Académique Documents
Professionnel Documents
Culture Documents
DNS
What is DNS?
Internet Protocol
Distributed database Maps hierarchically organized keys to
values
Name space
Developed to replace hosts file
DNS Namespace
.(
root)
com
mil
org
edu
gov
net
arpa
uk
fr
3com
dell
ati
co
ac
ox
ic
chem
oucs
bnc
DNS Namespace
Hierarchical tree of domains Root Top level domains (gov, edu, com, fr, se, uk etc.) Some countries have subdomains denoting organisation type (e.g. ac.uk, co.uk) Subdomains generally for specific organisations (e.g. mit.edu, microsoft.com etc.) Subdomains within organisation (e.g. oucs.ox.ac.uk) Technically, a domain is the part of the name
Delegation of Responsibility
Vital to understand this concept
DNS Database is distributed
Delegation of Authority
Authority is delegated from the top down Cannot simply set up a name server for a
that authority has been delegated to new domain E.g. if new ac.uk domain xxx.ac.uk is created, name servers for ac.uk must be configured with information about name servers responsible for new domain
DNS Queries
Client queries DNS Server
DNS Server
Checks its cache Checks whether it contains the information in its own zone files Queries other name servers iteratively Returns an answer
Iterative Queries
6.
7.
Sends query to root name servers Root name servers refer to name servers authoritative for com domain Queries com domain name servers com name servers refer to name servers authoritative for test.com domain Queries test.com domain name servers test.com name returns answer Name server returns answer to client
forwarder
Queries for information about which it is not authoritative forwarded to other name servers (forwarders)
Zones
Zone may contain a domain or part of a domain A name server may be authoritative for more
than one zone Should be a minimum of two name servers for a zone (resilience)
One server is primary Start of authority for zone Others are secondaries Updates to primary are replicated to secondaries (zone transfer)
name servers
DNS Records
A host name to IP address mapping
NS name server MX mailer exchange
A record in the DNS Domain controllers will attempt to register around 20 SRV records in the DNS Things will break if the correct records for DCs are not in the DNS
accounts.fr.test.com
Number determined by functions of DC _tcp.sales.fr.test.com _udp.sales.fr.test.com _msdcs.sales.fr.test.com _sites.sales.fr.test.com Also registered in one of these subdomains
http://www.microsoft.com/windows2000/do cs/w2kdns.doc
Can even have different internal host names and internet host names
structure
Carry on using BIND without DDNS for main DNS (security) Delegate four subdomains for each unit to local 2000 DNS servers http://support.microsoft.com/support/kb/articles/Q2 80/4/39.ASP for details of this scenario
May be seen as an advantage Unlikely to a problem as it might have been for NT because of improvements in 2000 NB Can still group related units together into multi-domain forest if required
2k/w2koxford.html and follow DNS Instructions link for full instructions Generally
DNS must be configured for everything to work (e.g. replication) DNS for first DC in forest can be configured before or after promotion to DC DNS for subsequent DCs in forest should be configured before promotion to DC
4.
5. 6.
DNS (web form or mail hostmaster) Install DNS on first domain controller (N.B. this can be done before or after promotion to DC) Create and configure _tcp, _udp, _msdcs and _sites subdomains; delete unit domain if you used the wizard to install Ensure DC is configured to use itself as DNS server in TCP/IP configuration Make sure it is all working! If desired, tweak registry to prevent error messages
4.
5. 6. 7.
Ensure the DNS setup on first DC is correct and working before installing other DCs Disable secure updates for all subdomains on first DC Ensure new server is configured to use only the first DC as DNS server in its TCP/IP configuration Promote server to domain controller Make sure that its entries are registered in DNS Enable secure updates for subdomains on first DC If desired, install DNS on new DC
May not be able to install AD on 2nd, replication may break Incorrect DNS setup can cause major problems e.g. with replication Never install another DC with an incorrectly functioning DNS
DNS on DCs
Stops all registrations, including SRV, for SP1 and above http://support.microsoft.com/support/kb/articles/Q280/4/3 9.ASP
This record is unnecessary; edit registry to stop this but if so you will need to put in another required entry manually for global catalog servers http://support.microsoft.com/support/kb/articles/Q2 80/4/39.ASP http://support.microsoft.com/support/kb/articles/Q2 58/2/13.ASP
configuration required for DNS servers installed on DCs after first DNS server is and configured
Most requests likely to be for Oxford addresses Not currently in the instructions
If so, may be missing root hints table; may be unable to access root hints and forwarders tabs If it exists, delete root domain entry (.) May also need to replace root hints table from sample file (unnecessary if configured to use forwarders) http://support.microsoft.com/support/kb/articles/Q2 29/8/40.ASP http://support.microsoft.com/support/kb/articles/Q2 49/8/68.ASP
work
http://support.microsoft.com/support/kb/arti cles/Q282/5/23.ASP NB Above article is incorrect dnscmd.exe is in Support Tools, not Resource Kit
for ad.oucs-public.ox.ac.uk Include zones for dom1.ad.oucspublic.ox.ac.uk etc. Delegate _msdcs, _sites, _tcp, _udp etc. for dom1, dom2 etc. to servers Point servers at front desk PC as DNS server
instructions Run dcpromo to install AD on first server Point second server at first server for DNS resolution Dcpromo to install AD on second server Switch DNS on first server to AD Integrated
how it picks up the AD integrated DNS configuration Look at different options that can be configured Become familiar with records registered Turn off Register this connections addresses in DNS on 2nd server and reboot check effect this has