Sie sind auf Seite 1von 20

DNS in Microsoft

Windows Server 2003

1
What is DNS?

Domain Name Service/Domain Name System

Provides resolution of names to IP addresses and


resolution of IP addresses to names

Defines a hierarchical namespace where each level of


the namespace is separated by a “.”

2
What is a DNS Server?

Computer running DNS service


Can be:

Microsoft® Windows® Server 2003


Windows 2000
Microsoft Windows® NT 4
UNIX
Linux
NetWare Etc.

3
How Names Are Mapped to IP Addresses

Name Resolution
Service
Sys1
1

Where
Where is
is the
the 2
Sys1?
Sys1? 10.0.0.1

Sys1
Sys1

4
DNS Namespace

.
.org
.org .com
.com .edu
.edu .au
.au

unicef.org
unicef.org msn.com
msn.com microsoft.com. mtu.edu
mtu.edu msu.edu
msu.edu gov.au
gov.au com.au
com.au

corp.microsoft.com.

corp. microsoft .com .

Subdomain
Subdomain Second-Level
Second-Level Domain
Domain Top-Level
Top-Level Domain
Domain Root
Root

5
Query Types

Recursive Queries

A query made from a client to a DNS server in which the


server assumes full workload.

DNS server returns either a complete answer or


negative answer.

Iterative Queries

Receiving server may return an answer, a negative


response, or a referral to other DNS Server's

“Give me an answer or refer me to somebody else who


can help me obtain resolution.”

Issued by: DNS Servers

6
How Recursive & Iterative Queries Works

Am
Is Root
name
IRoot
IsIterative
Am name Hints:
I authoritative?
in
in cache?
Hints:
cache?server1.microsoft.com.
authoritative?
Query:
b.root-servers.net No [128.9.0.107]
10.1.1.1
10.1.1.1 To: Root Servers
10.1.1.1 j.root-servers.net [198.41.0.10] Root Server
10.1.1.1 Ite rative
Que ry II: don
don t know. IsAsk:
Am name
name in
in cache?
II authoritative?
cache?
authoritative?
servet r1
know. Ask:
k.root-servers.net [193.0.14.129]
IteTroa: TLD Sa.gtld-servers.net
l.root-servers.net [198.32.64.12] icrosDelegation:
.m[192.5.6.30]
Delegation:
tive erve[202.12.27.33]
m.root-servers.net rs oft.cNoom.
Cache response To: m Qug-gtld-servers.net
i.root-servers.net ery:[192.36.148.17] [192.42.93.30] .com.
.com. ==
i
serv croso fc.gtld-servers.net
e.root-servers.net t.
serv a.gtld-servers.net
er
[192.203.230.10]
1
[192.26.92.30]
[192.5.6.30]
com
er1.m i.gtld-servers.net .mic [192.36.144.133] [192.42.93.30]
d.root-servers.net icb.gtld-servers.net
[128.8.10.90]
rodon ro[203.181.106.5]
DNS g-gtld-servers.net
sIsofname
a.root-servers.net II don s[198.41.0.4]
o f ttt. know.
s
know. e Ask:
Ask: AmIs t.
c.gtld-servers.netIcauthoritative?
name o in
in cache?
cache?
authoritative?
[192.26.92.30]
rv
com i.gtld-servers.net m. [192.36.144.133]
h.root-servers.net
d.gtld-servers.net
[128.63.2.53]
dns2.cp.msft.net =192er[192.31.80.30]
s Delegation:
l.gtld-servers.net[207.46.138.21] Delegation:
No TLD
TLD Server
Server
server1.microsoft.com=192.168.7.99
c.root-servers.net .1[192.41.162.30]
68.7
[192.33.4.12]b.gtld-servers.net [203.181.106.5]
dns1.cp.msft.net
f.gtld-servers.net[207.46.138.20]
server1.microsoft.com=192.168.7.99
g.root-servers.net [192.112.36.4]
.
microsoft.com.
99
microsoft.com.
[192.35.51.30]
d.gtld-servers.net ==
[192.31.80.30]
dns1.tk.msft.net
j.gtld-servers.net[207.46.232.37]
[210.132.100.101]
f.root-servers.net [192.5.5.241] l.gtld-servers.net [192.41.162.30]
Recursive Query:
dns2.tk.msft.net server1.microsoft.com.
k.gtld-servers.net [207.46.232.38]
dns2.cp.msft.net
[213.177.194.5] [207.46.138.21]
f.gtld-servers.net [192.35.51.30]
dns3.uk.msft.net
e.gtld-servers.net[213.199.144.151]
dns1.cp.msft.net
[192.12.94.30] [207.46.138.20]
j.gtld-servers.net
AmIs [210.132.100.101] microsoft.com
Recursive Query: server1.microsoft.com.
dns4.uk.msft.net
m.gtld-servers.net[213.199.144.152]
dns1.tk.msft.net Is name
Am II authoritative?
name
[202.153.114.101]
k.gtld-servers.net
in
in cache?
cache?
authoritative?
[207.46.232.37]
[213.177.194.5]
microsoft.com
dns3.jp.msft.net [207.46.72.123] DNS
dns2.tk.msft.net
e.gtld-servers.net
[207.46.232.38]
Yes
No
[192.12.94.30] DNS Servers
Servers
Cache response [207.46.72.124]
dns4.jp.msft.net dns3.uk.msft.net
m.gtld-servers.net
[213.199.144.151]
[202.153.114.101]
dns1.dc.msft.net [207.68.128.151]
dns4.uk.msft.net [213.199.144.152]
dns2.dc.msft.net [207.68.128.152]
dns3.jp.msft.net [207.46.72.123]
Preferred
dns1.sj.msft.net
DNS Server: 10.1.1.1
[207.46.97.11]
dns4.jp.msft.net [207.46.72.124]
dns1.dc.msft.net [207.68.128.151]
http/tcp session- 192.168.7.99
dns2.dc.msft.net [207.68.128.152]
dns1.sj.msft.net [207.46.97.11] 192.168.7.99
192.168.7.99
http://server1.microsoft.com

7
Authoritative & Non-authoritative DNS server

Authoritative DNS server

An authoritative DNS server will either:

Return the requested IP address

Return an authoritative “No”

Non-authoritative DNS server

An Non-authoritative DNS server will either:

Check its cache

Use forwarders

Use root hints

8
Lookup Types

Forward lookup

Requests Name-to-IP Address resolution

IP address for sys1.zoom.com?

IP address = 192.168.1.50
DNS
DNS Server
Server

Reverse lookup

Requests IP Address-to-Name resolution

Name for 192.168.1.50?

Name = sys1.zoom.com
DNS
DNS Server
Server

9
Fully Qualified Domain Name (FQDN)

Identifies a host’s name within the DNS namespace


hierarchy

Host name plus DNS domain name = FQDN

Host
Host name
name DNS
DNS Domain
Domain name
name

10
ZONE

Zone is a storage database which contains all


zone Records

Forward Lookup Zone

Used for Resolving Host Names to IP-Address

It maintains Host to IP Address Mapping Information

Reverse Lookup Zone

Used for Resolving IP-Address to Host Names

It maintains IP Address to Host Mapping Information

11
Types of Records

SOA Record
The first record in any zone file
N S Record
Identifies the DNS server for each zone
Host Record
Resolves a host name to an IP address
Alias Record
Resolves an alias name to a host name
Pointer Record
Resolves an IP address to a host name
MX Record
Used by the mail server
SRV Records (Service Record)
Resolves names of servers providing services

12
Zone Types

Standard Primary

It is the Master Copy of all the Zone Information.


It is Read/Write copy

Standard Secondary

It is Backup to Primary zone. It is Read Only

Stub Zone

It contains only NS ,SOA & possibly Glue (A) Records


which are used to locate name servers

Active Directory Integrated

It stores the information of Zone in ACTIVE DIRECTORY


DATABASE

13
Roles of DNS Server

Standard Primary
Standard Secondary
Stub Zone
Active Directory Integrated
Cache Server
ROOT Server
Forwarders

14
How Stub Zone works

DNS
DNS Server
Server

zoom.com
DNS
DNS Server DNS
DNS Server
Server

m
m.co
.coom y
.zo ueerry
.zoor QQu Sys1
Sys1
s1pp ivee
otm
S0.ysu urrssiv

Training.zoom.com Support.zoom.com
s1 eccu

Support.zoom.com
Sy RRe

Sys10
Sys10

15
What are Service Records

SRV records allow DNS clients to locate TCP/IP-based


Services.
SRV records are used when:
A domain controller needs to replicate
A client searches Active Directory
A user attempts to change her password
An administrator modifies Active Directory

16
How Forwarders Works

A forwarder is a DNS server designated to resolve external


DNS domain names
Iterative Query
Forwarder
Forwarder Root
Root (.)
(.)
Ask .com
Iterative
Query

ery
Ask zo
Qu
om.com .com
.com

. 11
e
siv

.64
Itera
cur

.16
tive
Re

Auth Que
172
orita ry
172. 1 tive zoom.com
Res zoom.com
6.64. pons
11 e
Recu
rsive
www q u
.zoom ery for
Local
Local .com
Client
Client Server
Server
DNS
DNS Server
Server

17
How Conditional Forwarding Works

Conditional forwarding forwards


forwards requests using a domain
domain
name condition
All other DNS domains
Local
Local DNS
DNS ISP
ISP DNS
DNS

zo
om

com
.co
oo or m
w.z ry f
m.
ww Que

Client
Client Computer
zoom.com
zoom.com
DNS
DNS

18
How Root Hint Works

Root hints contain the IP addresses for DNS

root servers

Root
Root (.)
(.) Servers
Servers
DNS
DNS Servers

Root
Root Hints
Hints

com
DNS
DNS Server

microsoft
Client
Client

19
How DNS Server Caching Works

DNS server cache


Host name IP address TTL
ServerA.zoom.com 192.168.8.44 28 seconds
DNS
DNS Server
Server
ServerA
Where
Whereis
ServerA ss at
is at
192.168.8.44
ServerA?
ServerA?
192.168.8.44

ServerA
ServerA
Client1
Client1
ServerA
Whereiss at
Where
ServerA
Client2
Client2 192.168.8.44
ServerA?
192.168.8.44
ServerA?

20