Configuring and

Managing Network
Services
Module 8

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 1
 Learning Objectives

After completing this module you should be able to:

• Describe the process used to resolve FQDNs using DNS
• Configure a DNS server
• Troubleshoot common DNS issues
• Describe the process used to obtain IP configuration using DHCP
• Configure a DHCP server
• Troubleshoot common DHCP issues

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 2
 Understanding DNS

• DNS
− Hierarchical namespace used to identify computers on large IP networks
• Zone refers to a part of the namespace
• Resource records in DNS servers
− Contain the FQDN and IP information for computers in a zone
• DNS servers
− Resolve FQDNs to IP addresses (called a forward lookup)
− Resolve IP addresses to FQDNs (called a reverse lookup)
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 3
 The DNS Lookup Process

• Example one: contact a Web server on the Internet using a Web browser from a
home or public network
− Web browser performs a forward lookup of the FQDN
 Allows Web browser to contact the IP address of the Web server
− Forward lookup performed by a single DNS server or a series of servers
• Example two: use a client computer in an organization to resolve an FQDN
− Default forwarder: name for an organization DNS server
 Forwards requests it cannot resolve to other DNS servers instead of
using root hints to perform recursive queries
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 4
 The DNS Lookup Process

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 5
 The DNS Lookup Process

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 6
 Authoritative DNS Server Types

• Zone typically has more than one authoritative DNS server

− Ensures names can be resolved if one server is unavailable
• Primary DNS server
− Contains a read-write copy of a zone file that stores zone resource records
• Secondary DNS servers
− Contain a read-only copy of the zone file from the primary DNS server
− Used to respond to DNS lookup requests
• Zone transfer involves secondary DNS servers copying new resource records
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 7
 Authoritative DNS Server Types

• Active Directory-integrated primary DNS server is a domain controller

− Zone files stored in the Active Directory database and replicated to other
domain controllers configured as DNS servers
− Contains a read-write copy of the zone file in its Active Directory database
• New resource record added to an Active Directory-integrated primary DNS
server
− Replicated immediately using Active Directory to all other Active Directory-
integrated primary DNS servers
− Can be copied from an Active Directory-integrated primary DNS server to a
secondary DNS server (not a domain controller) using a zone transfer
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 8
 Resource Records

• Resource records
− Hold information about a service, FQDN, IP address, or zone on an
authoritative DNS server
− DNS lookups request information contained in specific resource record types
• Host records (A and AAAA)
− Most common resource record types configured on a DNS server
− Provide for forward lookups
− Normally created automatically using the DNS dynamic update feature
− Used to perform services load balancing using round robin feature
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 9
 Resource Records
Table 8-1 Common
DNS resource record
types
Resource record Purpose

A (Host) Resolves an FQDN to an IPv4 address

AAAA (IPv6 Host) Resolves an FQDN to an IPv6 address

Also called an alias, it resolves one FQDN to another FQDN. For example, a CNAME record may be used to
CNAME (Canonical Name)
resolve www.microsoft.com to server05.microsoft.com.

MX (Mail Exchanger) Identifies an email server for a zone

NS (Name Server) Identifies a DNS server that is authoritative for a zone

PTR (Pointer) Resolves an IP address to an FQDN

SOA (Start of Authority) Contains zone configuration information, such as zone transfer settings and the default TTL for resource records

SRV (Service Location) Used to identify the FQDN of a domain controller that provides Active Directory services

Used to relay forward lookup requests for a NetBIOS name to a Windows Internet Name Service (WINS) server.
WINS Lookup
The configuration of WINS is discussed later in this module.

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 10
 Configuring a DNS Server

• Install and configure DNS Server role

− Server role functions as a caching-only DNS server
− Uses root hints and cached entries to respond to lookup requests
• DNS Server role installed by the Active Directory Domain Services role
− Server automatically configured as a default forwarder to the Preferred and
Alternate DNS servers listed in the properties of the network interface
− Network interface modified to ensure local server listed as the Preferred
DNS server
− DNS server configured to be authoritative for the Active Directory domain
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 11
 Configuring a DNS Server

• DNS Server role installed by the Active Directory Domain Services role
(continued)
− Domain resource records stored in an Active Directory-integrated primary
zone
 Allows dynamic updates from computers joined to the domain
• Manage DNS server using the DNS Manager tool

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 12
 Configuring a DNS Server

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 13
 Configuring Primary Zones

• Can create an unlimited number of primary forward and reverse lookup zones
− Hold authoritative resource records for a zone in the Domain Name Space
• Zone configurations
− Allow dynamic updates
− Require resource records to be manually created by the server administrator
• Can configure zone file to be stored in Active Directory if the DNS server is a
domain controller
• After creating a primary lookup zone, access zone properties to modify zone
configuration
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 14
 Configuring Primary Zones

• Creating a primary forward lookup zone

• Start the New Zone Wizard
− Select the zone type for the primary zone
− If the DNS server is a domain controller, Store the zone in Active Directory is
selected by default (can deselect)
 If choosing to create an Active Directory-integrated primary zone, select
the domain controllers to replicate the zone to
− If not an Active Directory-integrated primary zone
 Enter the zone name and choose zone file options
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 15
 Configuring Primary Zones

• Creating resource records

− Zones allowing dynamic updates
 Manually create CNAME and MX records
 Create host records providing for round robin or netmask ordering
− Computers unable to automatically update their resource records
 Create host and PTR records
− Creating a host record
 Right-click a forward lookup zone in DNS Manager
 Click New Host (A or AAAA) to open the New Host window
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 16
 Configuring Primary Zones

• Configuring zone properties

− Configure options after primary zone created
− Right-click zone in DNS Manager tool
 Click Properties
 Modify the zone options

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 17
 Troubleshooting DNS

• Restarting the DNS Server service on a server solves many DNS server-related
problems
• Causes of DNS-related problems
− Missing or misconfigured resource records
 Caused by zones that allow dynamic update
 Caused by zone transfer issues in a secondary zone
− Invalid entry in the DNS cache
 Clear DNS cache entries for DNS lookup
• Troubleshooting tools: nslookup command, DNS manager, and DNS logs
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 18
 Using nslookup

• nslookup command
− Performs forward and reverse lookups
− Lists the DNS server used to perform the lookup
− Identifies authoritative or non-authoritative results
− Output information can help determine the nature of the problem and
possible solutions

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 19
 Using nslookup
Table 8-2 Common solutions to
problems identified by nslookup
Problem Solutions

The DNS server queried by nslookup is incorrect Configure the IP address of the correct DNS server in network interface properties on the resolver.

No results are returned by a lookup for which the Ensure that the correct resource records exist in the zone on the DNS server. Create any missing
DNS server is authoritative resource records and perform a zone transfer to ensure that they are copied to secondary zones.

No results are returned by a lookup for which the
DNS server is non-authoritative
If the correct resource records exist, restart the DNS Server service.
First ensure that the configuration of any stub zones and conditional forwarders is correct.
Next, ensure that the correct IP addresses are listed on the Forwarders tab of DNS server properties
in DNS Manager.

If the DNS server is not configured as a default forwarder, ensure that the DNS server is able to
contact the top-level DNS servers on the Internet using root hints.

The DNS server returned incorrect results for which
the DNS server is authoritative
The DNS server returned incorrect results for which
the DNS server is non-authoritative
Finally, clear the DNS Server cache and restart the DNS Server service.
Modify the associated records in the zone on the DNS server to include the correct information. Next,
clear the DNS cache on the resolver.
Clear the DNS Server cache. Next, clear the DNS cache on the resolver.

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 20
 Using DNS Manager

• Access the Monitoring tab to test if DNS server functioning correctly

− Test option: A simple query against this DNS server
 Failure indicates misconfigured zone on the DNS server or the DNS
Server service needs to be restarted
− Test option: A recursive query to other DNS
 Failure indicates organization firewall blocking DNS requests to the top-
level DNS servers or the root hints file on the DNS server is corrupted
− Can Perform automatic testing at the following interval and specify a time
interval for repeated tests

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 21
 Understanding DHCP

• DHCP process to automatically configure network interface

− DHCP broadcast sent on the network requesting IP configuration information
− DHCP server on the network with a range of IP addresses leases an IP
address to the client computer
 Upon lease expiration, client computer must send another DHCP request
− DHCP servers keep track of IP addresses they lease to client computers
 Ensures no two computers receive the same IP address
• DHCP servers can send client computers DHCP configuration settings
− Numbers identify DHCP options
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 22
 Understanding DHCP

Table 8-3 Common DHCP

options
Option name Description

003 Router Provides the IP address of one or more default gateway routers

Provides the IP address of one or more Network Time Protocol (NTP) servers that can be
004 Time Server
queried for time and time zone information

006 DNS Servers Provides the IP address of one or more DNS servers

Provides a domain name suffix (e.g., domainX.com) that can be used alongside a computer
015 DNS Domain Name
name to provide an FQDN

044 WINS/NBNS Servers Provides the IP address of one or more WINS servers

Configures the order used for NetBIOS name resolution. The default value is 0x8, which
046 WINS/NBT Node Type ensures that WINS servers are queried before NetBIOS broadcasts are used to resolve
NetBIOS names.
Lists the FQDN or IP address of a server that hosts a bootable operating system image (e.g.,
060 PXEClient
a WDS server)

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 23
 The DHCP Lease Process

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 24
 Configuring a DHCP Server

• Install and authorize the DHCP Server role

− Commit to authorize the DHCP server in Active Directory
• Manage a DHCP server by starting the DHCP tool
− Open Server Manager and click DHCP from the Tools menu
• Scopes
− Used to by DHCP tool to organize the IPv4 and IPv6 network settings
− Create scopes representing each network’s IP configuration
− Optionally configure scope and server features for additional functionality
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 25
 Creating a New Scope

• Start the New Scope Wizard

− Supply a name and optional description for the scope
− Specify the IP address range and subnet mask
− Specify IP address exclusions
− Choose the IP address lease duration
 Default lease time: 8 days
− Configure the most common options provided to DHCP clients if desired
 Default gateway, domain name suffix, one or more DNS and WINS
servers
Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 26
 Configuring Scopes

• Folders for viewing or configuring scope features

− Address Pool: IP address range and exclusions configured for a scope
− Address Leases: lists each lease provided to DHCP clients
− Scope Options: lists the DHCP options configured for the scope
− Reservations: provide the same IP address each time a DHCPDISCOVER
is received from a DHCP client having a certain MAC address

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 27
 Configuring Scopes

• Other features modified by accessing the scope properties pane

− Modify the name, description, IP range, and lease duration
− Provide reliable dynamic updates for all DHCP clients
− Modify the default 30-day lease duration

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 28
 Troubleshooting DHCP

• Types of issues to troubleshoot

− Problems related to the DHCP server configuration
− Problems preventing DHCP clients from accessing the network or DHCP
server
• After solving a problem, ensure client can obtain an IP address
− Manually issue a DHCPDISCOVER packet on the DHCP client

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 29
 Troubleshooting DHCP
Table 8-4 Solutions to common
DHCP problems
Problem Solutions

All computers on a network are unable to lease First ensure that the DHCP Service is running. To start the DHCP service, you can highlight the server
addresses object in the navigation pane of the DHCP tool and select More Actions, All Tasks, Start from the Actions
pane.

Next, verify that the DHCP server is authorized. To authorize a DHCP server, highlight the server object in
the navigation pane of the DHCP tool and click More Actions, Authorize from the Actions pane.

Finally, ensure that the associated scope has been activated. To activate a scope, select it in the navigation
pane of the DHCP tool and click More Actions, Activate from the Actions pane.
A single computer is unable to lease an address First confirm that the computer has a physical connection to the network.

Some computers have incorrect address information
Next, confirm that the MAC address of the client is allowed by MAC address filtering on the DHCP server (if
configured), and that addresses are available in the scope. To view available IP addresses for a scope, you
can select the scope in the DHCP tool and click More Actions, Display Statistics from the Actions pane.
Check for the presence of unauthorized DHCP servers on the network running a non-Windows operating
system and remove them if found. Network devices and non-Windows operating systems do not request
authorization from Active Directory and will respond to DHCPDISCOVER packets using their own
configuration.

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 30
 Troubleshooting DHCP
Table 8-4 Solutions to common
DHCP problems
Problem Solutions

A computer receives an IP conflict error after Although DHCP will not lease the same IP address to two different computers, it may lease an IP address
receiving an IPv4 address that was manually configured on another computer on the network. To prevent this, you can configure the
DHCP server to ping an IP address a certain number of times before it is leased to a client computer. If a
ping reply is received, the DHCP server will not lease that IP address. To configure this functionality on a
DHCP server, highlight IPv4 in the DHCP tool and select More Actions, Properties from the Actions pane.
text, highlight the Advanced tab and enter a number greater than 0 in the Conflict detection attempts text
box.

Eckert/triOS College, Hands-On Microsoft Windows Server, 3rd Edition. ©2021 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole
or in part. 31