Introduction to Name Resolution

Posted on December 23, 2011 by paul.gray Name resolution is a method of reconciling an IP address to a user friendly computer name. Originally networks used host files to resolve names to IP addresses. They came in the form of a text file that the computer accessed if name resolution was required. All the computers on the network and their IP address mappings had to be entered manually. The file was then copied to all the machines on the network. When a resource was required, by the user typing its name, the machine referred to the host file to find the IP address. This is the HOSTS file which is located inside the windows\system32\drivers\etc folder. A computer can still use the hosts file if needed. The LM host file was a windows specific version of the standard host file and enabled Microsofts NT LAN Manager to perform name resolution tasks The LMHOSTS file is located inside the windows\system32\drivers\etc With the advent of larger networks the text based hosts and lmhosts files became large, unwieldy and required too much maintenance. With the advent of dynamically assigned IP addresses, IP to name mappings took on a transient nature with the possibility of IP addresses changing on a weekly basis. The days of the host/lmhost files were numbered as the primary tool of name resolution.

NetBIOS
Microsoft developed a system for name resolution for small networks called NetBIOS where a broadcast with the required computer name was sent to all computers on the network segment. All the computers received the request but only the named machine responded. This system was easy to use because it was self-configuring and required no maintenance. However with larger, routed networks NetBIOS fell down as the broadcast would not be passed by a router. Using NetBIOS broadcasts restricted a machine to resources on its own network segment. Microsoft developed the Windows Internet Naming Service (WINS) to overcome this problem of broadcasts not being passed by routers. Every machine is given the IP address of a WINS server in its network properties. When the machine boots up it sends the WINS server its IP address along with its NetBIOS name.

WINS
The WINS server stores these entries in the wins.mdb database file. Name resolution queries are sent to the WINS server which then searches the wins.mdb, resolves the query and then sends the details back to the client. This removes the need of a NetBIOS broadcast Because the client can send the NetBIOS query directly to the WINS server and the WINS server sends the result direct to the client by IP address. The packets will also pass over a router.

NetBIOS
NetBIOS is still used to provide name resolution for certain applications and for workgroups that do not utilize the Domain Naming Service (DNS) covered next. NetBIOS allows network browsing via my network places, computers near me or Microsoft Windows Network. Any name to IP address mappings resolved by NetBIOS are stored on the local machine in a cache file to speed up access to that resource in the future. NetBIOS is enabled by default but can be disabled. This improves network security by removing the ability to view the contents of the network by browsing. The disadvantage of this is the inability to view the contents of the network by browsing and the fact that the network loses a backup name resolution service.

DNS Overview
Posted on December 23, 2011 by paul.gray WINS worked well for internal networks as all machines are part of the same organisation. However, with the advent of the Internet where there are many networks connected, a method of structuring names became essential. A flat database, such as WINS, would be too cumbersome, as the resolver would have to search the entire database to resolve a name. Considering the size of the Internet this would be an extremely resource intensive, slow process. To solve this problem the Domain Naming System (DNS) was introduced. DNS names are arranged in a tree structure with the client names comprising of their own computer name followed by a string of domain names in order, separated by a . finishing with the top level domain. e.g. mail.es-net.co.uk. This system allows distinctive names to be used on all networks, For example a computer called mail. In WINS there could only be one machine called mail in the world. With DNS we can call any computer mail as long as its domain-name was unique. DNS is a distributed service that is based on a logical, hierarchical structure of DNS domain names. Because of this it is more scalable than WINS. Internet searches are based on DNS name resolution. When a name resolution query is made to a DNS server and it doesnt know the answer the query can be passed onto another DNS server which in turn may pass the query on. In the end the client will either receive an answer or a name-resolution error. DNS is a hierarchically distributed database. This means that the DNS database is distributed all over the internet instead of in a central location. Queries are made in a specific order, as you are about to see. Suppose a user types this address into his browser. Effectively a query has been made which says: Find this address for me. I wont go away until you have! The local DNS server begins its search The first server visited is the root, because this address is known. Each DNS Server only has records for the next tier in the hierarchy. The root servers know the locations of the top-level domains, e.g. com, edu, uk. Thanks to the speed of modern

switches and repeaters, and the blistering speed of light, many servers can be queried in a short space of time. Each of these question and response pairs are Iterative queries. The questioner (resolver) is happy with a hint as to where to look next. As far as the user is concerned his demand for a definitive answer has been met. The DNS server has done its job. A Recursive query demands a definitive answer (even Havent a clue counts in this case.) An Iterative query accepts a hint to ask somewhere else. A Resolver is the machine making queries. A DNS resolver can make one of two different queries: Iterative queries can be described as do you know the answer? If you dont could you point me in the right direction and is used by DNS servers to query other DNS servers. Recursive queries are more like tell me an answer even if the answer is I cant find it or I dont know. This is how a client machine queries a DNS server. Servers can issue a recursive query but it is considered bad form as you put load on someone elses DNS server. The server takes the responsibility for resolving the query

Installing and Configuring DNS

Posted on December 28, 2011 by paul.gray Before installing DNS it is imperative that the server has a static IP address. DNS is installed using the Server Manager Utility. N.B. DNS is not available on Windows Server 2008 Web Edition or machines running Windows XP or Vista. Although DNS can be remotely managed from these machines. To install DNS using the Server Manager click on Start. Select Server Manager. Or from the Quick Launch Taskbar. Select Roles. Then Add Roles. Before you continue verify that; You can skip this page by default Click Next to continue Select DNS Server Select DNS Server then Click Next to continue

Although the server has a static IP address. The wizard has detected a dynamic IP V6 address, it is safe to continue the install. Select Install DNS Server anyway Click Next to continue. For Additional Information click the links. Click Next to continue. Click Install to complete installation. The DNS Server role is now installed. The DNS Server role installation succeeded. Click Close to complete the wizard. The DNS Server role has been added. Server roles can also be removed from here. Expand Roles Select DNS Server. A feature of Server Manager is by highlighting any server role. You will be given an overview of that role, Events, System Services and Resources and Support. The DNS Server role is installed, you now need to add zones to the server. To do this you need to return to the start menu. N.B. If no zones are added this server will be a Caching only server.

Creating a Zone
Forward Lookup A Forward lookup is the most common form of DNS lookup. This type of lookup converts a hostname into an IP address. A Forward Lookup-Zone contains Name to IP Address mappings. Each zone file consists of a number of resource records (RRs). Resource records (RRs) contain information about certain resources on the network. To add zones to the server. Click Start> Administrative Tools> DNS Expand by clicking the + next to the DNS server

To add a New Forward Lookup Zone Right click Forward Lookup Zones. Click New Zone. Select Primary Zone and Next to continue Fill in the Zone name. N.B. The zone name must be Fully Qualified ie end in .com, .local, .co.uk etc. and Next to continue. The wizard will ask you where you want to store the zone file. Click on Next to accept the default. The Wizard will ask you if you want to accept dynamic updates. As the wizard shows there are drawbacks for having it enabled but there are also drawbacks for having it disabled. Click on Next to continue. Click on Finish to create the zone. The zone file currently contains two resource records, the SOA and NS records. Reverse Lookup A Reverse Lookup-Zone contains IP Address to Name mappings. This allows the computer to do reverse queries, some applications need to be able to make reverse lookup queries. Reverse Lookup Zones contain the following Resource Records. Pointer Record: (Does the opposite of the A record it maps an IP address to a host name. By having the two types of records it is possible to do a reverse lookup.) CNAME (Alias) The Start of Authority (SOA) record The Name Server Record (NS) Right click Reverse Lookup Zones and Select New Zone. Select Next. Select Primary Zone Select IPv4 Reverse Lookup Zone. and Next to continue. Type in the Network ID and Next to continue Select Create a new file with this file name and Next to continue

The Wizard will ask you if you want to accept dynamic updates. As the wizard shows there are drawbacks to having it enabled, but there are also drawbacks for having it disabled. Click on Next to continue. The Wizard will display summary page. Click on Finish to continue. The zone file currently contains two resource records, the SOA and NS records. Stub Zone A stub-zone contains a partial copy of another zone. The zone contains only the NS and SOA records for its master zone. A stub zone is similar to a secondary zone, but it contains only those resource records necessary to identify the authoritative DNS servers for the master zone. Stub zones are often used to enable a parent zone like es-net.co.uk to keep an updated list of the name servers available in a delegated child zone, such as brighton.es-net.co.uk. They can also be used to improve name resolution and simplify DNS administration. To add a New Stub Zone Right click Forward Lookup Zones. Select New Zone Click Next. Select Stub Zone and Next to continue Select Active Directory Zone Replication options, click Next to continue Type in the name of the new zone and click Next. Type in the IP address of the server or the servers Fully Qualified Domain Name(FQDN). Press Enter When the IP address of the server or the servers Fully Qualified Domain Name(FQDN) has been verified, Click Next The wizard displays summary page, if all is OK click Finish. The resource records for the new Stub Zone.

DNS Server Properties

Right-click on the DNS to view its configuration options. Select Properties. From the Interfaces page you can configure which IP addresses you want the DNS server to serve requests for. The default is All IP addresses. From the Forwarders page, additional DNS servers can be specified. This DNS server will forward unknown queries to the specified DNS servers. The advanced page allows you to configure different advanced options by simply ticking a check box. The disable recursion checkbox allows recursion to be disabled on this server. It is then down to the client to query other DNS servers if this DNS server cannot answer the query.

BIND Secondaries enables support when transferring a zone to DNS servers running BIND. (BIND is the implementation of DNS used by Unix and Unix-like systems.) Fail on load if bad zone data stops the server from loading if there are any errors in the zone file. Determines whether the DNS server uses round robin to rotate and reorder a list of multiple host (A) resource records if a queried host name is for a computer with multiple IP addresses. Enable Netmask Ordering is enabled by default. If the client has various IP addresses the server resolves the query with the nearest IP address. Secure cache against pollution specifies whether the server attempts to clean up responses to avoid cache pollution. There are three methods used for name checking: Multibyte (UTF8) Permits recognition of characters other than ASCII (a-z, A-Z and 1-0). Strict RFC (ANSI) Strict name checking according to RFC 1123 Internet host naming specifications. Non RFC (ANSI) Permits names that are non-standard and that do not follow RFC 1123 Internet host naming specifications. The Load zone data on startup specifies the boot method to be used by this DNS server. Either boot file or registry boot options are supported. Boot files can be used if a Boot.dns file has been created. By enabling scavenging, the DNS server will remove any records that have expired from any zone files it is authoritative for. The period represents the time between repetitions of the scavenging process. DNS Servers contain root hints, which point to various top-level domains. This enables the DNS Server to recursively query other servers using the root server. Additional root hints can be specified by clicking the Add button. The Monitoring page allows you to automatically test the DNS server. Select A simple query against this DNS server. Click Test Now. The Server passed the simple query. A recursive query would require connection to the internet in order to query a Root Server. From the Event Logging tab the user is able to choose events that can be logged such as Error or Errors and Warnings. Logging is generally a good option because it allows you to troubleshoot any potential DNS problems. Debug logging allows you to enable verbose logging for the DNS service. Use this option with caution as it can generate a lot of information.

Install and Configure DNS Active Directory

Posted on December 29, 2011 by paul.gray To install Active Directory and DNS using the Server Manager.

Select Server Manager. Or from the Quick Launch Taskbar. Select Roles. Then Add Roles. Before you continue verify that; You can skip this page by default. Click Next to continue Select Active Directory Domain Services. There is no need to select DNS Server; this role will be added with DCPROMO. Then Click Next. Ensure you read Things to Note. Then Click Next. Click Install. The Active Directory Binaries have been installed. Click Close this wizard and launch dcpromo.exe. You can also launch dcpromo from the Run box. Click Next. Operating System Compatibility warning about new Server 2008 security settings. Check there is no compatibility issue with existing network infrastructure. If none click Next. Select Create a new domain in a new forest and Click Next. Fill in Domain name and Click Next. Domain name checked and verified as not in use. There are 3 Forest functional levels Windows 2000, Windows 2003, Windows 2008. Select the level which suits the existing infrastructure, this can be changed at a later date. Click Next. Domain functional level should be set to match Forest Functional level. This can be changed later. Click Next Select DNS server then Next to continue. Next to continue. The Wizard cannot contact the DNS server for this zone. Select yes to continue; DNS will then be installed. The Database folders are assigned. Click Next to accept the defaults. Restore mode password must be set, click Next to continue.

Create Unattended Answer file

Click Export settings if you wish to create an unattended answer file for installing Active Directory on server Core. Type in the file name. click Save. The file can be exported later. The wizard can be cancelled if you are just creating an answerfile. To continue Active Directory

install click Next. The installation will now continue. The Active Directory components are installed. Click Finish to complete the installation. The Server needs to be restarted to finalise the installation. Click Restart Now. Server restarts. Select DNS from administrative tools. Expand DNS console. Note the folders for Active Directory DNS.

Zone Properties
Right click the zone, Select Properties. The General Tab displays the general options you setup when creating the zone. The zone can be stopped and started from here and the zone type and Replication can also be changed. The aging/scavenging button can be used to configure how long records stay valid in the zone.

Dynamic DNS
A big advantage of using Windows 2008 DNS is that it can be updated automatically. When a client is given a name and an IP address, the DNS server is automatically updated, saving the administrator the job of adding every single entry into the DNS database. A Windows 2000/XP/Vista Client with a static or dynamically assigned IP address will register its name and IP address with a DNS Server. Non-Windows 2000/XP/Vista clients cant use dynamic updates, therefore the DHCP server will automatically update the DNS Server. The server will then be known as a DNS Proxy. However, this method has security issues because a malicious DHCP client could ruin your DNS database. The SOA record contains information about the Primary Server, which is responsible for the zone as well as expiry and time to live (TTL) information used for replication. The Name Servers tab displays information on which servers hold a copy of the zone-file. Servers holding replicas of this zone would be displayed here. The Security tab can be used to configure who can manage, read and write object to the DNS database. The Zone Transfers Tab can be used to configure which machines are allowed to hold a copy of this zone. The default will replicate to all servers who have a copy of this zone. When using Active-Directory Integrated Zones, replication is managed via Active Directory. However if you are using Primary or Secondary zone replicas then you will still need to configure zone transfers. WINS lookup allows you to configure the DNS server to use WINS if a name resolution request fails.

Install and Configure DNS Server Core

Posted on December 29, 2011 by paul.gray

To install DNS on 2008 Server Core. Type start /w ocsetup DNS-Server-Core-Role. Note the syntax of the command and the capitalisation as server roles must be in this format.Once the installation has completed, you need to attach to the server via an MMC in order to create and manage zones.
After attaching to the Server Core Server, Right Click Forward Lookup Zones. Select New Zone. Click Next.

Select Primary zone, then Next to continue. Type in zone name, then click Next. Create a new Zone file, click Next to accept the default. The Wizard will ask you if you want to accept dynamic updates. As the wizard shows there are drawbacks for having it enabled but there are also drawbacks for having it disabled. Click on Next to continue. Click Finish to create the zone. The zone file currently contains two resource records, the SOA and NS records.

Uninstalling Roles
To uninstall DNS on 2008 Server Core. Type start /w ocsetup DNS-Server-Core-Role /uninstall. Note the syntax of the command and the capitalisation as server roles must be in this format. A restart is required to complete the uninstall. Click Yes to finish.

Install and Configure Active Directory and DNS

To perform an unattended installation of Active Directory and DNS,you can use the answer file you created in the earlier module. Type the command dcpromo.exe /unattend:a:\filename.txt. Note the file was saved to a floppy disc. System checks for Domain Services binaries and validates environment and parameters. DNS is installed. Domain configuration is completed. A restart may be required, after completion. To configure the domain and DNS zones you will need attach to the server via an MMC.

Configuring DNS Clients

Posted on December 31, 2011 by paul.gray Before the DNS server will be of any use, the clients on the network will need to be configured to use the server. To do this bring up the TCP/IP properties of your network adapter. In the Preferred DNS server box, type in the IP address of the DNS server. The Alternate DNS server is used when the preferred DNS server isnt available. To configure advanced DNS options, click on Advanced.Select DNS.

Every query to a DNS server is done using a fully qualified domain name (FQDN). This is in the format of (hostname.domainname). For example the FQDN of a computer called CDSERVER on the ES-NET.CO.UK domain would be CDSERVER.ES-NET.CO.UK Every query to a DNS server is done using a FQDN, but instead of writing out the full name, just the hostname is used and the computer fills out the rest of the name based on its own FQDN. E.g. If pc01.es-net.co.uk was querying pc03 it would add its own domain name to the end of the query. This results in a query to pc03.es-net.co.uk. This domain name is known as a DNS suffix. Additional DNS suffixes can be specified, so that if one suffix fails then it will try another suffix. The Register this connections address in DNS will automatically register the computers name and IP address with the DNS server.

Troubleshooting DNS
Posted on December 31, 2011 by paul.gray NSLOOKUP is an important utility that performs query testing and troubleshooting of DNS servers at the command prompt window. NSLOOKUP can be accessed by going to the command prompt window and typing in NSLOOKUP and pressing Enter. As shown, the NSLOOKUP tool is now active. To do a forward or reverse lookup, type the name in the command prompt window. A list of command lines can be found by typing in help or ? From the NSLOOKUP command window. When a query is made to a DNS server, the server can either return an authoritative answer or a non-authoritative answer. If it returns an authoritative answer then the record exists in its own zone file. If it returns a non-authoritative answer then the record exists in the zone file of another DNS server. There are many ways that DNS can fail to work. There is no one sure way to solve every problem which might occur. The following list is a reasonable starting point for troubleshooting. 1. 2. 3. 4. 5. 6. 7. Test to see if the client is on the network by using the ping utility. Use ipconfig to view the clients DNS settings. Use NSLOOKUP to perform DNS queries and check the contents of the zone files. Use the Event Viewer to see any DNS client or server error messages. From the server Properties choose the Logging tab to log and monitor certain events. From the server Properties choose the Monitoring tab to perform simple test queries. From the DNS console select Action and choose Set Aging/Scavenging to clear the DNS database of stale resource records.

While Ping, Ipconfig and Nslookup can all be run in a command window with the ? Switch to reveal the full range of available configurations, there are two switches in particular which are used more often than others in troubleshooting DNS: Ipconfig /flushdns empties the local resolver cache. (This cache is the file of all the names and addresses resolved for the client so far.) Ipconfig /registerdns forces a dynamic update of the clients registration in the local DNS server..