Module 2: Configuring

and Troubleshooting
DNS
Module Overview
• Installing the DNS Server Role

• Configuring the DNS Server Role

• Configuring DNS Zones

• Configuring DNS Zone Transfers

• Managing and Troubleshooting DNS

Lesson 1: Installing the DNS Server Role
• Overview of the Domain Name System Role

• Overview of the DNS Namespace

• DNS Improvements for Windows Server 2008

• Demonstration: Installing the DNS Server Role

• Considerations for Deploying the DNS Server Role

Overview of the Domain Name System Role

Domain Name System is a hierarchical distributed database

• DNS is the foundation of the Internet naming scheme

• DNS supports accessing resources by using

alphanumeric names

• InterNIC is responsible for managing the

domain namespace

• DNS was created to support the Internet’s growing

number of hosts
Overview of the DNS Namespace

Root Domain

Top-Level Domain
net com org

Second-Level
Domain nwtraders

Subdomain
west south east

FQDN: sales Host: SERVER1

SERVER1.sales.south.nwtraders.com
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
DNS Improvements for Windows Server 2008

New or enhanced features in the Windows Server 2008 version of

DNS include:

• Background zone loading

• IP version 6 support

• Support for read-only domain controllers

• Global single names

Demonstration: Installing the DNS Server Role

In this demonstration, you will see how to install the DNS

Server role
Considerations for Deploying the
DNS Server Role

The user account must be a member of the local

 administrators group or equivalent

Manually configuring the server to use a static IP address

 is recommended

Manually editing the server and boot files is not

 recommended

 Use the DNS console or dnscmd

Active Directory-integrated DNS zones cannot be

 administered using a text editor
Lesson 2: Configuring the DNS Server Role
• What Are the Components of a DNS Solution?

• DNS Resource Records

• What Are Root Hints?

• What Is a DNS Query?

• What Are Recursive Queries?

• What Are Iterative Queries?

• What Is a Forwarder?

• What Is Conditional Forwarding?

• How DNS Server Caching Works

• Demonstration: Configuring the DNS Server Role

What Are the Components of a DNS Solution?

Root “.”
Resource
Record

.com

.edu
Resource
Record

DNS Clients DNS Servers DNS Servers on the Internet

DNS Resource Records

DNS resource records include:

• SOA: Start of Authority

• A: Host Record

• CNAME: Alias Record

• MX: Mail Exchange Record

• SRV: Service Resources

• NS: Name Servers

• AAAA: IPv6 DNS Record

What Are Root Hints?

Root hints contain the IP addresses for DNS root servers

Root (.) Servers

DNS Servers

Root Hints

com
DNS Server

Client microsoft
 What Is a DNS Query?

A query is a request for name resolution and is directed to a

DNS server

• Queries are recursive or iterative

• DNS clients and DNS servers both initiate queries

• DNS servers are authoritative or nonauthoritative for

a namespace

• An authoritative DNS server for the namespace will either:

• Return the requested IP address
• Return an authoritative “No”

• A nonauthoritative DNS server for the namespace will either:

• Check its cache
• Use forwarders
• Use root hints
What Are Recursive Queries?

A recursive query is sent to a DNS server and requires a

complete answer

mail1.contoso.msft

Database
172.16.64.11

DNS Client Local DNS Server

What Are Iterative Queries?

An iterative query directed to a DNS server may be

answered with a referral to another DNS server

Iterative Query Root Hint (.)

Local DNS Server
Ask .com
Iterat
ive Q
uery
om

Ask n .com
der ry

wtra
ders.
s.c
tra ue

com
1

Ite
nw e Q

4. 1

Au rat
tho ive
il1. siv

6.6

rita Qu
tiv ery
ma Recur

eR
2 .1

esp Nwtraders.com
on
17

se

Client Server
 What Is a Forwarder?

A forwarder is a DNS server designated to resolve

external or offsite DNS domain names

Iterative Query
Forwarder Root Hint (.)
Ask .com
Iterat
ive Q
y

uery
er

Ask n
Qu

wtra .com
11

ders.
com
e

4.
iv

Ite
.6
rs

ra t
16

ive
cu

Aut
hor Qu
Re

2.

itat er y
17

ive
172. Res
16.6 pon
4.11 se
Recu
rs
mail1 ive Query Nwtraders.com
.nwtr
aders for
Local DNS Server . c om
Client Server
What Is Conditional Forwarding?

Conditional forwarding forwards requests using a domain

name condition

All other DNS domains

Local DNS ISP DNS

co
nt
os
t

o.
sf

m
.m

sf
t
o
os
co r
w. fo
nt
ww ery
Qu

Client Computer
Contoso.msft DNS
How DNS Server Caching Works

DNS server cache

Host name IP address TTL
ServerA.contoso.msft 192.168.8.44 28 seconds

Where’s
ServerA is at
ServerA?
192.168.8.44

ServerA
Client1
ServerA is at
Where’s
Client2 192.168.8.44
ServerA?
Demonstration: Configuring the DNS Server Role
In this demonstration, you will see how to:
• Update root hints on a DNS server

• Configure a DNS server to use a forwarder

• Clear the DNS server cache by using the DNS console

• Clear the DNS server cache by using the DNSCmd

command
Lesson 3: Configuring DNS Zones
• What Is a DNS Zone?

• What Are the DNS Zone Types?

• What Are Forward and Reverse Lookup Zones?

• What are Stub Zones?

• Demonstration: Creating Forward and Reverse Lookup

Zones
• DNS Zone Delegation
What Is a DNS Zone?
Internet

“.” DNS root domain

.com
microsoft.com
domain
microsoft.com
www.microsoft.com
microsoft.com zone WWW
ftp.microsoft.com
FT example.microsoft.com
P

Zone database

d
te
ga
le
example.microsoft.com

De
WWW
zone . exam
ple
FT example.microsoft.com
P. e
xa
mp
le www.example.microsoft.com

Zone database ftp.example.microsoft.com

What Are the DNS Zone Types?

Zones Description
Primary Read/write copy of a DNS database

Secondary Read-only copy of a DNS database

Stub Copy of a zone that contains only

records used to locate name servers
Active Directory Zone data is stored in Active Directory
integrated rather than in zone files
 What Are Forward and Reverse Lookup Zones?

Namespace: training.nwtraders.msft

Forward Training DNS Client1 192.168.2.45

DNS Server Authorized zone DNS Client2 192.168.2.46
for training
DNS Client3 192.168.2.47

1.168.192.in- 192.168.2.45 DNS Client1

Reverse addr.arpa 192.168.2.46 DNS Client2
zone
192.168.2.47 DNS Client3

DNS Client2 = ?

192.168.2.46 = ?

DNS Client3

DNS Client1
DNS Client2
 What Are Stub Zones?
Without stub zones, the ny.na.contoso.com server must query
With a stub zone defined, the location of the na.fabrikam.com zone
several servers to find the server that hosts the na.fabrikam.com
is known without querying multiple DNS servers
zone

DNS server

DNS server
Contoso.com
(Root
domain)
fabrikam.co
DNS server DNS server m

DNS server
na.contoso.c sa.contoso.c
om om
na.fabrikam.co
DNS server Stub zo
DNS server m
ne:
na.fabrik
am.co
m

ny.na.contoso. Stub zo rio.sa.contoso.

ne:
com rio.sa.co com
ntoso.
com
Demonstration: Creating Forward and Reverse
Lookup Zones

In this demonstration, you will see how to:

• Create a forward lookup zone

• Create a reverse lookup zone

DNS Zone Delegation

Contoso.msft

Training.contoso.msft Sales.contoso.msft
Lesson 4: Configuring DNS Zone Transfers
• What Is a DNS Zone Transfer?

• How DNS Notify Works

• Securing Zone Transfers

• Demonstration: Configuring DNS Zone Transfers

What Is a DNS Zone Transfer?

A DNS zone transfer is the synchronization of

authoritative DNS zone data between DNS servers

1 SOA query for a zone

2 SOA query answered

3 IXFR or AXFR query for a zone

4 IXFR or AXFR query answered

(zone transferred)
Secondary server Primary and
Master server
How DNS Notify Works

A DNS notify is an update to the original DNS protocol

specification that permits notification to secondary
servers when zone changes occur

Resource record is
1 updated
Destination Server Source Server
SOA serial number is
2 updated

3 DNS notify

4 Zone transfer

Secondary Server Primary and

Master Server
Securing Zone Transfers

• Restrict zone transfer to specified servers

• Encrypt zone transfer traffic

• Consider using Active Directory-integrated zones

Primary Zone Secondary Zone

Demonstration: Configuring DNS Zone Transfers

In this demonstration, you will see how to:

• Configure DNS zone transfers

• Configure a secondary zone

Lesson 5: Managing and Troubleshooting DNS
• What Is Time to Live, Aging, and Scavenging?

• Demonstration: Managing DNS Records

• Testing the DNS Server Configuration

• Tools That Identify Problems With DNS

• Demonstration: Testing the DNS Server Configuration

• Monitoring DNS Using the DNS Event Log and Debug

Logging
What Is Time to Live, Aging, and Scavenging?

Feature Description

Time to Live Indicates how long a DNS record will

(TTL) remain valid
Aging Occurs when records that have been
inserted into the DNS server reach
their expiration and are removed
Scavenging Performs DNS server resource record
grooming for old records in DNS
Demonstration: Managing DNS Records

In this demonstration, you will see how to:

• Configure TTL

• Enable Scavenging

• Configure Aging
Testing the DNS Server Configuration

You can test the DNS server configuration by using:

• A simple query to ensure that the DNS service

is answering

• A recursive query to ensure that the DNS server

can communicate with the upstream DNS service
Tools That Identify Problems With DNS

Tool Used to:

Nslookup Troubleshoot DNS problems
Dnscmd Edit the DNS configuration

Dnslint Diagnose common DNS issues

Demonstration: Testing the DNS Server
Configuration

In this demonstration, you will see how to test the DNS

server configuration by using:
• Simple queries

• Recursive queries

• Nslookup

• Dnscmd

• Dnslint
Monitoring DNS Using the DNS Event Log and
Debug Logging

• Monitor DNS events in the event log to:

• Monitor zone transfer information
• Monitor computer events

• Enable DNS debug logging to view granular

verbose information about DNS activities
Lab: Configuring and Verifying a DNS Solution
• Exercise 1: Configuring a DNS Infrastructure

• Exercise 2: Monitoring and Troubleshooting DNS

Logon information
Virtual machines NYC-DC1, NYC-SVR1

User name Administrator

Password Pa$$w0rd

Estimated time: 60 minutes

Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
Lab Review
• When you added a DNS zone on NYC-DC1, why were you
able to choose Active Directory-integrated zones?
• What type of DNS zone transfer would take place between
NYC-SRV1 and NYC-DC1?
• When using NS lookup, what record type would you use to
find a mail server? How would you configure NS lookup to
request this record type?
• When using Dnslint to verify name server records, you ran
the DNSLint command to generate a DNSLint report for
the nwtraders.msft domain and used the /s switch. Why
was it important to use this switch?
Module Review and Takeaways
• Review Questions

• Common Issues and Troubleshooting Tips

• Real-world Issues and Scenarios

• Best Practices

• The DNS Console

• Command-line Tools

• Monitoring Tools
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.