2. Module Overview
• Name Resolution for Windows Clients and Servers
• Installing and Managing a DNS Server
• Managing DNS Zones
3. Lesson 1: Name Resolution for Windows Clients
and Servers
• What Are Computer Names?
• What Is DNS?
• DNS Zones and Records
• How Internet DNS Names Are Resolved
• What Is LinkLocal Multicast Name Resolution?
• How a Client Resolves a Name
• Troubleshooting Name Resolution
4. What Are Computer Names?
Name Description
Host name
• Up to 255 characters long
• Can contain alphabetic and numeric
characters, periods, and hyphens
• Part of FQDN
NetBIOS name
• Represent a single computer or
group of computers
• 15 characters used for the name
• 16th character identifies service
• Flat namespace
5. What Is DNS?
DNS can be used to:
•Resolve host names to IP addresses
•Locate domain controllers and global catalog
servers
•Resolve IP addresses to host names
•Locate mail servers during email delivery
6. DNS Zones and Records
A DNS zone is a specific portion of DNS namespace
that contains DNS records
Zone types:
• Forward lookup zone
• Reverse lookup zone
Resource records in forward lookup zones
include:
• A, MX, SRV, NS, SOA, and CNAME
Resource records in reverse lookup zones include:
• PTR
7. How Internet DNS Names Are Resolved
Workstation
207.46.230.219
Local DNS server
What is the IP address
of
www.microsoft.com?
Root DNS server
.com DNS server
Microsoft.com
DNS server
8. What Is LinkLocal Multicast Name Resolution?
LLMNR is an additional method for name
resolution that does not use DNS or WINS
• LLMNR is designed for IPv6
• Works only on Windows Vista, Windows Server
2008, and all newer Windows operating systems
• Network Discovery must be enabled
• Can be controlled via Group Policy
9. How a Client Resolves a Name
4. NetBIOS Name Cache
5. WINS
Server
6. Broadcast
2. DNS
Resolver
Cache /
Hosts file
content
1. Local Host Name
7. Lmhosts File
3. DNS
Server
10. Troubleshooting Name Resolution
Common tools for troubleshooting name resolution
are:
• Consider using the new cmdlets in Windows
PowerShell to manage and troubleshoot DNS
• Always clear DNS resolver cache before
troubleshooting
• Use the hosts file for troubleshooting
• Isolate problem
• Nslookup
• Dnscmd
• Dnslint
• Ipconfig
• DNS Server Monitoring
11. Lesson 2: Installing and Managing a DNS Server
• What Are the Components of a DNS Solution?
• What Are Root Hints?
• What Are DNS Queries?
• What Is Forwarding?
• How DNS Server Caching Works
• How to Install the DNS Server Role
• Demonstration: Installing the DNS Server Role
12. What Are the Components of a DNS Solution?
DNS Servers on
the Internet
DNS
Servers
DNS
Resolvers
Resource
Record
Root “.”
.com
.edu
Resource
Record
13. What Are Root Hints?
microsoft
DNS
Servers
DNS
Server
com
Client
Root
Hints
Root (.) Servers
Root hints contain the IP addresses for
DNS root servers
14. What Are DNS Queries?
DNS client
mail1.contoso.com
172.16.64.11
A recursive query is sent to a DNS server and requires
a complete answer
Database
Local DNS server
An iterative query directed to a DNS server may be
answered with a referral to another DNS server
client
Local DNS server Root hint (.)
.com
Iterative query
Ask .com
contoso.com
• Queries are recursive or iterative
• DNS clients and DNS servers initiate queries
• DNS servers are authoritative or nonauthoritative for a
namespace
• An authoritative DNS server for the namespace will
either:
• Return the requested IP address
• Return an authoritative “No”
• A nonauthoritative DNS server for the namespace will
either:
• Check its cache
• Use forwarders
• Use root hints
15. What Is Forwarding?
ISP DNS
All other DNS domains
Local DNS
contoso.com DNS
Conditional forwarding forwards requests using a domain
name condition
Client
computer
A forwarder is a DNS server designated to resolve external or
offsite DNS domain names
contoso.com
Root hint (.)
.com
Iterative query
Ask .com
Forwarder
Local DNS server client
17. How to Install the DNS Server Role
DNS Server Installation Methods
• Server Manager
• Active Directory Domain Services Installation Wizard
Tools available to manage DNS Server
• DNS Manager Snap-In
• Server Manager
• DNS Manager console (dnsmgmt.msc)
• DNSCmd command-line tool
• Windows Powershell
• Remote Server Administrative tools
18. Demonstration: Installing the DNS Server Role
In this demonstration, you will see how to:
• Install a second DNS server
• Configure forwarding
19. Lesson 3: Managing DNS Zones
• What Are DNS Zone Types?
• What Are Dynamic Updates?
• What Are Active Directory–Integrated Zones?
• Demonstration: Creating an Active Directory–
Integrated Zone
20. What Are DNS Zone Types?
Zones Description
Primary
Read/write copy of a DNS
database
Secondary Read-only copy of a DNS database
Stub
Copy of a zone that contains only
records used to locate name
servers
Active
Directory–
integrated
Zone data is stored in AD DS rather
than in zone files
21. What Are Dynamic Updates?
1. Client sends SOA query
2. DNS server returns SOA resource record
3. Client sends dynamic update request(s) to identify the
primary DNS server
4. DNS server responds that it can perform update
5. Client sends unsecured
update to DNS server
6. If zone permits only
secure updates, update is
refused
7. Client sends secured
update to DNS server
Resource
Records
DNS
Server
1 2 3 4 5 6 7
22. What Are Active Directory–Integrated Zones?
Benefits of an Active Directory–integrated zone include:
• Allows multimaster writes to zone
• Replicates DNS zone information by using AD DS
replication
• Leverages efficient replication topology
• Uses efficient incremental updates for Active Directory
replication processes
• Enables secure dynamic updates
• Security: Can delegate zones, domains, resource records
contoso.com
• hqdc01
• filesvr01
• desktop101
zone
23. Demonstration: Creating an Active Directory–
Integrated Zone
In this demonstration, you will see how to:
• Promote a server as a domain controller
• Create an Active Directory–integrated zone
• Create a record
• Verify replication to a second DNS server
24. Lab: Implementing DNS
• Exercise 1: Installing and Configuring DNS
• Exercise 2: Creating Host Records in DNS
• Exercise 3: Managing the DNS Server Cache
Logon Information
Virtual machines 20410B-LON-DC1
20410B-LON-SVR1
20410B-LON-CL1
User name AdatumAdministrator
Password Pa$$w0rd
Estimated Time: 40 minutes
25. Lab Scenario
A. Datum Corporation has an IT office and data center in
London, which supports the London location and other
locations. A. Datum has recently deployed a Windows
2012 Server infrastructure with Windows 8 clients. You
need to configure the infrastructure service for a new
branch office.
Your manager has asked you to configure the domain
controller in the branch office as a DNS server. You have
also been asked to create some new host records to
support a new application that is being installed. Finally,
you need to configure forwarding on the DNS server in the
branch office to support Internet name resolution.
26. Lab Review
• Can you install the DNS server role on a server
that is not a domain controller? If yes, are there
any limitations?
• What is the most common way to carry out
Internet name resolution on a local DNS?
• How can you browse the content of the DNS
resolver cache on a DNS server?
27. Module Review and Takeaways
• Review Questions
• Tools
• Best Practice
• Common Issues and Troubleshooting Tips
Notas do Editor
Presentation: 45 minutes
Lab: 30 minutes
After completing this module students will be able to:
Describe name resolution for clients and servers.
Install and manage Domain Name System (DNS) service.
Manage DNS zones.
Required Materials
To teach this module, you need the Microsoft® Office PowerPoint® file 20410B_07.pptx.
Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, all the features of the slides might not display correctly.
Preparation tasks
To prepare for this module:
Read all of the materials for this module.
Practice performing the demonstrations and the lab exercises.
Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance.
Provide a brief overview of the module content.
This is the introductory lesson to name resolution. Some students may already be familiar with these concepts. If you have students that already understand the basics of name resolution, you can briefly review the first four topics, and then spend more time on Link‑Local Multicast Name Resolution and troubleshooting.
Discuss different types of names that computers can use. Emphasize that NetBIOS names are rarely used today, and that newer operating systems support them only for legacy applications.
Describe the tasks for which DNS is used.
Emphasize the need to use DNS to locate domain controllers and global catalog servers. DNS that is configured incorrectly is one of the most common causes of slow workstation logons and logon failures. In addition, Active Directory® Domain Services (AD DS) replication may fail if DNS is configured incorrectly.
Explain to students that a DNS zone is specific portion of the DNS namespace that can contain DNS records. Give microsoft.com as an example of a zone. If students are interested, you can discuss that subdomains can be either a separate zone, or part of the same zone.
Explain to students what each type of resource record is used for:
host (A). Resolves names to IP addresses (you can use websites as an example)
server (SRV). Locates a domain controller
mail exchanger (MX). Locates a mail server
pointer (PTR). Resolves an IP address to a host name, when troubleshooting
Mention that, in most cases, the DNS records required for AD DS are added automatically to the necessary zone by domain controllers and global catalog servers. In addition, workstations and servers create their own A records and PTR records automatically.
Describe the DNS name resolution process for locating the IP address for www.microsoft.com:
A workstation queries the local DNS server for the IP address of www.microsoft.com.
If the local DNS server does not have the information, it then queries a root DNS server for the location of the .com DNS servers.
The local DNS server then queries a .com DNS server for the location of the Microsoft.com DNS servers.
The local DNS server then queries the Microsoft.com DNS server for the IP address of www.microsoft.com.
The IP address of www.microsoft.com is returned to the workstation.
Mention to students that understanding this process is important when troubleshooting name resolution issues for clients and servers—for example, when a client is unable to access a web-based application or file server.
Consider mentioning forwarding and caching as two options that modify the resolution process.
Explain the basics of LLMNR. Emphasize that this protocol is supported only on newer operating systems. In addition, explain the Network Discovery feature in Network and Sharing Center, and if possible, demonstrate how to turn it on.
Explain how the name resolution process works, step-by-step. Emphasize the switch from DNS to NetBIOS methods in the process. Mention GlobalNames zone support.
Discuss troubleshooting techniques for DNS.
Briefly describe the lesson content.
List the components of a DNS solution. Ask students to identify the elements that they have used already for a DNS solution.
Explain what root hints are, and how they are used in name resolving process.
Explain that a DNS query is used to request name resolution, and that the query is sent to a DNS server.
Briefly explain that there are two types of queries: recursive and iterative. DNS servers also can act as DNS clients and send DNS queries to other DNS servers.
Explain that a DNS server can be either authoritative or non‑authoritative for the namespace of the query.
Explain how recursive queries work.
Inform students that they should consider disabling recursive queries for specific domains. In doing so, the DNS server in question will not attempt to forward its DNS requests to another server. This is useful when you do not want a particular DNS server communicating outside of its network. Disabling recursion is performed in the DNS administrative Microsoft Management Console (MMC).
Describe the purpose of an iterative query.
In this topic emphasis the following:
Define forwarders and explain their purpose. A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network.
Define conditional forwarding. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query.
Go over the example:
You can configure a DNS server to forward all of the queries that it receives for names ending with contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.
Describe how conditional forwarding works by referring to the slide.
Best Practice. Use conditional forwarders if you have multiple internal namespaces. This results in faster name resolution.
Explain DNS caching on server and client side. If you have enough time, demonstrate how to view cache content on server and on client.
Discuss how you can install and manage the DNS server role.
Preparation Steps
Start 20410B‑LON‑DC1 and 20410B‑LON‑SVR1.
Demonstration Steps
Install a second DNS server
Sign in to LON‑DC1 and LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd.
On LON‑SVR1, in the Server Manager console, click Add roles and features.
On the Before you begin page, click Next.
On the Select installation type page, click Next.
On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.
On the Select server roles page, click DNS Server.
In the Add Roles and Features Wizard window, click Add Features, and then click Next.
On the Select Features page, click Next.
On the DNS Server page, click Next.
On the Confirm installation selections page, click Install.
On the Installation progress page, when a message displays that installation succeeded, click Close.
Configure forwarding
On LON‑SVR1, open the DNS Manager console.
In the DNS Manager console, right‑click LON‑SVR1, click Properties, and then click the Forwarders tab.
In the Forwarders dialog box, click Edit.
In the Edit Forwarders page, type 172.16.0.10, and then click OK two times.
Note: Leave all virtual machines in their current state for the next demonstration.
Provide a brief overview of the lesson content.
Explain that there are four DNS zone types: primary, secondary, stub, and Active Directory–integrated. Make the following points about the zones:
Primary Zone
DNS server is the primary source for zone information.
Stores the master copy of zone data in either a local file or in AD DS.
File is named zone_name.dns by default, and is located in %windir%\System32\Dns.
Secondary Zone
The server is a secondary source for zone information.
Must be obtained from another remote DNS server that also hosts the zone.
Cannot be stored in AD DS.
Stub Zone
Windows 2003 introduced stub zones, which solved several problems with large DNS namespaces and multiple tree forests.
Active Directory–Integrated Zone
Introduce the concept of Active Directory–integrated zones.
Describe how dynamic updates work.
Explain to students that when an IP address is configured (by DHCP or fixed), it is actually the DHCP client service (not to be confused with the DHCP server) that registers a client’s host records. This is triggered when an IP address is added or changed on any network connection. Registration also happens during computer startup. Remind students that you can also activate registration manually using the ipconfig /registerdns command, or by using the Windows PowerShell cmdlet Register-DNSClient.
Ask students what would happen if dynamic updates were not enabled. They should answer that the biggest problem would be that domain controllers would not be able to register their records in DNS, so the domain controller records would have to be added manually.
Mention to students that the DHCP server can also update client computer resource records dynamically in DNS. Mention that, by default, Windows Server 2012 DNS servers are configured to support secure-only updates for Active Directory–integrated zones. You will be discussing Active Directory–integrated zones more in-depth during the next topic.
Explain how DNS stores data in AD DS. Briefly review the benefits.
Question
Can you think of any disadvantages to storing DNS information in AD DS?
Answer
If you want to replicate DNS data to other non‑Microsoft DNS servers, then you should not store it in AD DS.
Preparation Steps
You need the 20410B‑LON‑DC1, and 20410B‑LON‑SVR1, virtual machines to complete this demonstration. They should already be running after the preceding demonstration.
Demonstration Steps
Promote LON‑SVR1 as an additional domain controller
In the Server Manager console, click Add roles and features.
On the Before you begin page, click Next.
On the Select installation type page, click Next.
On the Select destination server page, ensure that LON‑SVR1.Adatum.com is selected, and then click Next.
On the Select server roles page, click Active Directory Domain Services.
When Add Roles and Features Wizard window displays, click Add Features, and then click Next.
On the Select features page, click Next.
On the Active Directory Domain Services page, click Next.
On the Confirm installation selections page, click Install.
On the Installation progress page, when the Installation succeeded message displays, click Close.
In the Server Manager console, on the navigation page, click AD DS.
At the title bar where Configuration required for Active Directory Domain Services at LON‑SVR1 displays, click More.
On the All Server Task Details and Notifications page, click Promote this server to a domain controller.
In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, ensure that Add a domain controller to an existing domain is selected, and then click Next.
On the Domain Controller Options page, select the Domain Name System (DNS) server check box, and leave the Global Catalog (GC) check box selected. Type Pa$$w0rd in both text fields, and then click Next.
On the DNS Options page, click Next.
On the Additional Options page, click Next.
On the Paths page, click Next.
On the Review Options page, click Next.
On the Prerequisites Check page, click Install.
Note: The server will automatically restart as part of the procedure.
After LON‑SVR1 restarts, sign in as Adatum\Administrator.
Create an Active Directory–integrated zone
On LON‑DC1, open Server Manager.
Click Tools, and then click DNS.
In the DNS Manager console, click and then right‑click LON‑DC1, and then select New Zone.
In the New Zone Wizard, click Next.
On the Zone Type page, click Primary zone, ensure that the Store the zone in Active Directory option is selected, and then click Next.
Note: To the instructor: Point out that this option determines that that zone is in AD DS.
On the Active Directory Zone Replication Scope page, review the available options, and then without making any changes, click Next.
On the Forward or Reverse Lookup Zone page, select Forward lookup zone, and then click Next.
On the Zone Name page, in the Zone name field, type Contoso.com, and then click Next.
On the Dynamic Update page, review the available options, select Allow only secure dynamic updates, and then click Next.
On the Completing the New Zone Wizard page, click Finish.
In DNS Manager console, expand Forward Lookup Zones, click Contoso.com, and then review the records that are created automatically.
Create a record
In the DNS Manager console, expand LON‑DC1, expand Forward Lookup Zones, and then click Contoso.com.
Right‑click Contoso.com, and then select New Host (A or AAAA).
In the New Host window, in the Name field, type www, in the IP address field, type 172.16.0.100, click Add Host, and then click OK.
Click Done.
Verify replication to a second DNS server
On LON‑SVR1, in the Server Manager console, click Tools, and then click DNS.
In the DNS Manager console, expand LON‑SVR1, expand Forward Lookup Zones, and then click Contoso.com.
Verify that www resource record exists. It may take a couple of minutes for the record to appear, and you may have to refresh the console display.
Before the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios will give context to the lab and exercises, and will help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise.
Exercise 1: Installing and Configuring DNS
As part of configuring the infrastructure for the new branch office, you need to configure a DNS server that will provide name resolution for the branch office. The DNS server in the branch office will also be a domain controller. The Active Directory–integrated zones that are required to support logons will be replicated automatically to the branch office.
Exercise 2: Creating Host Records in DNS
Several new web-based applications are being implemented in the A. Datum head office. Each application requires that you configure a host record in DNS. You have been asked to create the new host records for these applications.
Exercise 3: Managing the DNS Server Cache
After you changed some host records in zones configured on LON‑DC1, you noticed that clients that use LON‑SVR1 as their DNS server are still receiving old IP addresses during the name resolving process. You want to determine which component is caching this data.
Question
Can you install the DNS server role on a server that is not a domain controller? If yes, are there any limitations?
Answer
Yes, you can. However, you cannot create Active Directory–integrated zones on a DNS server that is not a domain controller.
Question
What is the most common way to carry out Internet name resolution on a local DNS?
Answer
Companies typically configure their local DNS with a forwarder. That forwarder is most often a DNS server of their ISP.
Question
How can you browse the content of the DNS resolver cache on a DNS server?
Answer
You can browse the content of the DNS resolver cache on a DNS server by enabling the Advanced view in the DNS Manager console or by using Windows PowerShell cmdlets.
Review Questions
Question
You are troubleshooting DNS name resolution from a client computer. What must you remember to do before each test?
Answer
You should clear the resolver cache before starting to troubleshoot.
Question
You are deploying DNS servers into an Active Directory domain, and your customer requires that the infrastructure is resistant to single points of failure. What must you consider when planning the DNS configuration?
Answer
You should deploy more than one AD DS domain controller with the DNS server role installed.
Question
What benefits do you realize by using forwarders?
Answer
Forwarders are used when your local DNS server cannot resolve a query from the client using its own local zones. You usually configure forwarders to resolve Internet names. However, you can also use forwarders to optimize performance, to optimize Internet link usage on your local DNS server, and to enhance security.
Tools
Best Practice: When implementing DNS, use the following best practices:
Always use host names instead of NetBIOS names.
Use forwarders rather than root hints.
Be aware of potential caching issues when troubleshooting name resolution.
Use Active Directory–integrated zones instead of primary and secondary zones.
Common Issues and Troubleshooting Tips
Common Issue: Clients sometimes cache invalid DNS records.
Troubleshooting Tip: Clear the cache.
Common Issue: DNS Server performs slowly.
Troubleshooting Tip: Use the Performance Monitor to measure the load on DNS.