Active Directory Chapter 2 (DNS)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Zone Configuration Facts (More)

-You can only manage Active Directory-integrated zones with the DNS console or dnscmd. There is no text file that you can manually edit. -Primary and Active Directory-integrated zones support dynamic updates. Use an Active Directory-integrated zone to use secure dynamic updates. -Zone information is replicated automatically with Active Directory replication. Zone data is replicated based on the replication scope.

More DNS facts

A forward lookup uses the host name (or the FQDN) to find the IP address. A reverse lookup uses the IP address to find the host name (or FQDN) -Entries for hostnames, IP addresses, and other information in the zone database are stored in records. - The A record maps a host name to an IP address and is used for forward lookups. - The PTR record maps an IP address to a host name and is used for reverse lookups. - The CNAME record provides an alternate name (an alias) for a host.

Forward lookup zone

A forward lookup zone provides hostname-to-IP address resolution. Clients query the DNS server with the hostname, and receive the IP address in return.

Reverse lookup zone

A reverse lookup zone provides IP address-to-hostname resolution. Clients query the DNS server with the IP address, and receive the hostname in return.

WINS and WINS-R resource records

Add these records to a zone when you want to allow DNS to use WINS resolution. The WINS resource record allows DNS queries that fail to resolve to be forwarded to the WINS servers in the WINS resource record. The WINS-R resource record allows the resolution of a reverse query that is not resolvable through DNS

Transport protocol

This option allows you to log packets based on the protocol used to transport the packet. You can select UDP or TCP or both.

Background Zone Loading (New DNS features facts)

A DNS server with large Active Directory-integrated zones can take a long time to retrieve data from the directory service during startup. While the DNS server is starting, it is unable to respond to queries until the zones are fully loaded. DNS servers running Windows Server 2008 mitigate this problem by implementing background zone loading, in which the DNS server loads zone data from AD DS (Active Directory Domain Services) in the background while the server restarts. Background zone loading is allows the DNS server to respond to queries while loading zone data. This can occur because zone loading is done by separate threads. If a request comes in for an unloaded node, the DNS server responds by find and updating that node's data. As the DNS server starts, it does the following: -Enumerates the zone that it needs to load. -Load root hints (either from filers or AD DS storage). -Loads zones stored in files (rather than in AD DS). -Responds to DNS queries and RPCs (Remote procedure Calls). -Starts threads to load zones from AD DS.

Read-only Domain controller (RODC)

A Read-Only Domain Controller (RODC) is an additional domain controller for a domain that hosts read-only partitions of the Active Directory database. THis replica is optimal for deployment in: -Perimeter networks. -Any location in which a domain controller is deployed primarily to support an application that requires directory access. Branch locations in organizations that have: -Low-level securiry facilities for storing data related to the domain controller. -Few users. -Poor physical security. -Relatively poor network bandwidth to a hubsite. -Little local IT knowledge. Scenarios where local storage of all domain passwords considered a primary threat, such as in an application-facing role or in an extranet.

Conditional Forwarder

A conditional forwarder is a forwarder that is used for specific domain. While forwarders are used for all unsolvable queries, a conditional forwarder is used only for unknown hosts within a specified domain. -A conditional forwarder is used before a regular forwarder. In other words. if a query matches the domain identified by a conditional forwarder, the query is sent to the conditional forwarder DNS server. If the query does not match any conditional forwarder, the regular forwarders list is used instead. -Conditional forwarder configuration is static. You manually identify the DNS server to which queries for that domain are forwarded. If the DNS server changes, you must manually update the conditional forwarder list. -For non-domain controllers, conditional forwarders must be configured on each DNS server. For domain controllers that are DNS servers, you can store the list of domains and forwarders in Active Directory. Configure the replication scope to identify to which domain controllers the list is replicated. Use a conditional forwarder to eliminate all zone traffic, or in conditions where you are not allowed to transfer data from a zone (for example when zone transfers are disabled on the master zone, or when the zone is outside of your administrative control).

Secondary Zone

A secondary zone is a read-only copy of the zone database. - Changes cannot be made to the records in a secondary zone. - A server that hold a secondary zone is called a secondary server. - Secondary servers copy zone data from other servers through a process called zone transfer. - Secondary servers can copy zone data from the primary server or other secondary servers. - Zone data is stored in a text file.

Stub Zone

A stub zone is a zone with only a partial copy of the zone database. - The stub zone only contains information about the name servers that are authoritative for the zone; it does not contain information for other hosts. - A stub zone is not authoritative for the zone; its purpose is to identify the name servers that can be automatically. - Use a stub zone to forward name requests bases on zones while keeping name server lists updated automatically.

Stub zone

A stub zone is a zone with only a partial copy of the zone database. The stub zone holds only the following records: -The SOA record for the zone -Ns records for all authoritative DNS servers for the zone (primary and secondary). -A records (also called glue records) for authoritative name servers identified in the NS records. Keep in mind the following when using stub zones: -A stub zone is not authoritative for the zone; its purpose is to identify the name servers that can be contacted for full zone information. -The stub zone is dynamic, meaning that it will keep its records synchronized with the master zone database. -Zone transfer traffic is limited in that only the SOA, NS, and glue A records must be kept up-to-date. -Use a stub zone to forward name request based on zones while keeping name server lists updated automatically.

Replication scope (second situation)

All DNS servers in this domain: -DNS zone data in Active Directory is replicated to all DNS servers that are also domain controllers within the current domain. This is the default DNS zone replication setting for Server 2003 and 2008. It replicates zone data to the DomainDNSZones partition.

Replication scope (third situation)

All DNS servers in this forest: -DNS zone data in Active Directory is replicated to all DNS servers that are also domain controllers within the forest. This provides the broadest replication scope because it replicates zone data to the ForestDNSZones partition. Use this option when you have very important records that need to be available throughout the forest.

Replication scope

All domain controllers in this domain: -DNS zone data in Active Directory is replicated to all domain controllers, even those not running DNS. Use this option if you need to support Acitve Directory-integrated zones running on Windows 2000 domain controllers.

Active Directory Integrated Zone

An Active Directory-integrated zone holds zone data in Active Directory instead of a text file. - Active Directory-integrated zones are multi-master zones, meaning that changes to the zone information can be made by multiple servers. Multiple servers gold read-write copies of the zone data. - Only DNS servers that are domain controllers cna host Active Directory-integrated zones. - Storing zone data in Active Directory provides automatic replication, fault tolerance, and distributed administration of DNS data. - Replication of zone data occurs during Active Directory replication and is secured by Kerberos.

Application Directory Partitions Facts

An application directory parition is a portion of the directory namespace that is replicated only to specific domain controllers. You should know the following facts about application directory partitions: -Application directory partitions can be targeted to replicate to specific domain controllers, which limits and controls the scope of replication, allowing you to control domain replication traffic. -Directory partitions can reduce calls to global catalog servers. -Applications that require application directory partitions generally create the appropriate partitions themselves. Hover, members of the Domain Admins or Enterprise Admins group can manually create and manage application directory partitions.

GlobalNames zone (More)

Be aware of the following when managing the GlobalNames zone: -If you use the GlobalNames zone, all authoritative DNS servers must run Windows Server 2008. Servers that are not authoritative can run any operating system. To configure the GlobalNames zone: 1.Delete any zones that are currently named GlobalNames. 2.Run the dnscmd <servername> /config /enableglobalnamessupport 1 command to support for GlobalNames zones. You must run this command on every server that host a GlobalNames zone. 3.Create a zone on the DNS server name GlobalNames. 4.Create CNAME records in the GlobalNames zone that point to A records in other zones. (Note: Dynamic updates are not supported on the GlobalNames zone. You must manually create each record in the GlobalNames zone.

Zone Configuration Facts

Be aware of the following when using Active Directory-integrated zones: -Only one server can hold the primary zone file. To place zone data on multiple servers, configure secondary servers. -Windows stores standard zone data in the %windir%\System32\Dns directory. The file is a text file with .dns added to the zone name. -Use the DNS snap-in or the dnscmd command to manage zones and records. -You can also edit the zone database file directly with a text editor. However, after making changes, you must reload the zone data. Using the snap-in or dnscmd prevents errors in the file and automatically reloads the database after each change.

GlobalNames (Be aware)

Be aware of the following when using the GlobalNames zone: -When users enter a single-label name, the client computer first tries to resolve the name using DNS and the search suffix configuration. If that process fails, the GlobalNames zone is checked (if it exists) -Using the GlobalNames zone does not require any changes to client machines. -Dynamic updates are not supported on the GlobalNames zone. You must manually create each record in the GlobalNames zone. -Use the GlobalNames zone to replace WINS servers on your network only when you have a small number of hosts that do not support DNS. For a large number of NetBIOS-only hosts, or to support dynamic registration of single-label names, continue to use a WINS server.

Secondary zone

Because a DNS server uses authoritative zones to respond to queries before it uses forwarders, you can eliminate the need for a forwarder for a specific zone by adding a secondary zone to the server. However, using a secondary zone mean that the sever must perform zone transfers of all records in the zone. In some cases, you might not want to add more zones to the server, or do not want the extra traffic caused by zone transfers.

Zone transfer Facts (More)

By default, zone transfer in Windows Server 2008 is disabled for security reasons. To use zone transfers, manually enable the feature in the DNS setting in Server Manager. You can restrict the servers to which zone transfer are allowed. There are two ways of doing this: -Allow zone transfers only to servers that are listed as name servers. -Allow zone transfer only to servers you specifically identify. Zone transfer is always initiated by a secondary server. The secondary server contacts the master server and compare the serial number on the master with the serial number in its copy. if the serial number on the master is greater, the secondary initiates zone transfer. If the serial number is the same (or lower) on the master, no zone transfer takes places.

Condition Forwarding

Conditional forwarders have their own, separate folder in the DNS console, which allows you to store conditional forwarder information in Active Directory. Conditional forwarders are then replicated with Active Directory replication and available on all DNS servers in the replication scope.

DNSSEC Support

DNSSEC stands for DNS Security Extensions. DNSSEC is designed to prevent certain types of attacks, such as DNS cache poisoning. Following are the three resource records used for DNSSEC support: -The SIG record stores the private key's digital signature on a resource record set (RRset). (An RRset is a group of recource records that share an owner, class, and type.) -The KEY record stores a zone's public key. -The NXT record identifies the domain name that comes after a given domain name in a secure zone. For the NXT record to be effective, you must create a canonical order to the domain names in your zone. The last NXT record in a zone points to the first record in the domain.

Debug Logging Facts

Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only active it temporarily when you need more specific detailed information about server performance. To configure debug logging, us the Debug logging tab in the DNS server properties dialog. The table below describes the debug logging options.

Aging and Scavenging Facts

Dynamic updating can cause your zones to become overloaded with unnecessary resource records. If a computer disconnects improperly from the network (as if often the case when you allow moblie users and computers on your network), the host (A) resource record it registered may not be removed. IT is for reasons such as this that DNS records have a Time to Live (TTL) value. When you record exceeds its TTL, it becomes stale. Large numbers of stale records can cause long zone transfers and name resolution problems. Stale records can also degrade DNS server performance. A stale record may also prevent a computer from using a DNS domain name.

IPv4

For an IPv4 zone: -Reverse the order of the decimal octets in the network ID. -Append in-addr.arpa to the zone name. For example, the reverse lookup zone for network 216.22.14.0/24 would be: 14.22.216.in-addr.arpa

IPv6

For an IPv6 zone: -Reverse each hexadecimal number in the prefix, separating each digit with a period. -Append ip6.arpa to the zone name. For example, the reverse lookup zone for network 1234:5678:ABCD:FF21::/64 becomes: 1.2.F.F.D.C.B.A.8.7.6.5.4.3.2.1.ip6.arpa

Zone Transfer Facts (More)

If a zone is Active Directory-integrated and has no secondary servers, you can disable zone file. Zone data will continue to be replicated through Active Directory. Active Directory replication traffic is automatically secured. To secure zone transfers to secondary servers, use IPsec between servers. Normally, zone transfers happen automatically at periodic intervals. You can force an update of zone data through the DNS console or by using the Dnscmd command. The following table list some action you can take to refresh zone data manually.

Root Hint Facts (more)

If you have a root zone configured on a DNS server, the server will act as a root zone server. A DNS server configured as a root zone server will never use the root hints file (Cache.dns). It considers itself authoritative. Consequently, the server won't access the internet to forward DNS queries. If you want the DNs server to access the internet, delete the root zone in the DNS console.

PTR (pointer)

In a reverse lookupzone, the PTR record maps an IP address to a host name (i.e "points" to an A record). Where IPv4 PTR records are creaftd in the in-addr.arpa namespace, reverse lookup zones for IPv6 addresses should be created in the ip6.arpa namespace. (Note: When you manually create an A record, you can choose to create the corresponding PTR record at the same time. Creating the PTR record will fail if the reverse lookup zone does not exist.)

Link-Local Multicast Name Resolution (LLMR)

LLMR is a name resolutiion protocol that provides peer-to-peer name resolution when DNS is unavailable. LLMNR uses multicast messages (also known as multicast DNS) to create client connections. LLMR is also supported on Windows Vista and Server 2008 and is enabled by default. It can be disabled by adding a registry setting to each client. You cna use LLMNR to create ad hoc networks, or to find host on the local subnet without the use of a DNS server. LLMNR replaces the NetBIOS broadcast capabilities, but requires LLMNR-capable hosts.

GlobalNames zone conf (more)

Microsoft recommends that the GlobalNames zone be an Active Directory-integrated zone. -Within the GlobalNames zone, all names must be globally unique (throughout the entire organization). The GlobalNames zone has a forest-wide replication scope to ensure that single-label names are unique across the forest. -You can extend the GlobalNames zone to multiple forest by using the SRV (service locator) resource record to publish the location of the GlobalNames zone. Active Directory-integration is required when deploying the GlobalNames zone across forests. -Using the GlobalNames zone does not require any changes to client machines.

Zone properties

On the zone, enable scavenging and configure the following settings: -The no-refresh interval is the time between the record's last refresh and when it can next be refreshed. By default, this settings is 7 days. This means that for seven days, DNS ignores a record's attempt to re-register itself, keeping replication to a minimum. During this period of time, a record is considered valid and cannot be refreshed. -The refresh interval identifies a period of time when a record can be refreshed. The refresh interval begins when the no-refresh interval ends. During the refresh interval, a record can be refreshed and is not considered stale until this interval of time expires. A resource record is not scavenged until the refresh interval expires. The default refresh interval is 7 days. You can configure zone scavenging settings for all zones by right-clicking the server and selecting Set Aging/Scavenging for all zones.

Disable recursion

Recursion is the process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution. Many DNS servers perform recursion. Most client computers do not perform recursion, rather they submit a DNS request to the DNS server and wait for a complete response. You can disable recursion in the DNS manager by editing the server properties. On the Advanced tab, select the Disable recursion (also disables forwarders) check box. As the setting indicates, with recursion disbaled the server will not use forwarders.

Zone Transfer (DNS Console Action)

Reload: Dnscmd /ReloadZone. The server reloads zone data from its local copy (it reads the data back in from the zone file on the hard disk). Transfer from Master: Dnscmd /Refresh. Initiates a normal zone transfer. The DNS server compares its version number with the version of the zone master. If the version numbers are the same, no transfer take place. Reload from master: N/A. The DNS server dumps it copy of the data and reloads the entire from the master server.

Zone Transfer Facts

Replication of zone data between primary and secondary zones take place through zone transfers. You should know the following facts about zone transfers: -Each secondary server is pointed to one or more master servers. A master serer is the server from which the secondary copies the zone data. The master server can be the primary server or another secondary server. -The zone serial number keeps track of changes to the zone. When you make changes to the zone, the serial number is incremented. Zone transfer can copy all records or only changed records: -A full zone transfer (AXFR) copies all of the zone data with each zone transfer. -A partial (or incremental) zone transfer (IXFR) copies only the changed records. This is the default method on Windows Server 2008.

Root Hint Facts

Root hints are pointers to top level DNS servers on the internet. The Cache.dns file holds the 13 root hint addresses for the internet root servers. The Cache.dns file can be found in two locations: -%SystemRoot%\system32\dns\Cache.dns (the copy in use) -%SystemRoot%\system32\dns\backup\Cache.dns ( the copy reserved in the backup location) The Cache.dns file normally lists the NS (name server) and A (host name) records for the internet root servers. You can change this file to list the records for your own internal root DNS servers if you are using DNS on a private network. You can configure root hints through the properties of a DNS server or by configuring the DNS server's Cache.dns file. IF the server is configured to load data from Active Directory, you must configure root hints using the DNS snap-in because the local Cache.dns is not used (the root hints data is stored in Active Directory). The root zone is at the top of the DNS hierarchy, and is name . (dot)

DNS Round Robin Facts

Round robin is a local balancing mechanism used by DNS servers to share and distribute network resource loads. To configure DNS round robin, do the following: -On the DNS server, edit the server properties and enable the Enable round robin option on the Advanced tab (this setting is enabled by default). -Configured two (or more) servers, each with a different IP address. -On the DNS server, create A records that map the same DNS name to each of the different server IP addresses. This allows DNS server to respond to clients by sending them to any one of the machines while leaving the appearance that a single machine is responding to all clients. (Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still send requests to that failed server.)

DNS server properties

Scavenging must be initiated to actually remove any records that have not been refreshed since the refresh interval has expired. To initiate scavenging: -Manually initiate it by right-clicking the server and selecting Scavenge Stale Resource Records. -Enable automatic scavenging by editing the server properties. On the Advanced tab, select Enable automatic scavenging of stale records. The default is for scavenging to run once a day (Note: Scavenging is only configured on primary zones. After you enable scavenging on a zone, the zone files cannot be used on another DNS server.)

A (host address)

The A record maps an IPv4 (32-bit) DNS host name to an IP address. This the most common resource record type.

AAAA (quad-A)

The AAAA record maps an IPv6 (128-bit) DNS host name to an IP address.

CNAME (canonical name)

The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the one A record needs to be modified. Common uses of a CNAME include: -Adding the alias of www for Web servers. Users typically contact the Web server using a name like www.westsim.com instead of using the actual server name. -Associating a server with the domain name itself. For example, create a CNAME record with a blank name to allow a specific host to be identified with the domain name (such as westsim.com).

DNAME (Domain alias)

The DNAME record provides alternate names (or aliases) to domains that already have a host record.

More DNS Facts

The DNS hierarchy is made up of the following compoents: - . (dot) domain (also called the root domain) - Top Level Domains (TLDs) (.com, .edu, .gov) - Second-level and additional domains - Hosts ---------------------------------- - A fully qualified domain name (FQDN) includes the host name and the name of all domains back to root. - DNS is a distributed database because no server holds all of the DNS information. Instead, multilple servers hold portions of the data. - Each division of the database is held in a zone database file. - ZOnes typically contain one or more domains, although additional servers might hold information for child domains. - DNS servers hold zone files and process name resolution requests from client systems.

DNS Facts

The Domain Name System (DNS) is a hierarchical, distributed database that maps logical host names to IP addresses. With DNS, users reference computers uses logical hostnames, and those hostnames are translated to IP addresses using DNS. A DNS server is responsible for performing this service on a TCP/IP network. - A DNS server holds a database of hostnames and their corresponding IP addresses. Clients query the DNS server to get the IP address of a given host. - Prior to using DNS servers, name resolution used a static file, called the HOSTS file, saved on each host computer. The HOSTS file is still used, but is typically only used in the absence of a DNS server.

Global Query Block List

The Global Query Block List allows you to prevent malicious users from using DDNS to register well-known domain names.

GlobalNames Zone

The GlobalNames zone is a special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to: -Allow clients to use simple host names without domain information for name resolution. For example, to contact a server name web1.corp.us.westsim.private, users could simply enter the single-label name web1. -Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server. -Allow IPv6-only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS).

GlobalNames Zone Configuration Facts

The GlobalNames zone is a special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to: -Allow clients to use simple host names without domain information for name resolution. For example, to contact a server named web1.corp.us.westim.private, users could simply enter the single-label name web1. -Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server. -Allow IPv6 only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS). -Replace WINS servers on your network when you have a small number of host that do not support DNS. For a large number of NetBIOS-only hosts, or to support dynamic registration of single-label names, continue to use a WINS server.

GlobalNames

The GlobalNames zone is special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to: - Allow clients to use simple host names without domain information for name resolution. For example, to contact a server named web1.corp.us.westsim.private, users could simply enter the single-label name web1. - Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server. - Allow IPv6-only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS).

MX (Mail Exchanger)

The MX record identifies servers that can be used to deliver e-mail.

NS (Name Server)

The NS resource record identifies all name servers that can perform name resolution for the zone. Typically, there is an entry for the primary server and all secondary servers for the zone (all authoritative DNS servers).

SRV (service locator)

The SRV record is used by Windows Server 2008 to register network services. This allows clients to find services (such as domain controllers) through DNS. WIndows 2008 automatically creates these records as needed and during domain controller installation.

Replication scope (more)

The broader the replication scope, the greater the network traffic created by replication. -You can configure a secondary server to replicate from an Active Directory-integrated zone. You cannot use a primary zone and an Active Directory-integrated zone together. -Reverse lookup zones hold PTR (pointer) records. The PTR record maps the IP address to an A record. -A reverse lookup zone can be a primary zone, a secondary zone, or an Active Directory zone. - When you create the reverse lookup zone, you specify whether the zone is an IPv4 or IPv6 zone. The zone name uses the network portion of the IP address as follows:

Dynamic DNS Facts (more)

The default configuration for dynamic DNS is a follows: -Windows clients (2000 and above) create their A records with the DNS server. Windows 9x/Me/NT clients do not support dynamic DNS. -The DHCP server registers the PTR record with the DNS server for clients capable of dynamic updates. The DHCP server updates both the A and PTR records for clients that do not support dynamic updates. -Dynamic updates must be enabled on the zone. By default: -Dynamic updates are not enabled on primary zones. you can enable dynamic updates when you create the zone or modify the zone properties later to enable this feature. -Dynamic updates are enabled on Active Directory-integrated zones. (Note: When you convert a primary zone to an Active Directory-integrated zone, the current dynamic update setting is retained.) For Active Directory-integrated zones, you can choose to use secure dynamic updates. With secure dynamic updates, only domain members can create records, and only the original client can modify or remove records.

SOA (Start of Authority)

The first record in any DNS database file is the SOA. IT defines the general parameters for the DNS zone, and it is assigned to the DNS server hosting the primary copy of a zone. There is only one SOA record, and it is the first record in the zone database file. The SOA record includes parameters such as the authoritative server and the zone file serial number.

Primary Zone

The primary zone is the master copy of a zone database. - The primary zone is the only writeable copy of the zone database. - Changes to the zone can only be made to the primary zone. - The server that holds the primary zone is called a primary server. - Each zone can have only a single primary zone server. - Zone data is stored in a text file.

Packet contents

This option allows you to log packets based on their contents. You have the following options: -Use the Queries/Transfer setting to log packets that contain standard query or transfer data. -Use the Updates setting to log packets that contain dynamic updates. -Use the Notifications setting to log packets that contain notifications.

Packet type

This option allows you to log packets that are either Response packets (characterized by a QR bit set to 0 in the DNS message header) or Request packets (characterized by a QR bit set to 1 in the DNS message header).

Packet direction

This option allows you to log packets that are either sent or received or both using two options: -Use the Outgoing setting to log packets sent. -Use the Incoming setting to log packets received.

File path and name

This option allows you to specify the log file name and location. For example: -The file name dns.log saves the log file as systemroot\System32\DNS\dns.log -The path temp\dns.log saves the log file as systemroot\temp]dns.log

Maximum size (bytes)

This option allows you to specify the maximum size you wish the log file to reach. When the log file reaches it maximum size, the DNS server overwrites the oldest packet information with the new packet information. If you do not specify a log size, the log file can take up large amount of disk space.

Other options

This option has the following settings: -Use the Details setting to log the packet contents in addition to the summary information. -Use the Filter packets by IP address to log packets sent from a specific IP address, or packets sent to a specific IP address.

DNS Installation Facts

To install DNS in Windows Server 2008, you must be a member of the Domain Admins group. - You can install DNS on any version of Windows Server 2008 except for the Windows 2008 Web Server edition. - You must assign the DNS server a static (or fixed) IP address. - To install DNS on a server, use Server Manager and add the DNS role. To add the DNS role from a command prompt (or on Server core), run: start /w ocsetup DNS-Server-Core-Role. - Run the oclist command to get a list of services (including DNS) installed on a server. - Windows secondary servers can transfer data from non-Windows master servers, and vice versa, as long as the BIND versions are compatible. in some cases, Windows add non-standard records or information to zone databases that make them incompatible with non-Windows DNS servers, especially servers running older versions of DNS. - Use the DNS snap-in or the dnscmd command to manage DNS.

Application Directory Partitions (more)

To use an application directory, use the following process: 1.Create the application directory partition. For example, you can use one of the following tools: -dnscmd /CreateDirectoryPartition -ntdustil with the create nc commad 2.Enlist domain controllers in the partition. This stores a copy of the partition data on the domain controller. Use dnscmd /EnlistDirectoryPartition to add the server to the directory partition. Note: When you create the partition, the server you use to create the partition automatically hosts the partition. Use this command to add extra domain controllers. 3. Configure the application to use the directory partition. For example, on a DNS server, you can select the replication scope for the zone to replicate only within the specified partition.

Application partition (more)

Use an application partition to customize which domain controllers receive the DNS data. For example, you can use this option to prevent DNS zone data from being replicated to a branch office domain controller that uses a slow WAN-link connection to the main office. -To change the replication scopre for a zone using an application partition, use the dnscmd /zonechangedirectorypartition command with the following switches: /forest sets the replication scope to all of the DNS servers in the forest. /domain switch would change the replication scope to al of the DNS servers in the domain which is already the default setting.

Application partition

Using an application partition, you select specific domain controllers to which Active Directory-integrated zone data is replicated. To use an application partition: 1. Create the application partition using ntdsutil or dnscmd 2. Add domain controllers to the application partition scope. 3. Configure the zone to use the configured application partition.

Zone Transfer Facts (more)

Windows DNS servers support the use of DNS Notify. With DNS Notify, master servers are configured with a list of slave DNS servers. When a change takes place, the master notifies the slave servers that the zone has changed. The secondary server then initiates zone transfer, first checking the serial number, then requesting changes. You can allow notification for all name servers, or only for listed servers. You can improve DNS performance by placing multiple DNS servers on your network. For example, you can place a secondary server on the other side of a WAN link to reduce WAN traffic caused by name resolution. However, zone replication traffic must still cross the WAN link. A caching only server runs DNS but has no zones configured. Use a caching only server to improve performance while eliminating zone transfers. An Active Directory-integrated zone stores DNS information in Active Directory rather than in a zone file. Zone information is copied automatically when Active Directory replicates.

IPv6 DNS Support

Windows Server 2008 provides support for IPv6 and the AAAA host resource records.

Domain controller search (DC Locator)

Windows Vista and Server 2008 are optimized to search for domain controllers, even when logged on. This allows them to create a better connection should the opportunity arise.

Dyamic DNS Facts

With Dynamic DNS (DDNS), resource records can be created automatically on a DNS server. Without dynamic updates, all A (host) and PTR (pointer) records must be configured manually. With dynamic updates, records are created and deleted automatically. Dynamic DNS is required to support Active Directory. A dynamic update occurs when a client modifies its corresponding resource record on the DNS server. Dynamic updates occur when: -A network connection's IP address is added, deleted, or changed. -The DHCP server changes or renews an IP address lease. -The client's DNS information is manually changed using ipconfig /registerdns. -The client boots. -A server is promoted to a domain controller.

Zone Delegation Facts

Zone delegation allows you to divide your DNS namespace into separate zones. You may decide to do this for the following reasons: -Ease the administrative burden by giving management responsibilities to another location or department. -Distribute DNS traffic over various servers, improving name resolution and fault tolerance at the same time. -Extend the namespace by adding subdomains. To delegate a zone: -On the DNS server that holds the parent zone, create a new delegation. The delegation identifies the name of the subdomain, and contains the NS and A records for the DNS server that is authoritative for the zone. -On the DNS server that will hold the child domain, create a new primary or Active Directory-integrated zone. In addition, you would typically configure the DNS server with the delegated zone with a secondary zone, forwarder, or conditional forwarder for the parent zone.


Conjuntos de estudio relacionados

Specimen Collection: Lesson 4 Post-Test

View Set

Smart Book - Cost Account (Ch. 4, 5, & 6)

View Set

Vett 132: Small Animal Diseases and Medical Care II

View Set

KY Property & Casualty Insurance Exam

View Set

HIST 2111: Chapter 12 / 13 - Immigration, Expansion, and Sectional Conflict / Compromise to Secession

View Set