DNS...

DNS Server Configuration

CP 423
 ● Domain Name System
●The Domain Name System (DNS) is a hierarchical,
distributed database that maps logical host names to IP
addresses.
●With DNS, users reference computers using logical hostnames
and those hostnames are translated to IP addresses using DNS
A DNS server is responsible for performing this service on a
●

TCP/IP network.
Facts about DNS
●A DNS server holds a database of hostnames and their
corresponding IP addresses. Clients query the DNS server to
get the IP address of a given host.
●Prior to using DNS servers, name resolution used a static file,
called the HOSTS file, saved on each host computer. The
HOSTS file is still used, but is typically only used in the
absence of a DNS server.
Facts about DNS
● The DNS hierarchy is made up of the following components:
. (dot) domain (also called the root domain)
✔

Top Level Domains (TLDs) (.com, .edu, .gov)

✔

Second‐level (SLDs) and additional (Sub) domains

✔

Hosts
✔
Facts about DNS
●A fully qualified domain name (FQDN) includes the host name and the name of all
domains back to root.
●DNS is a distributed database because no one server holds all of the DNS information.
Instead, multiple servers hold portions of the data.
Each division of the database is held in a zone database file.
✔

✔Zones typically contain one or more domains, although additional servers might
hold information for child domains.
✔DNS servers hold zone files and process name resolution requests from client
systems.
 Facts about DNS
●A forward lookup uses the host name (or the FQDN) to find the IP address. A reverse lookup
uses the IP address to find the host name (or FQDN).
●Entries for hostnames, IP addresses, and other information in the zone database are stored in
records.
✔ The A record maps a host name to an IP address and is used for forward lookups.
✔ The PTR record maps an IP address to a host name and is used for reverse lookups.
✔ The CNAME record provides an alternate name (an alias) for a host
✔ The SRV record identifies a service, such as an Active Directory domain controller
Facts about DNS
●Records in the DNS database are created manually, or
dynamically using Dynamic DNS (DDNS).
●With DDNS, hosts automatically register and update
their corresponding records with the DNS server.
 IP Resolution
●When a client computer needs to find the IP address for a host
name, the following process is used:
1. The client examines its HOSTS file for the IP address.
2. If the IP address is not in the HOSTS file, it examines its
local DNS cache for the IP address.
3. If the IP address is not in the cache, the client sends the
request to a DNS server.
 Name Resolution
●When a DNS server receives a name resolution
request from a client, the following process is used:
●0. The DNS server examines its local DNS cache for
the IP address.
 Name Resolution
1. If the IP address is not in the server cache, it checks its
HOSTS file.
2. If the information is not in the HOSTS file, the server checks
any zones for which it is authoritative.
An authoritative server is a DNS server that has a full,
complete copy of all the records for a particular zone.
 Name Resolution
●3. If the server does not host the zones for the requested information, it
uses one of the following processes:
✔ If configured for forwarding, the DNS server forwards the name
resolution request to another DNS server. The DNS server waits for
a response from the other DNS server.
✔ If configured for recursion (also called referral), the DNS server
queries root domain servers, top‐level domain servers, and other
DNS servers in an iterative manner until it find the DNS server that
hosts the target domain.
 Name Resolution
For example, to resolve the host name www.microsoft.com:
●

1. The server queries a root server for the .com server.

2. It then queries the .com server for the microsoft.com server.
3. It then queries the microsoft.com DNS server for the www host
information
4. After the information is found or received from another server, the
DNS server returns the result to the client, and places the information in
its server cache
 Name Resolution
●A caching‐only DNS server has no zone information;
it is not authoritative for any domains. It uses
information in its server cache, or forwarding or
recursion, to respond to client queries.
DNS Server Configuration
 DNS….
Open DNS management console
●

The top level indicates the name of the DNS server itself
●

Explore the server settings by right-click and then properties

●

The settings you see are responsible for binding the interfaces to the DNS server.
●

By default all interfaces will accept and resolve DNS queries.

●

Click on the forwarders tab.

●

●Forwarders help to speed up the resolution process for DNS queries by sending queries
no to the root servers but a third server like Google or CloudFlare, which adevertises
itself as the fasters DNS server on the internet
 DNS...
●If you click Edit (under Forwarders tab), you can enter the IP addresses
of the Google DNS server. You can use 8.8.8.8 or 8.8.4.4
The process of resolving an IP address to an FQDN is call reverse lookup
●

You can add further IP address of Cloudflare which is 1.1.1.1

●

●In the advanced tab, you can see the DNS server version number, and
other options
 DNS Scavenging
●DNS scavenging is the process of deleting stale DNS records
that are no longer in use
●This function is useful to keep the database maintained and
helps to avoid potential connectivity issues
●It is important because in Active Directory environment
computers automatically create and update their DNS records
to facilitate seamless connectivity inside a domain
 DNS...
Click another Tab called Root Hints.
●

●You can see the default settings for the DNS root servers according to the
Internet Assigned Numbers Authority.
●The authoritative name servers that serve the DNS root zone commonly
known as the root servers or network of hundreds of servers in many
countries around the world.
They are configured in the DNS root zone as 13 name authorities
●

●Their names in the form of letters dot root servers dot net, where letter
goes from a to m.
 DNS ...
●The security tab, represents the standard MS Windows
security settings
● You can define who can access the DNS servers here
The monitoring tab, is used to set up and automated
●

DNS testing on your server

 DNS...
●The event logging tab is used to adjust logging settings
of the DNS server.
 DNS Records
●All DNS records have a time to live value that
specifies the amount of time recursive DNS servers
will keep that record in the cache after querying the
authoritative server.
●Mail exchange records specifies the mail server to
handle incoming email for a domain
 Split-brain DNS and DNS Policies
●Split-brain DNS is a genius implementation method
allows you to solve a problem that arises when a
network resource needs to be accessed from both
internal network and the Internet.
Split-Brain DNS
 Split-brain DNS and DNS Policies
●It is useful in the case when you have a website www.careers.contoso.com hosted on
internal network (internal web server) Or another version of the website that is available for
external users
In normal configurations, administrator would require two DNS servers for such a service
●

However from windows server 2016, you can use DNS policies to host these zones
●

You would need to have a multi home DNS server with one network adapter configured
●

with a public IP, and the one network adapter configured with a private IP
 Assignment
● To create DNS policies for split-brain DNS