Windows Server 2008 R2 Unleashed (59 page)

Getting Started with DNS on Windows Server 2008 R2

265

NOTE

Dynamic updates allow DNS clients to register and update their own resource records in

the DNS zone. When enabling dynamic updates to be accepted by your DNS server, be

sure you know the sources of dynamic updated information. If the sources are not reli-

able, you can potentially receive corrupt or invalid information from a dynamic update.

12. The next page allows for the creation of a reverse lookup zone. Here, select Yes,

Create a Reverse Lookup Zone Now, and click Next.

13. Select Primary Zone for the reverse lookup zone type, and click Next.

14. If storing the zone in Active Directory, select the replication scope and click Next.

15. Accept the default IPv4 Reverse Lookup Zone, and click Next.

16. Type in the network ID of the reverse lookup zone, and click Next. (The network ID

is typically the first set of octets from an IP address in the zone. If a Class C IP range

of 192.168.3.0/24 is in use on a network, you would enter the values 192.168.3, as

illustrated in Figure 10.2.)

ptg

FIGURE 10.2

Reverse lookup zone creation.

17. Again, if creating a non-AD-integrated zone, you are offered the option to create a

new zone file or to utilize an existing file. For this example, choose Create a New File

10

with This File Name, and click Next to continue.

18. Again, you are presented the option for dynamic updates. For this example, select

Allow Both Nonsecure and Secure Updates, and click Next to continue.

19. The next page deals with the setup of forwarders, which is described in more detail

in the “Understanding DNS Zones” section later in this chapter. In this example,

choose No, It Should Not Forward Queries, and click Next to continue.

266

CHAPTER 10

Domain Name System and IPv6

20. The final window displays a summary of the changes that will be made and the

zones that will be added to the DNS database. Click Finish to finalize the changes

and create the zones.

NOTE

Depending on network connectivity, there might be a pop-up dialog box between the two

clicks to finish the DNS changes in step 20. If you are not connected to a local area

network (LAN), an error dialog box is displayed regarding searching for root hints.

Although the dialog box notes the root hint error, clicking OK will still configure DNS

successfully.

Configuring DNS Server to Point to Itself

One subtask that should be accomplished after the installation is configuring the DNS

server address in the TCP/IP settings to point to itself for DNS resolution, unless there is a

specific reason not to do so. To accomplish this task, perform the following steps:

1. Launch Server Manager.

2. Click the View Network Connections link.

ptg

3. While in Network Connections, right-click the Local Area Connection icon and

select Properties.

4. Double-click Internet Protocol Version 4 (TCP/IPv4).

5. In the DNS Server boxes, make sure that Use the Following DNS Server Addresses is

selected and then type the IP address of the DNS server into the Preferred DNS

Server box.

6. If you have another DNS server, you can enter it into the Alternate DNS Server box.

7. Click OK twice to complete the changes.

NOTE

Previous recommendations for Windows 2000 stipulated that a root DNS server point

to another DNS server as the primary name server. This recommendation was made in

response to what is known as the “island” problem in Windows DNS. Administrators

will take heart in the fact that Windows Server 2003 and higher (including Windows

Server 2008 R2) are no longer subject to this problem, and it is now recommended

that you configure a DNS server to point to itself in most cases. You can find more

information on this concept later in this chapter.

Resource Records

In the DNS hierarchy, objects are identified through the use of resource records (RRs).

These records are used for basic lookups of users and resources within the specified

domain and are unique for the domain in which they are located. Because DNS is not a

Resource Records

267

flat namespace, however, multiple identical RRs can exist at different levels in a DNS hier-

archy. The distributed nature of the DNS hierarchy allows such levels.

Several key resource records exist in most DNS implementations, especially in those associ-

ated with Windows Server 2008 R2 Active Directory Domain Services. A general familiarity

with these specific types of RRs is required to gain a better understanding of DNS.

Start of Authority (SOA) Records

The Start of Authority (SOA) record in a DNS database indicates which server is authorita-

tive for that particular zone. The server referenced by the SOA records is subsequently the

server that is assumed to be the authoritative source of information about a particular

zone and is in charge of processing zone updates. The SOA record contains information

such as the Time to Live (TTL) interval, the contact person responsible for DNS, and other

critical information, as illustrated in Figure 10.3.

ptg

FIGURE 10.3

A sample SOA record.

An SOA record is automatically created when DNS is installed for Active Directory Domain

10

Services in Windows Server 2008 R2 and is populated with the default TTL, primary server,

and other pertinent information for the zone. After installation, however, these values can

be modified to fit the specific needs of an organization.

Host (A) Records

The most common type of RR in DNS is the host record, also known as an A record. This

type of RR simply contains the name of the host and its corresponding IP address, as illus-

trated in Figure 10.4.

268

CHAPTER 10

Domain Name System and IPv6

FIGURE 10.4

Sample host record.

ptg

The vast majority of RRs in DNS are A records because they are used to identify the IP

addresses of most resources within a domain.

NOTE

Most resource records also contain advanced information about the record, which

includes the Time to Live (TTL) and, optionally, the record time stamp. To view or update

this information, select Advanced from the View menu of the DNS Management console.

Name Server (NS) Records

Name Server (NS) records identify which computers in a DNS database are the name

servers, essentially the DNS servers for a particular zone. Although there can be only one

SOA record for a zone, there can be multiple NS records for the zone, which indicate to

clients which machines are available to run DNS queries against for that zone.

NOTE

Name Server records, or NS records, do not actually contain the IP information of a par-

ticular resource. In fact, in most cases, only A records contain this information. NS

records and other similar records simply point to a server’s A record. For example, an

NS record will simply point to server1.companyabc.com, which will then direct the query

to the server1 A record in the companyabc.com zone.

Resource Records

269

Service (SRV) Records

Service (SRV) records are RRs that indicate which resources perform a particular service.

Domain controllers in Active Directory Domain Services are referenced by SRV records

that define specific services, such as the global catalog (GC), Lightweight Directory Access

Protocol (LDAP), and Kerberos. SRV records are a relatively new addition to DNS, and did

not exist in the original implementation of the standard. Each SRV record contains infor-

mation about a particular functionality that a resource provides. For example, an LDAP

server can add an SRV record, indicating that it can handle LDAP requests for a particular

zone. SRV records can be very useful for Active Directory Domain Services because

domain controllers can advertise that they handle global catalog requests, as illustrated in

Figure 10.5.

ptg

FIGURE 10.5

Sample SRV record for an AD GC entry.

NOTE

Because SRV records are a relatively new addition to DNS, they are not supported by

several down-level DNS implementations, such as UNIX BIND 4.1.x and NT 4.0 DNS. It

is, therefore, critical that the DNS environment that is used for Windows Server 2008

10

R2’s Active Directory Domain Services has the capability to create SRV records. For

UNIX BIND servers, version 8.1.2 or higher is recommended.

Mail Exchanger (MX) Records

A Mail Exchanger (MX) record indicates which resources are available for Simple Mail

Transfer Protocol (SMTP) mail reception. MX records can be set on a domain basis so that

mail sent to a particular domain will be forwarded to the server or servers indicated by

270

CHAPTER 10

Domain Name System and IPv6

the MX record. For example, if an MX record is set for the domain companyabc.com, all

mail sent to [email protected] will be automatically directed to the server indicated

by the MX record.

Pointer (PTR) Records

Reverse queries to DNS are accomplished through the use of Pointer (PTR) records. In

other words, if a user wants to look up the name of a resource that is associated with a

specific IP address, he would do a reverse lookup using that IP address. A DNS server

would reply using a PTR record that would indicate the name associated with that IP

address. PTR records are most commonly found in reverse lookup zones.

Canonical Name (CNAME) Records

A Canonical Name (CNAME) record represents a server alias, and allows any one of a

number of servers to be referred to by multiple names in DNS. The record essentially

redirects queries to the A record for that particular host. CNAME records are useful when

migrating servers and for situations in which friendly names, such as mail.companyabc.

com, are required to point to more complex server-naming conventions, such as

sfoexch01.companyabc.com.

ptg

Other DNS Record Types

Other, less common forms of records that might exist in DNS have specific purposes, and

there might be cause to create them. The following is a sample list, but is by no means

exhaustive:

.
AAAA—
Maps a standard IP address into a 128-bit IPv6 address. This type of record

will become more prevalent as IPv6 is adopted and is discussed later in the chapter.

.
ISDN—
Maps a specific DNS name to an ISDN telephone number.

Other books

Khan by Kathi S. Barton
The Devil's Garden by Edward Docx
A Christmas Date by L. C. Zingera
Seeing the Love by Sofia Grey
Don't... by Jack L. Pyke