DNS Basics
DNS namespace, Name Servers, Resolver(client that sends dns queries)
Recursive query: Resolver clients send recursive queries to their dns servers. This tells the DNS server to
query the hierarchy of dns servers until it gets resolution from the authoritative server(s)
Iterative query: a single request respond between dns servers. The only time dns servers will send recursive
query to other dns servers is when they are querying a forwarder.
DNS forwarders are set up to do the full recursive queries on behalf of other dns servers
reverse name resolution: resolves a name from an ip address
Zones:
Primary: master copy of the zone. If not integrated with AD, a local database file holds the zone.
Secondary: duplicate of the primary. replicates the zone file using zone transfer
Stub: copy of primary zone that forwards or refers requests.
AD-integrated
Extra note: With Server 2012 and Powershell 3 you can configure dns server using cmdlets in module DnsServer. You can also use the command line tool dnscmd.
4.3.1 Configure Active Directory integration of primary zones
AD-integrated DNS is automatically replicated to other DC's with DNS installed
You can integrate a primary zone in AD while creating it, or by going to properties for the zone and Change/Type on general tab
Options for replication scope:
To all dns servers running on DC's in this forest
To all dns servers running on DC's in this domain
to all DC's in this domain
to all DC's specified in the cope of this directory partition
creates domaindnszones and forestdnszones subdomains
Extra note: _msdcs subdomain created for the first dns server in the forest. This zone contains SRV records for AD.
4.3.2 configure
forwarders
Forwarders are DNS servers that will conduct the queries on behalf of other DNS servers.
Forwarders are configured in the DNS server properties under Forwarders.
Conditional Forwarders are DNS servers who conduct queries for specific zones. You can configure Conditional Forwarders under the node below the server.
add-dnsserverforwarder, add-dnsserverconditionalforwarderzone, get-dnsserverforwarder, remove-dnsserverforwarder, set-dnsserverforwarder, set-dnsserverconditionalforwarderzone
Extra Note: Root Hints will be contacted if there is no forwarder unless unchecked in the dns server properties/forwarders tab.
4.3.3 configure Root Hints
root hints are the list of the root name servers. These are configured in the properties for the server on the root hints tab.
get-dnsserverroothint, add-dnsserverroothint, remove-dnsserverroothint, set-dnsserverroothint
Extra Note: There are 13 default root names A through M dot root-servers.net(ex. A.root-servers.net) made up of many more physical servers all over the world
4.3.4 manage DNS cache
right click server, clear cache.
clear-dnsservercache, get-dnsservercache
dnscmd Servername /clearcache
dnscmd Servername /zoneprint
Extra note: Client dns cache's can be cleared by ipconfig /flushdns
4.3.5 create A and PTR
resource records
Types of records:
SOA: Start of Authority: indicated the server is authoritative source for the zone. Each zone must have one SOA record
NS: SIdentifies Name Servers that can be authority for zone. Each primary/secondary DNS server must have NS record
A: A name to address mapping IPv4
AAAA: name-to address mapping for IPv6
PTR: address-to-name (reverse lookup)
CNAME: Creates an alias to an A record
MX: mail server record
SRV: records for services. Heavily used in AD to indicate different services.
Creating a new A/AAAA record:
Expand server node and Forward Lookup zones. Right click zone to create record in, and select New Host
Give it an IP Address, name, and you can create an associated PTR record here as well. There must be a Reverse Lookup zone created already for that network or the PTR record will not be created.
If you have a reverse lookup zone for the associated network of the host, you can either create a PTR record during A record creation, as above, or expand reverse lookup zones, and right click a specific zone and New Pointer(PTR).
get-dnsserverresourcerecord, add-dnsserverresourcerecordA, add-dnsserverresourcerecordPTR, add-dnsserverresourcerecordAAAA, remove-dnsserverresourcerecord, set-dnsserverresourcerecord, set-dnsserverresourcerecordaging
dnscmd /recordadd
dnscmd /recorddelete
dnscmd /enumrecords contoso.com .
No comments:
Post a Comment