In the previous post, we discussed one of the important services offered by the Windows Server 2012 R2 and one of the Exam 70-410 objective, which was DHCP services.
You can find that here.
Today, we will be looking at another important service called Domain Name System (DNS). In simple terms, it is a service that translates host names to IP addresses.
In this objective, we will be covering the following:
- Configure Active Directory Integration of Primary Zones.
- Configure Forwarders.
- Configure Roothints.
- Manage DNS Cache.
- Create A and PTR resource records.
Introduction
Before we proceed further, we first need to understand the basic functionality of the DNS services with respect to the Windows Server environment.
DNS Servers provide name resolution. When a query is sent to the DNS server, it will provide with the information that is present with itself.
In other cases, a DNS server will query another DNS server for help. They also remember previous requests that are not present with itself in the form of caching.
DNS Hierarchies and Queries
I would like to explain the DNS Hierarchy and the queries with the help of a diagram.
Now let us say that a client machine is requesting to resolve the hostname www.whitehouse.gov
You can see on the right side of the image how the DNS servers have specific information only with them so that they are responsible only for that information.
It also helps in the delegation, otherwise every DNS server on the internet should have all the DNS entries and it is just not feasible.
In the first step, the client sends a recursive query to the Name Server (DNS Server) present in its own environment asking to resolve the hostname www.whitehouse.gov. The DNS server realises that it does not have the details with itself.
In the net step, it sends an iterative query to the Root Name Servers asking for further details.
In the third step, the local Name Server gets the response for the iterative query referring to the .gov Name Servers.
In the fourth step, the Server again sends an iterative query to the .gov Name Server asking for the details regarding www.whitehouse domain.
In the fifth step, it gets a response back referring to the whitehouse.gov name server.
In the sixth step, it makes another iterative query to the whitehouse.gov Name Server.
In the seventh step, since the whitehouse.gov server has the information regarding the details for www.whitehouse.gov hostname, it replies with an answer.
In the eighth step, the local DNS Server passes that information back to the resolver.
Configure Active Directory Integration of Primary Zones
At first, you will want to install the DNS Server role on the Windows Server 2012 R2 machine.
There are multiple ways to install the role, we will see all of them.
From Server Manager, Click on Manage> Add Roles and Features > DNS
Another way would be to install using the DISM utility.
Dism /online /enable-feature:DNS-Server-Full-Role
Last but not the least, using PowerShell.
Install-WindowsFeature -Name DNS -IncludeManagementTools
When you are running a DNS Server on a computer that is a Domain Controller and you store the zone in AD while creating the zone in the New Zone wizard, the server does not create a zone database file.
Instead, the server stores the DNS resource records for the zone in the AD DS datastore.
The advantages of this method are ease of administration, conservation of network bandwidth and increased security.
In AD integrated zone, the zone data is replicated to all other DC's, along with other AD data.
By default, the replication occurs within the domain where the data is stored.
AD conserves network bandwidth by replicating only the DNS data that has changed since the last replication and by compressing the data before transmitting it over the network.
Along with this, there are other zone types which we will see shortly.
Creating new Active Directory Integrated Zone
Open DNS Manager, go to Forward Lookup Zone, Right Click and select New Zone.
You will be presented with various options, select Primary Zone with Active Directory integrated.
As I said earlier, the zone data is transferred only to the DC's within the domain by default.
Creating New Primary Zone
Open DNS Manager, go to Forward Lookup Zone, Right Click and select New Zone.
In this case, we will click on the check box, Active Directory Integrated.
Provide the name of the zone, in our case, we will provide newzone. It will create a new zone file.
Next up, you will be presented with an option on how to allow updated to the zone.
As you can see, the safest option is not to allow Do not allow dynamic updates. And you must also notice that how the first option is greyed out as we did not select AD integrated zone.
The DNS zone file is stored in the following location.
C:\Windows\System32\dns\zonename.dns
Configure Forwarders
One of the scenarios in which DNS servers send recursive queries to other servers is when you configure a server to function as a forwarder.
You may not want all your DNS servers to send queries to other DNS servers on the internet, due to reasons like network bandwidth utilization etc.
To prevent this, Windows Server 2012 R2 DNS Server enables you to configure one server to function as a forwarder for all internet queries by other servers on the network.
Anytime a server has to resolve the name on the internet and fails to find the information in its cache, it transmits a recursive query to the forwarder, which is responsible for sending an iterative query over the internet connection.
Once the forwarder resolves the name, it sends a reply back to the original DNS server, which relays it to the client.
As you can see in the above example, I have configured Google's public DNS Server to be used as the Forwarder.
Configure Roothints
Most DNS Servers must be able to contact the root name servers to initiate name resolution processes.
Most server implementations, including thr Microsoft DNS Servers, are preconfigured with names and addresses if multiple root name servers. These are called Root Hints.
The 13 root name servers are located ina domain called root-servers.net and are named using letters of the alphabet.
Manage DNS Cache
The DNS name resolution process might seem long and complex, but in many cases it isn't necessary for the client's DNS server to send queries to the servers for each DNS server specified in the query.
This is because the DNS servers are capable of storing the information in the cache that is obtained during the name resolution process on the local hard drive.
If one request is already made regarding an IP address of the remote machine, the DNS server can give the same information that is stored in the when asked again by the client machine.
In addition, if a client requests another name in one of the same domains, the server can send a query directly to an authoritative server for that domain rather than to a root name server.
Caching is a vital element of the DNS architecture because it reduces the number of requests sent to the root name and top-level domain servers.
The amount of time that DNS data remains cached on a server is called its time to live (TTL).
To modify these values, right click on the zone and open up the properties sheet.
As you can see, that the default value is set to 1 hour.
Create A and PTR Resource Records
There are several types of resource records used by DNS Servers, most important ones are:
- Start of Authority (SOA): Indicates that the server is the best authorative source for data connecting the zone. Each zone must have an SOA record and only one SOA record can be in a zone.
- Name Server (NS): Identifies a DNS server functioning as an authority for the zone. Each DNS server in a zone must be represented by an NS record.
- Address (A): Provides name to address mapping for IPv4 Addresses.
- Address (AAAA): Provides name to address mapping for IPv6 Addresses.
- PTR (Pointer): Provides address to name mapping. This is opposite of A or AAAA records, used for reverse lookups only.
- Canonical Name (CNAME): Creates an alias that points to the canonical name (the 'real' name) of a host identified by an A record.
- Mail Exchange (MX): Identifies a system that will direct email traffic to an address in the domain to the individual recipient, a mail gateway or another mail server.
This covers the Exam 70-410 Objective 4.3 - Deploy and Configure DNS Services.
I hope this has been informative and thank you for reading.