and then click Next. On the Dynamic Update page, review the available options, select Allow only secure dynamic updates, and then click Next. On the Completing the New Zone Wizard page, click Finish. In DNS Manager console, expand Forward Lookup Zones, click Contoso.com, and then review the records that are created automatically. Create a record In the DNS Manager console, expand LON‑DC1, expand Forward Lookup Zones, and then click Contoso.com. Right‑click Contoso.com, and then select New Host (A or AAAA). In the New Host window, in the Name field, type www, in the IP address field, type 172.16.0.100, click Add Host, and then click OK. Click Done. Verify replication to a second DNS server On LON‑SVR1, in the Server Manager console, click Tools, and then click DNS. In the DNS Manager console, expand LON‑SVR1, expand Forward Lookup Zones, and then click Contoso.com. Verify that www resource record exists. It may take a couple of minutes for the record to appear, and you may have to refresh the console display.
- Before the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios will give context to the lab and exercises, and will help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise. Exercise 1: Installing and Configuring DNS As part of configuring the infrastructure for the new branch office, you need to configure a DNS server that will provide name resolution for the branch office. The DNS server in the branch office will also be a domain controller. The Active Directory–integrated zones that are required to support logons will be replicated automatically to the branch office. Exercise 2: Creating Host Records in DNS Several new web-based applications are being implemented in the A. Datum head office. Each application requires that you configure a host record in DNS. You have been asked to create the new host records for these applications. Exercise 3: Managing the DNS Server Cache After you changed some host records in zones configured on LON‑DC1, you noticed that clients that use LON‑SVR1 as their DNS server are still receiving old IP addresses during the name resolving process. You want to determine which component is caching this data.
- Question Can you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations? Answer Yes, you can. However, you cannot create Active Directory–integrated zones on a DNS server that is not a domain controller. Question What is the most common way to carry out Internet name resolution on a local DNS? Answer Companies typically configure their local DNS with a forwarder. That forwarder is most often a DNS server of their ISP. Question How can you browse the content of the DNS resolver cache on a DNS server? Answer You can browse the content of the DNS resolver cache on a DNS server by enabling the Advanced view in the DNS Manager console or by using Windows PowerShell cmdlets.
- Review Questions Question You are troubleshooting DNS name resolution from a client computer. What must you remember to do before each test? Answer You should clear the resolver cache before starting to troubleshoot. Question You are deploying DNS servers into an Active Directory domain, and your customer requires that the infrastructure is resistant to single points of failure. What must you consider when planning the DNS configuration? Answer You should deploy more than one AD DS domain controller with the DNS server role installed. Question What benefits do you realize by using forwarders? Answer Forwarders are used when your local DNS server cannot resolve a query from the client using its own local zones. You usually configure forwarders to resolve Internet names. However, you can also use forwarders to optimize performance, to optimize Internet link usage on your local DNS server, and to enhance security.
- Tools Best Practice: When implementing DNS, use the following best practices: Always use host names instead of NetBIOS names. Use forwarders rather than root hints. Be aware of potential caching issues when troubleshooting name resolution. Use Active Directory–integrated zones instead of primary and secondary zones. Common Issues and Troubleshooting Tips Common Issue: Clients sometimes cache invalid DNS records. Troubleshooting Tip: Clear the cache. Common Issue: DNS Server performs slowly. Troubleshooting Tip: Use the Performance Monitor to measure the load on DNS.