Introduction of DNS in Windows Server 2008

December 22, 2011 Leave a comment

What is DNS?

DNS provides name registration and name to address resolution capabilities. And DNS
drastically lowers the need to remember numeric IP addresses when accessing hosts on the
Internet or any other TCP/IP-based network.

Before DNS, the practice of mapping friendly host or computer names to IP addresses was
handled via host files. Host files are easy to understand. These are static ASCII text files that
simply map a host name to an IP address in a table-like format. Windows ships with a HOSTS
file in the \winnt\system32\drivers\etc subdirectory

The fundamental problem with the host files was that these files were labor intensive. A host file
is manually modified, and it is typically centrally administrated.

The DNS system consists of three components: DNS data (called resource records), servers
(called name servers), and Internet protocols for fetching data from the servers.

What is DNS namespace?

A DNS name consists of two or more parts separated by periods, or "dots" (.). The last
(rightmost) part of the name is called the top-level domain (TLD). Other parts of the name are
subdomains of the TLD or another subdomain. The names of the TLDs are either functional or
geographical. Subdomains usually refer to the organization that owns the domain name.
Functional TLD Typically used by …
.com Commercial entities, such as corporations, to
register DNS domain names
.edu Educational institutions, such as colleges,
and public and private schools
.gov Government entities, such as federal, state,
and local governments
.net Organizations that provide Internet services,
such as Internet service providers (ISPs)
.org Private, nonprofit organizations

How DNS resolves a host name to IP address:

DNS clients called resolvers submit queries to DNS servers to be resolved into IP addresses.
Assuming, for example, that you want to connect to http://www.microsoft.com, www is the host
name (or an alias to a different host name), and Microsoft.com is the domain name. The resolver
on your client computer prepares a DNS query for http://www.microsoft.com and submits it to
the DNS server identified in your client computer’s TCP/IP settings, which in this case we
assume is a DNS server on your LAN. The DNS server checks its local cache (which stores
results of previous queries) and database and finds that it has no records for
http://www.microsoft.com. Therefore, the DNS server submits a query to the root server for the
.com domain. The root server looks up the Microsoft.com domain and responds with the IP
address(es) of the name servers for the domain. Your DNS server then submits a query to the
specified DNS server for Microsoft.com, which responds with the IP address of the host www.
Your DNS server in turn provides this information to your resolver, which passes the data to
your client application (in this case, a Web browser), and suddenly the
http://www.microsoft.com site pops up on your browser. Mapping a host name or alias to its
address in this way is called forward lookup.

What is a Zone?

In most cases, a given name server manages all the records for some portion of the DNS
namespace called a zone. The terms ‘‘zone’’ and ‘‘domain’’ are generally synonymous, but not
always. A zone comprises all the data for a domain, with the exception of parts of the domain
delegated to other name servers. A zone is the part of the domain hosted on a particular name
server. The domain comprises the whole of the domain, wherever its components reside.
Whenever the entire domain resides on a single name server, zone and domain are synonymous.

Each zone contains records that define hosts and other elements of the domain or a portion of the
domain contained within the zone. These records are stored collectively in a zone file on the
DNS server. A zone file is a text file that uses a special format to store DNS records. The default
name for a zone file is domain.dns, where domain is the name of the domain hosted by the zone,
such as mcity.us.dns. Windows Server 2008 stores zone files in
%systemroot%\System32\Dns and provides an MMC console to enable you to manage the
contents of the zone files with a graphical interface.
What is Authoritative Server:

A name server that has full information about a given zone is said to be authoritative or has
authority for the zone. A given name server can be authoritative for any number of zones and can
be both authoritative for some and no authoritative for others.

What are DNS Zone types?

Each DNS server provides for several different types of zones, including primary, secondary,
stub, and Active Directory–integrated. You can have forward and reverse lookup zones in each
of these zone types. A forward lookup zone resolves a computer’s fully qualified domain name
(FQDN) to its IP address, whereas a reverse lookup zone resolves an IP address to the
corresponding FQDN.

Primary Zones

A name server can be either a primary master or a secondary master. A primary master maintains
locally the records for those domains for which it is authoritative. The system administrator for
a primary master can add new records; modify existing records, and so on, on the primary
master.

A primary zone is a master copy of zone data hosted on a DNS server that is the primary
source of information for records found in this zone. This server is considered to be
authoritative for this zone, and you can update zone data directly on this server. It is also
known as a master server. If the zone data is not integrated with AD DS, the server holds this
data in a local file named <zone_name.dns> that is located in the %system root%\system32\DNS
folder.

Secondary Zones

A secondary master for a zone pulls its records for the zone from a primary master through a
process called a zone transfer. The secondary master maintains the zone records as a read-
only copy and periodically performs zone transfers to refresh the data from the primary
master. You control the frequency of the zone transfers according to the requirements of the
domain

Active Directory–Integrated Zones

An Active Directory–integrated zone stores its data in one or more application directory
partitions that are replicated along with other AD DS directory partitions. This helps to
ensure that zone data remains up-to-date on all domain controllers hosting DNS in the
domain. Using Active Directory–integrated zones also provides the following benefits:

 It promotes fault tolerance because data is always available and can always be updated
even if one of the servers fails. If a DNS server hosting a primary zone outside of AD DS
 fails, it is not possible to update its data because no mechanism exists for promoting a
secondary DNS zone to primary.
 Each writable domain controller on which DNS is installed acts as a master server and
allows updates to the zones in which they are authoritative; no separate DNS zone
transfer topology is needed.
 Security is enhanced because you can configure dynamic updates to be secured; by
contrast, zone data not integrated with AD DS is stored in plain-text files that
unauthorized users could access, modify, or delete. Either primary or stub zones can be
integrated with AD DS. It is not possible to create an Active Directory–integrated
secondary zone.

Stub Zone – A stub zone is a copy of the primary zone that only contains resource records
for the authoritative DNS servers for that zone. A server hosting a stub zone must
download the zone data and ongoing updates to the data from another server hosting the
same zone. When properly implemented stub zones can improve name resolution efficiency by
allowing DNS servers to complete recursive queries without having to query the Internet or
internal root servers. Stub zones also tend to be less processor intensive than conditional
forwarding.

A stub zone consists of:

•The start of authority (SOA) resource record, name server (NS) resource records, and the
glue A resource records for the delegated zone.
•The IP address of one or more master servers that can be used to update the stub zone.

What are DNS Resolvers:

A DNS resolver is a service that uses the DNS protocol to query for information from DNS
servers. DNS resolvers communicate with either remote DNS servers or the DNS server program
running on the local computer. In Windows Server 2003, the function of the DNS resolver is
performed by the DNS Client service. Besides acting as a DNS resolver, the DNS Client service
provides the added function of caching DNS mappings.

What are Resource Records?

Resource records are DNS database entries that are used to answer DNS client queries. Each
DNS server contains the resource records it needs to answer queries for its portion of the DNS
namespace. Resource records are each described as a specific record type, such as host address
(A), alias (CNAME), and mail exchanger (MX).

 Host (A) resource records: this type of record maps a hostname to a 32-bit IPv4 address.
 AAAA resource records: these map a hostname to a 128-bit IPv6 address.
 Name Service (NS) records: this kind of record maps a domain name to a list of DNS
servers authoritative for the domain.
  Service location (SRV) resource records: this type maps a DNS domain name to a list
of computers that provide a service, for example, an SRV RR is required for computers to
locate Active Directory domain controllers.
 Mail exchange (MX) resource records: this kind of record maps a DNS domain name
to the name of a mail exchange computer for the domain.
 Alias (CNAME) resource records: also called canonical name records, these allow you
to configure multiple DNS names to resolve to a single host.
 Pointer (PTR) resource records: this type of record is used for the reverse lookup
process

What is Reverse Lookup zone:

Forward lookup maps names to addresses, enabling a resolver to query a name server with a host
name and receive an address in response. A reverse query, also called reverse lookup, does just
the opposite — it maps an IP address to a name. The client knows the IP address but needs to
know the host name associated with that IP address. Reverse lookup is most commonly used to
apply security based on the connecting host name, but it is also useful if you’re working with a
range of IP addresses and gathering information about them.

What is Recursion?

If the queried name does not find a matched answer at its preferred server—either from its cache
or zone information—the query process continues in a manner dependent on the DNS server
configuration. In the default configuration, the DNS server performs recursion to resolve the
name. In general, recursion in DNS refers to the process of a DNS server querying other DNS
servers on behalf of an original querying client. This process, in effect, turns the original DNS
server into a DNS client.

If recursion is disabled on the DNS server, the client performs iterative queries by using root
hint referrals from the DNS server. Iteration refers to the process of a DNS client making
repeated queries to different DNS servers.

What is Server Forwarding?

A forwarder is a DNS queries for external DNS names to DNS servers outside of the network.
You use forwarders to manage DNS traffic sent from your internal network to the Internet.
Conditional forwarders forward queries for specific domain names do certain servers, for
example, you may want to configure conditional forwarding to more quickly resolve hostnames
for your organization’s most important business partners.

To configure forwarders you configure the network’s firewalls to block outbound DNS traffic
from all DNS servers except the forwarders. Then you specify the IP addresses of the forwarders
on the other DNS servers in your network. You define the list of forwarders in DNS Manager
from the Forwarders tab in the Properties dialog box for the DNS server by clicking Edit and
entering the list of IP address in the Edit Forwarders dialog box. To define a conditional
forwarder select a DNS domain name before entering the IP address of the DNS server.
What are Root Hints:

As discussed previously, DNS servers use the list of root hint servers to located authoritative
name servers for domains at a higher level or in other subtrees of the DNS namespace. When you
add the DNS server role a file called cache.dns is written to %systemroot%\System32\dns, this
file includes the NS and A resource records for the Internet’s root servers. If you are using DNS
in a network that is not connected to the Internet you may wish to replace this list of root hints
with your own. You can modify the list in DNS Manager by doing the following:

1. Right-click on the server and select Properties.

2. Click the Root Hints tab.
3. Modify the list as appropriate, as shown in figure 10:
1. Click Add… to create a new record.
2. Select a record and click Edit… to modify an existing record.
3. Select a record and click Remove to delete an existing record.
4. Click Copy from Server and then specify the IP address to retrieve the list of
root hints from another DNS server. This action will not overwrite any existing
root hints.

In next article we will discuss step by step installation and configuration of DNS in Windows
Server 2008.

Interview questions on DNS

Is the DNS protocol involved when a users pings a website name

Yes it is involved. When the user pings the website name, a DNS request packet is sent to the DNS server
which would then respond with the IP address of the web server on which the website is hosted.

On a network, should the DNS server IP address be configured on the computer or the internet router
for users to browse the internet

The DNS server IP address should be configured on the computer for the users to browse the internet.

In a LAN network should the DNS server be inside the network or can it reside on the internet

The DNS server can reside anywhere as long as the computers and devices requiring DNS service have
network access to it.

How does a computer know to which DNS server it has to sent the request

The DNS server IP address is configured on the TCP/IP adapter setting of the computer. With this information,
the computer knows the DNS server to which the request has to be sent.

How many root DNS servers are available in the world

13

Which port does a DNS Server Use

UDP port 53

A user opens the browser and types the IP address of the webserver on which a website is hosted. Is
DNS protocol involved during the scenario?

The DNS protocol is used to resolve the website name into the corresponding IP address. In this case, since the
IP address is already known, DNS protocol is not required and is not involved in the scenario.

Name two methods by which DNS can be configured on a computer

It can be manually configured on the TCP/IP adapter or by a DHCP server.

If a computer is configured with a default gateway address, should the same address be used as the DNS
server IP address

It is not mandatory. The DNS server IP address can be any value provided the computer has access to it.

What happens when you ping a DNS server IP address

A response to the ping is sent by the DNS server IP address.