Mary Help College

Implementing, Managing, and Hardware and Networking Service

Maintaining Name Resolution

By Mohammed H.
Implementing, Managing, and Maintaining Name
Resolution
• Objectives in this Information sheet
– Install and configure the DNS Server service

• Configure DNS server options

• Configure DNS zone options

• Configure DNS forwarding

– Manage DNS

• Manage DNS zone settings

• Manage DNS record settings

• Manage DNS server options

2
 Implementing, Managing, and
Maintaining Name Resolution
• Why was the DNS Server service installed as part of the
installation of Active Directory?
– ANSWER

• Active Directory requires a DNS server that is capable of

hosting the records required for the domain to be present
on the network. When no such DNS server was found, the
DNS Server service was installed along with Active
Directory.
 Cont…

Determining Namespace Requirements

• Before installing a DNS server, it is important to do some
planning. Because of the extensive integration of DNS and
Active Directory in Windows Server 2003,an administrator
must take great care to get their DNS implementation correct
the first time around. This process can be started by
realistically answering the following three questions.

4
 Cont…

• Will the DNS namespace being created be used for internal

purposes only? If the answer is no, the network administrator
will need to ensure that they adhere to all requirements of
RFC1123.If the answer is yes, they have much more flexibility.
They might create a namespace such as mcsaworld.corp.This can
be thought of as the internal namespace.

5
 Cont…

• Will the DNS namespace also be used on the Internet? If

yes,the network administrator should seriously consider
registering a domain name for their organization with one of
the many domain name registrars available.This will also
impact their namespace naming system per the requirements
of RFC1123.This can be thought of as the external
namespace.

6
 Cont…
• Will the network administrator be implementing Active
Directory on their network? If yes, the network administrator
should consider creating Active Directory integrated zones
(discussed later in this chapter).The administrator will also need to
ensure that any third-party DNS servers,such as Berkeley Internet
Name Domain (BIND),meet the requirements of Active Directory.
 Cont…
• An internal namespace could be a Windows Server 2003
DNS infrastructure with the name mcsaworld.corp
• Conversely, the external namespace could be reached via
Internethosted DNS as mcsaworld.com so visitors could be
directed to the Web server with that domain name. It is
recommended that the internal namespace be kept private for
security reasons.
 Determining Zone Type Requirements

• A zone of authority (zone) is a file that contains the complete

information on a portion of a domain namespace—it is a
subset of a domain
• name server (or multiple servers when DNS is Active
Directory-integrated) is authoritative for every zone and will
respond to any request that a client makes for name resolution
against that zone
 Cont…
• Zones store data in a zone database file (or zone file) located
on the DNS server.
• Windows Server 2003 keeps its DNS zone files in the
following location: %systemroot%\system32\dns. If Active
Directory-integrated zones are implemented, the actual zone
data is stored in the Active Directory database with the rest of
the Active Directory data
 Cont…

• A forward lookup zone is a specific zone file used to resolve an IP

address from an FQDN.
• A reverse lookup zone does the exact opposite, resolving an FQDN from
an IP address.Both types of lookup zones have their purposes, and for best
results should always be configured and deployed within the DNS zones.
While the DNS resolution process works perfectly without a reverse
lookup zone configured, an administrator will not be able to get maximum
power from the nslookup command,a command-line utility used to
perform command-line name resolution and troubleshooting
 Determining Forwarding Requirements

• DNS forwarding,it is important to understand how the name

resolution sequence occurs.In a Windows TCP/IP network,all
clients are DNS resolvers,meaning they have been configured
with the IP address of one or more DNS servers and can
perform name resolution queries against these DNS
servers.The DNS resolver is part of the DNS Client service
 Cont…
• .When a resolver performs a name resolution query against a DNS server,it
is one of two types:
– Recursive Query A DNS query sent from the resolver or a DNS
server to a DNS server, asking that DNS server to provide a complete
answer to that query or reply with an error stating that it cannot provide
the required information.
– Iterative Query A DNS query sent from the resolver or another DNS
server in an effort to perform name resolution.
 Cont…
• where a client computer located in the bigcorp.com zone wants to
contact a File Transfer Protocol (FTP) server located in the
syngress.com zone.The process by which the client (the DNS
resolver) obtains the requested IP address is explained in the
following steps:
– Step one: The client computer performs a recursive query against
its local DNS server (hosting the bigcorp.com zone) for the IP
address of the FTP server located in the syngress.com zone.
 Cont…
– Step 2: The local DNS server does not know this information,
but is configured as a forwarder so it then issues an iterative
query to one of the root DNS servers requesting the IP
address of the FTP server located in the syngress.com zone.
– Step 3: The root DNS server does not know this IP address,
but does know the IP address of the DNS server responsible
for the syngress.com zone; therefore it provides this IP
address to the bigcorp.com DNS server.
 Step…
– Step 4: The local DNS server issues another iterative query,
this time to the DNS server that is authoritative for the
syngress.com zone, asking for the IP address of the FTP
server.
– Step 5 The syngress.com DNS server is the authoritative
server for the syngress.com zone so it can provide the
requested name resolution service.Thus,it returns the
requested IP address to the local DNS server.
 Cont…

– Step 6 The local DNS server passes this IP address

information along to the client, completing the
name resolution process.
– Step 7. The client uses this IP address to initiate a
connection to FTP server ftp.syngress.com.
 INSTALLING AND CONFIGURING THE
WINDOWS SERVER 2003 DNS SERVICE

• 1. Launch the Configure Your Server Wizard by clicking Start |

Programs | Administrative Tools | Configure Your Server Wizard.
• 2. Click Next to dismiss the opening page of the Configure Your
Server Wizard.
• 3. Ensure that you have completed all of the preliminary steps
displayed in the Preliminary Steps dialog box, as seen in Figure 6.5,
and click Next to continue.
Cont…
 Cont…

• The Configure Your Server Wizard will briefly

examine your network connections and operating
system, as seen in Figure 6.6, before continuing. If
necessary, you will be alerted to any problems that
are found, such as misconfigured network adapters.
Cont…
 Cont…
• If no problems are found, you will be presented with the
Server Role dialog box, as seen in Figure 6.7. Select the DNS
server option and click Next to continue.
 Cont…
• On the Summary of Selections dialog box, as seen in Figure
6.8, you will have the opportunity to view the actions the
Wizard will perform for you. Click Next to continue.
 Cont…
• The Windows Component Wizard will briefly appear while it is
installing the required files for the DNS service. You may be
prompted to specify the location of your Windows Server 2003
CD-ROM or setup files during this step.
• The Configure a DNS Server Wizard appears, as seen in Figure
6.9. You may wish to review the DNS server configuration
checklist before continuing. When you are ready to start the
configuration of your new DNS server, click Next to continue.
Cont…
 Cont…
• On the Select Configuration Action dialog box, as seen in
Figure 6.10, select the type of lookup zones you want to
configure. For the best performance in any size network select
the Create forward and reverse lookup zones option. Click
Next to continue.
Cont…
• On the Forward Lookup Zone dialog box, as seen in Figure
6.11, select whether or not you want to create a forward
lookup zone at this time. Select the Yes, create a forward
lookup zone now (recommended) option. Click Next to
continue.
Cont…
 Cont…
• On the Zone Type dialog box, as seen in Figure 6.12, select
the type of zone you are creating. As you can see, the Active
Directory integrated option is not available—this DNS server
is not a domain controller. Select the Primary zone option.
Click Next to continue
Cont…