Configuring Name Resolution

and Additional Services

Lesson 12

Skills Matrix
Technology Skill

Objective Domain

Objective #

Creating DNS zones

Configure zones

1.1

Creating DNS zones

Configure DNS server

setting

1.2

Creating DNS zones

Configure zone transfers

and replication

1.3

Configuring Additional
Services

Configure Active Directory

Rights Management Service
(AD RMS)

3.2

Configuring Additional
Services

Configure Active Directory

Federation Services (ADFS)

3.4

Name Resolution
Name resolution is an essential function
on all Transmission Control
Protocol/Internet Protocol (TCP/IP)
networks, regardless of the operating
system that an individual computer is
running.

Host Name Resolution

Host name can be resolved by host file or
the Domain Name System (DNS).
The Domain Name System (DNS)
provides the default name resolution
mechanism for Active Directory, the
Internet, and the majority of modern
TCP/IP networks.

NetBIOS Name Resolution

NetBIOS/Computer Names can be
resolved by lmhost file or Windows
Internet Naming Service (WINS).

Domain Name System (DNS)

Main components of DNS:
DNS namespace.
Name Server.
Resolver.

DNS Namespace
In a specification for a tree-structured
namespace, each branch of the tree
identifies a domain.
Each domain contains an information set
that consists of host names, IP addresses,
and comments.
Query operations are attempts to retrieve
specific information from a particular
information set.

DNS Namespace

Name Servers
Applications running on server computers
maintain information about the domain
tree structure and contain authoritative
information about specific areas of that
structure.
The application is capable of responding
to queries for information about the areas
for which it is the authority, and it has
pointers to other name servers that enable
it to access information about any other
area of the tree.

Resolvers
Client programs generate requests for
DNS information and send them to name
servers for fulfillment. A resolver has direct
access to at least one name server.

Domain Name System (DNS)

The DNS Server service in Windows
Server 2008 supports both standard and
Active Directoryintegrated DNS zones.
DNS root name servers are the highestlevel DNS servers in the entire
namespace.

Domain Name System (DNS)

You can divide a DNS namespace into
zones to store them on different servers
and to delegate their administration to
different people.
Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory.

Resource Records
The resource record is the fundamental data
storage unit in all DNS servers.

Start of Authority (SOA)

Name Server (NS)
Host (A)
Host (AAAA)
Canonical Name (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Service Record (SRV)

Resource Records
The Start of Authority (SOA) resource
record identifies which name server is the
authoritative source of information for data
within this domain.
The first record in the zone database file
must be an SOA record. In the Windows
Server 2008 DNS server, SOA records are
created automatically with default values
when you create a new zone.

Resource Records

Resource Records
Name Server (NS) resource record
identifies the name server that is the
authority for the particular zone or domain;
that is, the server that can provide an
authoritative name-to-IP address mapping
for a zone or domain.

Resource Records
The A resource record is the fundamental
data unit of the DNS that is used to
translate the host name to the IPv4
address.
The AAAA resource record is used to
translate the host name to the IPv6
address.
The Pointer (PTR) resource record is the
functional opposite of the A record,
providing an IP address-to-name mapping,

Resource Record
The Canonical Name (CNAME) resource
record, sometimes called an Alias record,
is used to specify an alternative name, for
the system specified in the Name field.

Resource Records
Mail Exchanger (MX) resource record
identifies the email servers for a domain.
Service Record (SRV) resource record
enables clients to locate servers that are
providing a particular service.
Windows Server 2008 Active Directory
clients rely on the SRV record to locate the
domain controllers they need to validate
logon requests.

DNS Referrals and Queries.

The process by which one DNS server
sends a name resolution request to
another DNS server is called a referral.
DNS servers recognize two types of name
resolution requests:
Recursive Query.
Iterative Query.

Recursive Query
The DNS server receiving the name
resolution request takes full responsibility
for resolving the name.
If the server possesses information about
the requested name, it replies immediately
to the requester.
If the server has no information about the
name, it sends referrals to other DNS
servers until it obtains the information it
needs.
TCP/IP client resolvers always send
recursive queries to their designated DNS

Iterative Query
The server that receives the name resolution
request immediately responds to the requester
with the best information it possesses.
This information can be cached or authoritative,
and it can be a resource record containing a fully
resolved name or a reference to another DNS
server.
DNS servers use iterative queries when
communicating with each other.
It would be improper to configure one DNS server
to send a recursive query to another DNS server.

Reverse Name Resolution

Used to convert an IP address into a DNS
name.
Uses reverse lookup zones and Pointer
(PTR) resource records.
The DNS developers created a special
domain called in-addr.arpa that is
specifically designed for reverse name
resolution.

Internal and External DNS Name Resolution

Use the same domain name internally and
externally.
Create separate and unrelated internal
and external domains.
Make the internal domain a subdomain of
the external domain.

DNS Server Types

Caching-Only Server.
Contains no zones and host.
Provide name resolution for your clients by
caching values as it forwards the requests
to other DNS servers.

DNS Server Type

Forward.
Receives queries from other DNS servers
that are explicitly configured to send them.

Conditional Forwarder.
Will forward queries selectively based on
the domain specified in the name
resolution request.

DNS Zones
A zone is an administrative entity on a
DNS server that represents a discrete
portion of the DNS namespace.
Administrators typically divide the DNS
namespace into zones to store them on
different servers and to delegate their
administration to different people.
Zones always consist of entire domains or
subdomains.

DNS Zones
Every zone consists of a zone database
that contains the resource records for the
domains in that zone.
The DNS server in Windows Server 2003
supports three zone types that specify
where the server stores the zone database
and the kind of information it contains:
Primary zone.
Secondary zone.
Stub zone.

Primary Zone
A primary zone contains the master copy of the
zone database, in which administrators make all
changes to the zones resource records.
If the Store The Zone In Active Directory
(Available Only If DNS Server Is A Domain
Controller) checkbox is not selected, the server
creates a primary master zone database file on
the local drive, also called a standard zone
(simple text file).
If the checkbox is selected, it is an AD
integrated zone, which the DNS data is stored
within the Active Directory database itself.

Secondary Zone
A secondary zone is a read-only copy of the data that is
stored within a primary zone on another server.
The secondary zone contains a backup copy of the
primary master zone database file, stored as an identical
text file on the servers local drive.
Because the secondary zone is read-only, you cannot
modify the resource records in a secondary zone
manually. You can only update them by replicating the
primary master zone database file using the zone
transfer process.
You should always create at least one secondary zone
for each standard primary zone in your namespace to
provide fault tolerance and to balance the DNS traffic
load.

Stub Zone
A stub zone is a copy of a primary zone that contains
SOA and NS resource records, plus the Host (A)
resource records that identify the authoritative servers
for the zone.
The stub zone forwards or refers requests to the
appropriate server that hosts a primary zone for the
selected query.
When you create a stub zone, you configure it with the
IP address of the server that hosts the primary zone from
which the stub zone was created.
When the server hosting the stub zone receives a query
for a name in that zone, it either forwards the request to
the host of the zone or replies with a referral to that host,
depending on whether the query is recursive or iterative.

DNS and DHCP

You can use DHCP to streamline the
process of assigning DNS servers to your
clients to use for name resolution.

Additional Services
Active Directory Rights Management
Service (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network.
The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Webbased applications across multiple
organizations.

Summary
The Domain Name System (DNS)
provides the default name resolution
mechanism for Active Directory, the
Internet, and the majority of modern
TCP/IP networks.
Windows operating systems prior to
Windows 2000 used NetBIOS names to
identify the computers on the network.
The resource record is the fundamental
data storage unit in all DNS servers.

Summary
The DNS Server service in Windows
Server 2008 supports both standard and
Active Directoryintegrated DNS zones.
DNS root name servers are the highestlevel DNS servers in the entire
namespace.
You can divide a DNS namespace into
zones to store them on different servers
and to delegate their administration to
different people.

Summary
Windows Server 2008 supports primary
zones, secondary zones, and stub zones.
Primary and stub zones can be integrated
into Active Directory.
You can use DHCP to streamline the
process of assigning DNS servers to your
clients to use for name resolution.

Summary
Active Directory Rights Management
Service (AD RMS) is a Windows Server
2008 service that you can use to protect
sensitive data on a Windows network.
The Active Directory Federation Services
(AD FS) role allows administrators to
configure Single Sign-On (SSO) for Webbased applications across multiple
organizations.