DOMAIN NAME SYSTEM

WINDOW SERVER 2012 R2

• Describe the structure of Domain Name System

• Install and configure DNS

• Configure DNS zones

• Configure advanced DNS server settings

• Monitor and troubleshoot DNS

 WHY WE USE DNS ?

To function correctly, most applications and services that use

TCP/IP depend on a service to resolve computer names to
addresses and to find computers that offer specific services. In
fact, most network systems today would be almost unusable
without a name-to-address translation system.
 IMPORTANT

For Windows domain networks, DNS is required for

operation because Active Directory depends on it.

 WHAT IS DOMAIN NAME SYSTEM ?

Domain Name System (DNS) is a distributed hierarchical

database composed mainly of computer name and IP address
pairs. A distributed database means no single database
contains all data;
instead, data is spread out among many different servers. In
the worldwide DNS system, data is distributed among
thousands of servers throughout the world. A hierarchical
database, in this case, means there’s a structure to how
information is stored and accessed in the database.
STRUCTURE
OF
DNS
DNS NAMESCE
• Root server:- The root of the tree has 13 DNS(A-M) servers
called root servers scattered about the world that keep a
database of addresses of other DNS servers managing top-level
domain

• Top level domain :- Top-level domain (TLD) servers domain has

servers that maintain addresses of other DNS servers. For
example, the com TLD servers maintain a database containing
addresses of DNS servers for each domain name ending with com,
such as tomsho.com and microsoft.com.

• Secound level Domain:- Second-level DNS server can contain

hostnames, such as www or server1. Hostnames are associated
with an IP address, so when a client looks up the name
www.microsoft.com, the DNS server returns an IP address.

• Sub-domains:- Second-level domains can also have subdomains,

such as the technet in technet.microsoft.com.
DNS resource record types
Record type (code) Description

Start of Authority (SOA) Less a resource than an informational record, the SOA
identifies the name server that’s authoritative for the
domain and includes a variety of timers, dynamic update
configuration, and zone transfer information.

Host (A) The most common resource record; consists of a computer

name and an IPv4 address.

IPv6 Host (AAAA) Like an A record but uses an IPv6 address.

Name Server (NS) The FQDN of a name server that has authority over the domain. NS
records are used by DNS servers to refer queries to another server
that’s authoritative for the requested domain.

Canonical Name (CNAME) A record containing an alias for another record that enables you to
refer to the same resource with different names yet maintain only
one host record. For example, you could create an A record for a
computer named “web” and a CNAME record that points to the A
record but allows users to access the host with the name “www.”
Mail Exchanger (MX) Contains the address of an e-mail server for the domain. Because e-
mail addresses are typically specified as [email protected], the mail
server’s name is not part of the e-mail address. To deliver a
message to the mail server, an MX record query supplies the address
of a mail server in the specified domain.

Pointer (PTR) Used for reverse DNS lookups. Although DNS is used mainly to
resolve a name to an address, it can also resolve an address to a name by
using a reverse lookup. PTR records can be created automatically on
Windows DNS servers.

Service Records (SRV) Allows DNS clients to request the address of a server that provides a
specific service instead of querying the server by name. This type of
record is useful when an application doesn’t know the name of the
server it needs but does know what service is required. For
example, in Windows domains, DNS servers contain SRV records with the
addresses of domain controllers so that clients can request the logon service
to authenticate to the domain.
DNS records can be added to a zone and changed by using one of two
methods:
• Static updates—With this method, an administrator must enter DNS
record information manually. Using this method is reasonable with a
small network of only a few resources accessed by name, but in a large
network, static updates can be an administrative burden.
• Dynamic updates—Referred to as Dynamic DNS (DDNS), computers in the
domain can register or update their own DNS records, or DHCP can update
DNS on the clients’ behalf when a computer leases a new IP address. Both
the client computer and the DHCP server must be configured to use this
feature.
The DNS Lookup Process:
• Iterative query—When a DNS server gets an iterative query, it responds with the best information it
currently has in its local database to satisfy the query, such as the IP address of an A record it retrieves
from a local zone file or cache. If the DNS server doesn’t have the specific information, it might
respond with the IP address of a name server that can satisfy the query; this type of response is called
a referral because the server is referring the DNS client to another server. If the server has no
information, it sends a negative response that essentially says “I can’t help you.” DNS servers usually
query each other by using iterative queries.

• Recursive query—A recursive query instructs the DNS server to process the query until it responds
with an address that satisfies the query or with an “I don’t know” message. A recursive query might
require a DNS server to contact several other DNS servers before it finally sends a response to the
client. Most queries made by DNS clients are recursive queries, and DNS servers also use recursive
queries when using a forwarder.
DNS hierarchical lookup
DNS clients maintain a text file called Hosts that
can contain static DNS entries.

On Windows, this file is stored in: -

%systemroot%\ System32\drivers\etc.
Installing and Configuring DNS
Forward and Reverse Lookup Zones Before you begin creating a zone, you must decide
whether it’s a forward or reverse lookup zone:
• Forward lookup zone—A forward lookup zone (FLZ), the type you work with most often,
contains records that translate names to IP addresses, such as A, AAAA, and MX records.
It’s named after the domain whose resource records it contains, such as csmtech.local.

• Reverse lookup zone—A reverse lookup zone (RLZ) contains PTR records that map IP
addresses to names and is named after the IP network address (IPv4 or IPv6) of the
computers whose records it contains. To create one of these zones, right-click the
Forward Lookup Zones folder or the Reverse Lookup Zones folder in the DNS Manager
console and click New Zone to start the New Zone Wizard.
Primary zone :—A primary zone contains a read/write master copy of all resource records for the zone.
Updates to resource records can be made only on a server configured as a primary zone server, referred to
as the “primary DNS server.” A primary DNS server is considered authoritative for the zone it manages. A
primary zone can be an Active Directory–integrated or a standard zone.

• Secondary zone :—A secondary zone contains a read-only copy of all resource records for the zone.
Changes can’t be made directly on a secondary DNS server, but because it contains an exact copy of the
primary zone, it’s considered authoritative for the zone. Although a secondary zone can be only a standard
zone, not an Active Directory–integrated zone, a file-based secondary zone can be created on a server
that’s not a DC or on a DC in another Active Directory domain or forest. Secondary zones can be used in
this way to resolve names for domain-based resources outside the domain.

• Stub zone :—A stub zone contains a read-only copy of only the SOA and NS records for a zone and the
necessary A records to resolve NS records. A stub zone forwards queries to a primary DNS server for the
zone it holds SOA and NS records for and isn’t authoritative for the zone. A stub zone can be an Active
Directory–integrated or a standard zone.
PowerShell Commands for DNS Management A number of PowerShell commands are available for installing and
configuring DNS. The following commands cover installing DNS and creating a new zone:

• Install-WindowsFeature DNS –IncludeManagementTools —Installs DNS and the DNS management tools.

• Add-DnsServerPrimaryZone csmtech.local -ReplicationScope Domain — Creates an Active Directory–

integrated FLZ named csmtech.local with domain-wide replication scope.

• Add-DnsServerPrimaryZone csmtech.local –ZoneFile csmtech.local.dns —Creates a standard FLZ named

csmtech.local and stores it in a zone file named csmtech.local.dns.

• Add-DnsServerPrimaryZone -NetworkID 10.10.0.0/16 -ReplicationScope Forest —Creates an Active

Directory–integrated RLZ for network ID 10.10.0.0/16 with forest-wide replication scope. The name of the RLZ
is 11.10.in-addr.arpa.

• Add-DnsServerPrimaryZone -NetworkID 10.10.0.0/16 –ZoneFile 10.10.in-addr.arpa.dns —Creates a

standard RLZ for network ID 10.10.0.0/16 and stores it in a zone file named 10.10.in-addr.arpa.dns.

To create secondary or stub zones, the relevant commands are Add-DnsServerSecondaryZone and Add-
DnsServerStubZone. Remember that secondary zones can’t be Active Directory integrated.
PowerShell Commands for Creating DNS Resource Records The following PowerShell cmdlets are
used to create DNS resource records:

• Add-DnsServerResourceRecord -A -ZoneName csmtech.local -Name host1 -IPv4Address

192.168.1.11—Adds an A record named host1 to the csmtech.local zone.

• Add-DnsServerResourceRecord -AAAA -ZoneName csmtech.local -Name host1 -IPv6Address

2001:DB8::11—Adds an AAAA record named host1 to the csmtech.local zone.

• Add-DnsServerResourceRecord -CName -ZoneName csmtech.local -Name h1 –HostNameAlias

host1.csmtech.local—Adds a CNAME (alias) record named h1 with the target host1.csmtech.local.

• Add-DnsServerResourceRecord -Ptr -ZoneName 1.168.192.in-addr.arpa -Name 11.1

-PtrDomainName host1.csmtech.local—Adds a PTR record named host1.csmtech.local with the IP
address 192.168.1.11 to the 1.168.192.in-addr.arpa RLZ.
THANKYOU FOR WATCHING AND BE WITH US

Made by-
RAJAT RAJPUT