1560b_02 Implementing Dns In Windows 2000

Module 2: Implementing DNS in Windows 2000 Contents Overview

1

Multimedia Presentation: Basics of the Domain Name System (DNS)

2

Installing the DNS Server Service

3

Configuring Zones in Windows 2000 Testing the DNS Server Service

5 13

Lab A: Installing and Configuring the DNS Server Service

15

Review

22

Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Active Desktop, Active Directory, ActiveX, BackOffice, FoxPro, JScript, Outlook, PowerPoint, Visual Basic, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Leads: Mark Johnson, Gerry Lang, H. James Toland III (ComputerPREP, Inc.) Instructional Designers: Jeanie Decker (Write Stuff), Chris Slemp (ComputerPREP, Inc.), Victoria Fodale (ComputerPREP, Inc.), Jose Mathews (NIIT Inc.), Barbara Pelletier (S&T OnSite), Rick Selby, H. James Toland III (ComputerPREP, Inc.) Lead Program Managers: Jim Clark, Paul Adare (FYI TechKnowlogy Services) Program Managers: Jeff Clark, Rodney Miller, Andy Ruth (Infotec), Thomas Willingham (Infotec) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Test Engineers: Jeff Clark, H. James Toland III (ComputerPREP, Inc.) Lab Simulations Developers: Wai Chan (Meridian Partners Ltd.), David Carlile (Independent Contractor), Tammy Stockton (S&T OnSite) Graphic Artists: Julie Stone (Independent Contractor), Kimberly Jackson (Independent Contractor) Editing Manager: Lynette Skinner Editors: Kelly Baker (Write Stuff), Jennifer Kerns (S&T OnSite) Copy Editor: Patricia Neff (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T OnSite) Multimedia Development: Kelly Renner (Entex) Courseware Testing: Data Dimensions, Inc. Production Support: Irene Barnett (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Manager: Gerry Lang Group Product Manager: Robert Stewart Simulations and interactive exercises were built by using Macromedia Authorware

Module 2: Implementing DNS in Windows 2000

iii

Instructor Notes Presentation: 50 Minutes Lab: 25 Minutes

This module provides the knowledge and skills necessary to install, configure, and test the Domain Name System (DNS) in a Microsoft® Windows® 2000 network. At the end of this module, students will be able to:


Install the DNS Server service.




Configure zones in Windows 2000.




Test the DNS Server service.

Materials and Preparation This section provides you with the required materials and preparation that are necessary to teach this module.

Required Materials To teach this module, you need the following materials:


Microsoft PowerPoint® file 1560B_02.ppt




Multimedia presentation file PBSG_DNS.avi, Basics of the Domain Name System (DNS)

Preparation Tasks To prepare for this module, you should:


Read all of the materials for this module.




Read Key Concepts of DNS under Additional Reading on the Web page on the Trainer Materials compact disc.




View the multimedia presentation, Basics of the Domain Name System (DNS), under Multimedia Presentations on the Web page on the Trainer Materials compact disc.




Complete the lab.

iv

Module 2: Implementing DNS in Windows 2000

Module Strategy Use the following strategy to present this module:


Installing the DNS Server Service The Active Directory™ directory service requires a DNS server. This topic provides information about requirements and instructions for installing the Windows 2000 DNS Server service. Explain to students that a computer running Windows 2000 must be configured with a static Internet Protocol (IP) address prior to installing the DNS Server service. Describe the actions that the DNS Server service performs during the installation process, and demonstrate the steps for installing the DNS Server service after running Windows 2000 Setup. The students will perform this procedure in the lab; therefore, they should only observe the demonstration.




Configuring Zones in Windows 2000 This topic describes how to configure zone transfers, Active Directory integrated zones, and dynamic update. Review primary and secondary zone types and ensure the students understand that these are called standard primary and standard secondary in Windows 2000. Identify the two methods that are used for replicating zone information: full zone transfer (AXFR) and incremental zone transfer (IXFR). Explain that IXFR has been implemented with the DNS Server service to replicate only changes to the zone database file. Explain how to create an Active Directory integrated zone and how to convert an existing standard primary zone to an Active Directory integrated zone. Describe the necessary steps for configuring the DNS Server service to allow dynamic updates and configuring the DHCP Server service to perform dynamic updates.




Testing the DNS Server Service This topic describes the two methods that are available in Windows 2000 for testing the DNS Server service. Explain that the ability to monitor and test the DNS Server service by using the DNS console is a new feature in the DNS Server service. This feature allows you to perform queries on a scheduled basis to ensure that the DNS Server service is operating correctly. In addition, explain that Nslookup, although it is not new to the Windows 2000 DNS Server service, can be used to view resource records for diagnostic purposes and to perform queries to test the DNS Server service.

Module 2: Implementing DNS in Windows 2000

Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. Important The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the end of the Classroom Setup Guide for course 1560B, Updating Support Skills from Microsoft Windows NT 4.0 to Microsoft Windows 2000.

Lab Setup This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. There are no lab setup requirements or configuration changes that affect replication or customization.

Lab Results Performing the labs in this module introduces the following configuration changes:


The DNS Server service is installed on each student computer.




Forward and Reverse lookup zones are created on each student computer.




Each student computer is configured with a fully qualified domain name (FQDN) that is specified in the multiple-maximum domain model.




Each student computer is configured to use its own DNS service for DNS forward lookup name resolution.




Each student computer is configured to use the instructor DNS service for DNS reverse lookup name resolution.




Authority is delegated to the student computer for the domain.nwtraders.msft domain.




Dynamic updates are enabled.

v

Module 2: Implementing DNS in Windows 2000

1

Overview Slide Objective

To provide an overview of the module topics and objectives.




Installing the DNS Server Service

Lead-in




Configuring Zones in Windows 2000




Testing the DNS Server Service

In this module, you will learn how to install, configure, and test the DNS Server service in Windows 2000.

Domain Name System (DNS) is an integral part of client/server communications in Transmission Control Protocol/Internet Protocol (TCP/IP) networks. Microsoft® Windows® 2000 uses DNS as its primary method for name resolution. The Windows 2000 implementation of DNS includes several new features that improve upon the DNS capabilities of Microsoft Windows NT® version 4.0 and ease the administrative burden of maintaining DNS. These features include incremental zone transfers, integration with the Active Directory™ directory service, and support for dynamic updates. In addition, Windows 2000 provides configuration wizards and other tools to help you manage and support DNS servers and clients on your network. At the end of this module, you will be able to:


Install the DNS Server service.




Configure zones in Windows 2000.




Test the DNS Server service.

2

Module 2: Implementing DNS in Windows 2000

Multimedia Presentation: Basics of the Domain Name System (DNS) Slide Objective

To introduce the multimedia presentation.

Lead-in

This multimedia presentation describes key components of DNS and how the name resolution process works. You should understand these concepts to support a Windows 2000 network effectively.

Run the multimedia presentation located under Multimedia Presentations on the Web page on the Trainer Materials compact disc. The estimated time to complete this multimedia presentation is 8 minutes. Inform students that a copy of the multimedia presentation is included on the Web page on the Student Materials compact disc. This presentation is for review purposes only. If students require additional information about DNS, refer them to “Key Concepts of DNS” under Additional Reading on the Web page on the Student Materials compact disc.

Before you begin the process of installing and configuring the DNS Server service in Windows 2000, it is important to review some basic concepts of DNS. Note The purpose of this presentation is to review basic DNS concepts prior to learning about the new features and enhancements in the Windows 2000 DNS Server service. To view the Basics of the Domain Name System (DNS) presentation, open the Student Materials Web page on the Student Materials compact disc, click Multimedia Presentations, and then click the title of the presentation. For additional basic information about DNS, see “Key Concepts of DNS” under Additional Reading on the Web page on the Student Materials compact disc.

Module 2: Implementing DNS in Windows 2000

3

Installing the DNS Server Service Slide Objective

To illustrate the Networking Services page in the Windows Components wizard.

Lead-in

Before you install the DNS Server service on a computer running Windows 2000, you must configure the computer with a static IP address and DNS domain name.

Networking Services To add or remove a component, click the check box. A shaded box means that only part of the component will be installed. To see what’s included in a component, click Details. Subcomponents of Networking Services: COM Internet Services Proxy

0.0 MB

Domain Name System (DNS)

0.8 MB

Dynamic Host Configuration Protocol (DHCP)

0.0 MB

Internet Authentication Service

0.0 MB

QoS Admission Control Service

0.0 MB

Simple TCP/IP Services

0.0 MB

Site Server LDAP Services

1.8 MB

Description: Answers query and update requests for Domain Name System (DNS) names. Total disk space required: Space available on disk:

0.9 MB

Details...

378.6 MB OK

Cancel

For Active Directory and associated client software to function correctly, you must first install and configure a DNS server. Before you install the DNS Server service, you must configure TCP/IP with a static IP address, because computers running Windows 2000 are configured as Dynamic Host Configuration Protocol (DHCP) clients by default. Perform the following TCP/IP configurations on the computer on which you are installing the DNS Server service: 1. Assign a static IP address in the Internet Protocol (TCP/IP) Properties dialog box. 2. Configure the DNS host and domain name on the server on which you are installing the DNS Server service. To do this, click Advanced in the Internet Protocol (TCP/IP) Properties dialog box. On the DNS tab in the Advanced TCP/IP Settings dialog box, verify that the DNS address in the DNS addresses, in order of use box is correct, and then type the domain name in the DNS Domain Name box. You can install the DNS Server service during Windows 2000 Setup, after Windows 2000 Setup, or during Active Directory installation. If you install the DNS Server service during Active Directory installation, you must manually create a reverse lookup zone and set the zone attribute to Allow updates after installation.

4

Module 2: Implementing DNS in Windows 2000

Delivery Tip

Demonstrate the steps for installing the DNS Server service after Windows 2000 Setup. Inform the students that they will perform this procedure in the lab. Therefore, they should not follow along with the demonstration on the classroom computers.

To install the DNS Server service after Windows 2000 Setup: 1. Open Add/Remove Programs in Control Panel, and then click Add/Remove Windows Components. 2. On the Windows Components page, click Networking Services, and then click Details. 3. Select the Domain Name System (DNS) check box, click OK, and then click Next. 4. If prompted, provide the full path to the Windows 2000 distribution files, and then click Continue. The DNS Server service installation process performs the following actions:


Installs the DNS Server service, and starts the service automatically (without restarting the computer).




Installs the DNS console, and adds the DNS shortcut to the Administrative Tools menu. You use the DNS console to manage local and remote DNS servers.




Adds the following key for the DNS Server service to the registry: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\DNS




Creates the systemroot\System32\Dns folder. The DNS folder contains the DNS database files that are described in the following table: File type

Description

Domain_name.dns

The zone database file that is used to translate host names to IP addresses for a zone.

z.y.x.w.in-addr.arpa

The reverse lookup file that is used to translate IP addresses to host names.

Cache.dns

The cache file that contains the required host information for resolving names outside of authoritative domains. The default file contains records for all of the root servers on the Internet.

Boot

The file that controls how the DNS Server service starts. In Windows 2000, the Boot file is optional because the boot settings are stored in the registry.

Note The Boot file is not defined in any RFC, and is not needed for compliance with RFC standards. The Boot file is a part of the Berkeley Internet Name Domain (BIND)–specific implementation of DNS. If you are migrating from a DNS server running BIND, copying the Boot file allows easy migration of your existing configuration. For more information on BIND, see the Internet Software Consortium Web site at http://www.isc.org

Module 2: Implementing DNS in Windows 2000


Configuring Zones in Windows 2000 Slide Objective

To introduce the zone types in the Windows 2000 implementation of DNS.

Lead-in

Zone information is stored in a zone database file, and you can configure a zone in several ways.

Delivery Tip

Ask the students to describe primary and secondary DNS zones. Point out that these zone types are called standard primary and standard secondary in Windows 2000.




Configuring Zone Transfers




Configuring Active Directory Integrated Zones




Configuring Zones for Dynamic Update

A zone is a portion of the domain namespace that is defined by the resource records that are stored in a zone database file. A zone database file stores information that is used to resolve host names to IP addresses and IP addresses to host names. With Windows 2000, you can create standard primary and standard secondary zones, which are the same as the primary and secondary zones you can create with the Windows NT 4.0 DNS Server service. Zone transfer is the process of replicating a zone database file to multiple DNS servers. Windows 2000 supports incremental zone transfers in addition to full zone transfers. After you install Active Directory, you can also create Active Directory integrated zones. Active Directory integrated zones are primary zones that are stored in the Active Directory and replicated during Active Directory replication rather than through zone transfers. You can also configure zones to better utilize network resources. For example, you can configure zones for dynamic updates. The DNS dynamic update protocol can be used to automatically update the zone database file without administrator intervention.

5

6

Module 2: Implementing DNS in Windows 2000

Configuring Zone Transfers Slide Objective

To list the options for configuring zone transfers.




Zone Transfer Initiation




Zone Transfer Types

Lead-in

Zone transfer is the process by which DNS servers interact to maintain and synchronize zone database files.







Full zone transfer (AXFR)




Incremental zone transfer (IXFR)

Configuring Zone Transfer Properties Serial number: Increment

2 Refresh interval: Retry interval: Expires after:

15 10 1

Minimum (default) TTL: 0


minutes minutes days :1

:0 :0

Configuring DNS Notify

Zone transfers copy the zone database file information from the master server to a secondary server.

Zone Transfer Initiation The zone transfer process is initiated when one of the following occurs:


A master server sends a notification of a change in the zone to the secondary server or servers.




The secondary server queries a master server for changes to the zone database file. This occurs when the DNS Server service on the secondary server starts, or when the refresh interval on the secondary server expires.

Zone Transfer Types The two methods for replicating zone information are:


Full zone transfer (AXFR). Replicates the entire zone database file. Most DNS implementations use and support AXFR. When the refresh interval expires on a secondary server, it queries its master server by using an AXFR query. The secondary server detects whether its local copy of a zone is the same as the master server copy by comparing serial numbers for the zone.




Incremental zone transfer (IXFR). Only replicates changes to the zone database file. IXFR is a recent, RFC-defined DNS implementation that is included in Windows 2000 and can reduce the amount of zone data that is transferred during replication. IXFR also uses serial numbers to determine if changes have been made to a zone database file. However, if changes have been made, only the resource records that changed are transferred, rather than the entire zone database file. Changes and additions are kept in the cache until the secondary server has received all of the updated information.

Module 2: Implementing DNS in Windows 2000

7

A server responding to the zone transfer request keeps record of the newest version of the zone and the differences between that copy and several older versions. When the server receives a request with an older serial number, it sends only the changes required to make the client version current. However, the server may respond with a full zone transfer when one of the following is true: 1. The sum of the changes is larger than the entire zone. 2. The client serial number is lower than the serial number of the oldest of the versions of the zone on the server. Only a limited number of previous versions of the zone are kept on the server for performance reasons. 3. The server responding to the IXFR request does not recognize the query type. If the server doesn’t recognize the query, the client will automatically initiate an AXFR instead. Note For more information on IXFR, see RFC 1995 under Additional Reading on the Web page on the Student Materials compact disc.

Configuring Zone Transfer Properties It is not necessary to explain each of the zone transfer properties in detail. Explain them briefly, and suggest that the students review this information in depth outside of class.

You can control how often and when a zone transfer occurs by modifying the Start of Authority (SOA) resource record. To do this, modify the following settings on the Start of Authority (SOA) tab in the Properties dialog box for the zone:


Serial number. Tracks updates to the zone database file. Serial numbers indicate if changes have been made to a zone database file.




Refresh interval. Controls how often a secondary server will query its master server for new data.




Retry interval. If a secondary server cannot contact its master server, the retry interval determines how long the secondary server will wait before attempting to contact its master server again.




Expire interval. Controls the length of time that a secondary server will use its current zone data to answer queries when it cannot contact the master server. At the end of the expire interval, if the secondary server cannot contact its master server, it will stop performing name resolution.




Minimum TTL. Specifies the Time to Live (TTL) interval, or the minimum amount of time for which a response to a query is valid. The DNS server that provides the name resolution information specifies the TTL interval for that information.

8

Module 2: Implementing DNS in Windows 2000

Configuring DNS Notify You can configure a master server to include a list of one or more secondary servers that should be notified when a zone database file is updated. If a secondary server receives notification from its master server that changes have been made to the zone database file, it initiates a zone transfer to ensure that its records are up-to-date. To configure the notify list, open the Properties dialog box for the zone, click the Zone Transfers tab, and then click the Notify button. You can select automatic notification for all servers listed on the Name Servers tab, or automatic notification for servers you specify individually in the Notify dialog box.

Module 2: Implementing DNS in Windows 2000

Configuring Active Directory Integrated Zones Slide Objective

To illustrate the concept of an Active Directory integrated zone.




Active Directory Integrated Zone Data Is
Stored as an Active Directory object
Replicated as part of domain replication

Lead-in

You can integrate DNS zones into Active Directory to provide fault tolerance and increased security.

Active Active Directory Directory Integrated Integrated Zone Zone

Active Active Directory Directory

contoso.com DNS Server

Windows 2000 integrates DNS and Active Directory. Active Directory uses a DNS-based namespace, which eliminates the need to create and maintain separate naming services. Key Points

Active Directory integrated zones are stored in Active Directory. The zone database files for Active Directory integrated zones are not stored in the systemroot\System32\Dns folder, where the standard zone database files are stored.

In Active Directory integrated zones, zone data is stored as an Active Directory object, and is replicated as part of domain replication rather than through zone transfers. Note Active Directory integrated zones can only be created on DNS servers that are configured to run the DNS dynamic update protocol.

Creating Active Directory Integrated Zones To add an Active Directory integrated zone, open the DNS console, right-click the appropriate server name, and then click New Zone. In the Create New Zone wizard, click Next. On the Select a Zone Type page, click Active Directoryintegrated, and then click Next. The wizard then prompts you to specify whether the zone lookup type is forward or reverse. When you select Forward lookup zone, the Create New Zone wizard prompts you to specify the zone name. When you are finished specifying the zone information, the wizard will automatically create the zone, the zone database file, and the SOA and NS (name server) resource records. The contents of the zone database file are replicated to all domain controllers in the domain. When you select Reverse lookup zone, the Create New Zone wizard prompts you to specify the network identification and subnet mask and to verify the zone name. When you are finished specifying the zone information, the wizard will automatically create the zone, the zone database file, and the SOA and NS resource records.

9

10

Module 2: Implementing DNS in Windows 2000

Converting Existing Zones You can convert an existing standard primary zone to an Active Directory integrated zone. It is important to be aware of the following information before you convert an existing zone to an Active Directory integrated zone:


The server that hosts the standard primary zone must be a domain controller.




Active Directory integrated zones are stored in Active Directory. When you store a zone in Active Directory, the zone database file is copied into Active Directory and deleted from the primary server for the zone.

To convert a standard primary zone to an Active Directory integrated zone, open the Properties dialog box for the zone that you want to convert. Click the General tab, and then click Change. In the Change Zone Type dialog box, click Active Directory-integrated, and then click OK. Click OK in the Properties dialog box. Note The Active Directory-integrated option is not available in the Change Zone Type dialog box until Active Directory has been installed.

Module 2: Implementing DNS in Windows 2000

11

Configuring Zones for Dynamic Updates Slide Objective




To illustrate the dynamic update process.

Lead-in

The DNS Server service allows client computers to dynamically update their resource records on a DNS server.

DNS Dynamic Update Protocol
Allows clients to automatically update DNS servers
Can be used in conjunction with DHCP 1 Request Requestfor forIPIPaddress address

2 Assign AssignIP IPaddress address DHCP ofof192.168.120.133 DHCPupdates updates 192.168.120.133 reverse reverseresource resourcerecord record for forWindows Windows2000 2000 clients clientsand andboth both resource resourcerecords recordsfor for other clients other clients Computer1 Computer1

Windows Windows2000 2000 client clientupdates updates forward forwardresource resource record recordon onDNS DNS server server

Dynamic updates can be used in conjunction with DHCP to dynamically update resource records when the DHCP address of a computer is released and renewed.

DHCP Server

192.168.120.133 192.168.120.133

DNS Server

Zone Database

DNS was originally designed to support only static changes to a zone database. Because of the design limitations of a static DNS service, adding, removing, or modifying resource records could only be done manually. The Windows 2000 implementation of DNS supports the DNS dynamic update protocol. The DNS dynamic update protocol allows Windows 2000 client computers to update DNS servers automatically, so that resource records can be updated without administrator intervention. To enable dynamic updates, the client must be configured to perform dynamic updates, and the zone must be configured to allow dynamic updates to occur. Note For more information on the DNS dynamic update protocol, see RFC 2136 under Additional Reading on the Web page on the Student Materials compact disc. Key Points

The DNS dynamic update protocol allows updates directly from a client or from a DHCP server on behalf of a client computer.

To configure a zone for dynamic updates, open the Properties dialog box for the zone and select the General tab. The options that become available when you select Allow Dynamic Updates? are described in the following table: Option

Description

No

Disables dynamic updates for the zone. This is the default option.

Yes

Allows all DNS dynamic update requests for the zone.

Only secure updates

Allows only DNS dynamic updates that use secure DNS for the zone.

12

Module 2: Implementing DNS in Windows 2000

Key Points

Only Active Directory integrated zones can be configured for secure dynamic updates.

The Only secure updates option appears only when the zone type is Active Directory integrated. With secure dynamic updates, the authoritative DNS server only accepts updates from client computers and servers that are authorized to send dynamic updates. Secure dynamic updates provide the following benefits:


Protect zones and resource records from being modified by users without authorization.




Enable you to specify exactly which users and groups can modify zones and resource records.

Note For more information on secure dynamic updates, see RFC 2137 in Additional Reading on the Web page on the Student Materials compact disc. Windows 2000 clients interact directly with the DNS server to update the forward (A) resource record. When the DHCP server is configured to perform dynamic updates, it updates the reverse (PTR) resource record for the Windows 2000 clients and updates both the A and PTR resource records for client computers that are running an operating system other than Windows 2000. When the DHCP server is not configured to perform dynamic updates, Windows 2000 clients update both the A and PTR resource records. Registration for client computers that are running an operating system other than Windows 2000 must be done manually. Note For more information on configuring a DHCP server for dynamic updates, see module 13, “Supporting DHCP and WINS,” in course 1560B, Updating Support Skills from Microsoft Windows NT 4.0 to Microsoft Windows 2000.

Module 2: Implementing DNS in Windows 2000

13

Testing the DNS Server Service Slide Objective

To highlight the different methods for testing the DNS Server service.

Lead-in

There are two methods available for testing the DNS Server service. You can use the DNS console or the Nslookup utility.

Err or

Monitoring Monitoring the the DNS DNS Server Server

Err or

Using Using Nslookup Nslookup

The Windows 2000 DNS Server service provides the capability to test and monitor DNS by using the DNS console. Nslookup, an industry-standard utility, is also available for testing the DNS Server service and testing resource records.

Monitoring a DNS Server You can configure the DNS Server service to perform queries on a scheduled basis to ensure that the service is operating correctly. In the DNS console, open the Properties dialog box for the server that you want to monitor, and then click the Monitoring tab. You can test a DNS server by performing two types of queries:


Simple query. This type of query performs a local test by using the DNS client to query a DNS server.




Recursive query. This type of query tests a DNS server by forwarding a recursive query to another DNS server.

Under Select a test type, select A simple query against this DNS server, A recursive query against other DNS servers, or both, and then click Test Now. The test results will appear under Test results in the Properties dialog box for the server.

14

Module 2: Implementing DNS in Windows 2000

Delivery Tip

Run Nslookup in both noninteractive and interactive mode. Also, show how to view Nslookup Help by typing a question mark (?) while in interactive mode.

Using Nslookup Nslookup is the primary diagnostic utility for the DNS Server service and is installed with TCP/IP. You can use Nslookup to view resource records and direct queries to any DNS server, including UNIX implementations of DNS. Nslookup has two modes:


Interactive. Use this mode when you require more than one piece of data. To run interactive mode, at the command prompt, type nslookup To exit interactive mode, type exit




Noninteractive. Use this mode when you require a single piece of data. Type the Nslookup syntax at the command prompt, and the data is returned.

The following table describes the Nslookup syntax: nslookup [–option ...] [computer-to-find | – (server)] Syntax

Description

-option…

Specify one or more Nslookup commands. For a list of commands, type a question mark (?) to open Help.

computer-to-find

If the computer-to-find is an IP address, Nslookup returns the host name. If the computer-to-find is a host name, Nslookup returns an IP address. If the computer-to-find is a name and does not have a trailing period, the default DNS domain name is appended to the name. To find a computer outside of the current DNS domain, append a period to the name.

-server

Use this server as the DNS server. If the server is omitted, the currently configured default DNS server is used.

Note For Nslookup to work properly, a PTR resource record for the DNS server must exist in the server’s database. Upon startup, Nslookup performs a reverse lookup on the IP address of the server that is running the DNS Server service.

Module 2: Implementing DNS in Windows 2000

15

Lab A: Installing and Configuring the DNS Server Service Slide Objective

To introduce the lab.

Lead-in

In this lab, you will install DNS, delegate authority for subdomains, create forward and reverse lookup zones, and configure zones for dynamic updates.

Objectives After completing this lab, you will be able to:


Install the DNS Server service.




Delegate authority for a domain.




Create forward and reverse lookup zones.




Enable dynamic update.

Prerequisites Before working on this lab, you must be familiar with DNS concepts and operations.

Lab Setup To complete this lab, you need the following:


A computer running Microsoft Windows 2000 Advanced Server that is configured as a member server.




A static IP address and subnet mask.




A lab partner. One partner will create the primary zone, while the other will create a secondary zone and designate his or her partner’s computer as the master server.




A fully qualified domain name (FQDN). Refer to the Student Computer IP Addresses and FQDNs section of the lab for this information.

Note When required, use 192.168.x.200 (where x is the assigned classroom number) as the IP address of the instructor computer.

16

Module 2: Implementing DNS in Windows 2000

Student Computer IP Addresses and FQDNs The following table provides the IP address and FQDN of each student computer in the fictitious domain nwtraders.msft. The FQDN is divided into four parts, from most specific to least specific. In this case, the domain name is the last three parts of the FQDN. For example, the FQDN vancouver.namerica1.nwtraders.msft has the domain name namerica1.nwtraders.msft. Find the student number that the instructor has assigned to you, and make a note of the IP address (where x is the assigned classroom number), FQDN, and domain name for your student number. Student number

IP address

FQDN

1

192.168.x.1

vancouver.namerica1.nwtraders.msft

2

192.168.x.2

denver.namerica1.nwtraders.msft

3

192.168.x.3

perth.spacific1.nwtraders.msft

4

192.168.x.4

brisbane.spacific1.nwtraders.msft

5

192.168.x.5

lisbon.europe1.nwtraders.msft

6

192.168.x.6

bonn.europe1.nwtraders.msft

7

192.168.x.7

lima.samerica1.nwtraders.msft

8

192.168.x.8

santiago.samerica1.nwtraders.msft

9

192.168.x.9

bangalore.asia1.nwtraders.msft

10

192.168.x.10

singapore.asia1.nwtraders.msft

11

192.168.x.11

casablanca.africa1.nwtraders.msft

12

192.168.x.12

tunis.africa1.nwtraders.msft

13

192.168.x.13

acapulco.namerica2.nwtraders.msft

14

192.168.x.14

miami.namerica2.nwtraders.msft

15

192.168.x.15

auckland.spacific2.nwtraders.msft

16

192.168.x.16

suva.spacific2.nwtraders.msft

17

192.168.x.17

stockholm.europe2.nwtraders.msft

18

192.168.x.18

moscow.europe2.nwtraders.msft

19

192.168.x.19

caracas.samerica2.nwtraders.msft

20

192.168.x.20

montevideo.samerica2.nwtraders.msft

21

192.168.x.21

manila.asia2.nwtraders.msft

22

192.168.x.22

tokyo.asia2.nwtraders.msft

23

192.168.x.23

khartoum.africa2.nwtraders.msft

24

192.168.x.24

nairobi.africa2.nwtraders.msft

Estimated time to complete this lab: 25 minutes

Module 2: Implementing DNS in Windows 2000

17

Exercise 1 Installing the DNS Server Service Scenario Currently, there is one DNS server on your network, which contains the primary zone for nwtraders.msft. The server that you are installing will be authoritative for a subdomain of nwtraders.msft. You want the DNS Server service to be able to resolve DNS name queries to IP addresses, and to resolve host IP addresses on your network to their registered host name.

Goal In this exercise, you will configure the domain name of your computer and install the DNS Server service. Tasks

Detailed Steps

1. Configure the DNS Suffix for your computer. When prompted, restart the computer.

a.

Log on as Administrator with a password of password.

b.

Open the Properties dialog box for My Computer.

c.

In the System Properties dialog box, on the Network Identification tab, click Properties.

d.

In the Identification Changes dialog box, click More.

e.

In the DNS Suffix and NetBIOS Computer Name dialog box, in the Primary DNS suffix of this computer box, type domain.nwtraders.msft (where domain is your assigned domain name), and then click OK.

f.

Click OK to close the Identification Changes dialog box, and then click OK to close the Network Identification message box.

g.

Click OK to close the System Properties dialog box, and then click Yes in the System Settings Change message box to restart your computer.

a.

Log on as Administrator with a password of password.

b.

In Control Panel, double-click Add/Remove Programs, and then click Add/Remove Windows Components.

c.

On the Windows Components page, under Components, click Networking Services, and then click Details.

d.

Under Networking Services, verify that all check boxes are cleared, select the Domain Name System (DNS) check box, and then click OK.

e.

In the Windows Components wizard, click Next.

f.

If prompted, insert the compact disc labeled Windows 2000 Advanced Server, and then click OK.

g.

After the required files have been copied, click Finish, and then close all windows.

•

Domain Suffix: domain.nwtraders.msft (where domain is your assigned domain name)

2. Start the Windows Components wizard, and install the DNS subcomponent of Networking Services. Copy the required files from the Windows 2000 Advanced Server compact disc.

18

Module 2: Implementing DNS in Windows 2000

Exercise 2 Delegating Authority for a Domain Scenario You need delegation records in the primary zone for nwtraders.msft that point to the authoritative DNS server for the new subdomain. This is necessary both to transfer authority and to provide correct referrals.

Goal In this exercise, you will delegate authority from the instructor DNS Server to the student DNS Server that will host the primary zone for the new subdomain. Tasks

Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number. 1. Add the instructor’s DNS Server to your DNS console.

2. Delegate authority for domain.nwtraders.msft to your DNS Server.

a.

Open DNS from the Administrative Tools menu.

b.

In the console tree, right-click DNS, and then click Connect to Computer.

c.

In the Select Target Computer dialog box, click The following computer. In the text box, type London and then click OK.

a.

In the console tree, expand London, expand Forward Lookup Zones, and then expand nwtraders.msft.

b.

In the console tree, right-click nwtraders.msft, and then click New Delegation.

c.

In the New Delegation wizard, on the Welcome to the New Delegation Wizard page, click Next.

d.

On the Delegated Domain Name page, in the Delegated domain box, type domain and then click Next.

e.

On the Name Servers page, click Add.

f.

In the New Resource Record dialog box, in the Server name box, type the FQDN for your computer, click Resolve, then click OK.

g.

On the Name Servers page, click Add.

h.

In the New Resource Record dialog box, in the Server name box, type the FQDN for your partner’s computer, click Resolve, and then click OK.

i.

On the Name Servers page, click Next.

j.

On the Completing the New Delegation Wizard page, click Finish.

Module 2: Implementing DNS in Windows 2000

19

Exercise 3 Creating Forward and Reverse Lookup Zones Scenario You must create lookup zones on the DNS Servers for the subdomain you created in exercise 1.

Goal In this exercise, you will create a forward and reverse lookup zone. Tasks

Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number. 1. Add a standard primary forward lookup zone for domain.nwtraders.msft.

a.

In the console tree, right-click server (where server is your computer name), and then click Configure the server.

b.

On the Welcome to the Configure DNS Server Wizard page, click Next.

c.

On the Forward Lookup Zone page, ensure that Yes, create a forward lookup zone is selected, and then click Next.

d.

On the Zone Type page, ensure that Standard primary is selected, and then click Next.

e.

On the Zone Name page, in the Name box, type domain.nwtraders.msft and then click Next.

f.

On the Zone File page, ensure that Create a new file with this file name is selected, and then click Next.

Important: Perform the following procedure on the computer of the partner with the lowest student number. 2. Add a standard secondary reverse lookup zone for your subnet.

a.

On the Reverse Lookup Zone page, ensure that Yes, create a reverse lookup zone is selected, and then click Next.

b.

On the Zone Type page, click Standard secondary, and then click Next.

c.

On the Reverse Lookup Zone page, verify that Network ID is selected. For the network ID, type the first three octets of the IP address of your computer, and then click Next. (For example, for an IP address of 192.168.1.1, type 192.168.1.)

d.

On the Master DNS Servers page, in the IP address box, type the instructor’s IP address, click Add, and then click Next.

e.

On the Completing the Configure DNS Server Wizard page, click Finish.

20

Module 2: Implementing DNS in Windows 2000

Tasks

Detailed Steps

Important: Perform the following procedure on the computer of the partner with the highest student number. 3. Add a standard secondary forward lookup zone for domain.nwtraders.msft and a standard secondary reverse lookup zone for your subnet.

a.

Open DNS from the Administrative Tools menu.

b.

Right click Server, and then click Configure the server.

c.

On the Welcome to the Configure DNS Server Wizard page, click Next.

d.

On the Forward Lookup Zone page, verify that Yes, create a forward lookup zone is selected, and then click Next.

e.

On the Zone Type page, click Standard secondary, and then click Next.

f.

On the Zone Name page, type domain.nwtraders.msft and then click Next.

g.

On the Master DNS Servers page, in the IP address box, type the IP address of your partner’s computer, click Add, and then click Next.

h.

On the Reverse Lookup Zone page, verify that Yes, create a reverse lookup zone is selected, and then click Next.

i.

On the Zone Type page, click Standard secondary, and then click Next.

j.

On the Reverse Lookup Zone page, verify that Network ID is selected. For the network ID, type the first three octets of your IP address, and then click Next. (For example, for an IP address of 192.168.1.1, type 192.168.1.)

k.

On the Master DNS Servers page, in the IP address box, type the IP address of the instructor’s computer, click Add, click Next, and then click Finish.

Module 2: Implementing DNS in Windows 2000

21

Exercise 4 Enabling Dynamic Update Scenario You want DHCP and client computers to update DNS records automatically to decrease the administrator’s workload.

Goal In this exercise, you will enable dynamic update on the DNS Server. Tasks

Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number. 1. Enable dynamic update on the forward lookup zone for domain.nwtraders.msft.

a.

In the console tree, expand Server, and then expand Forward Lookup Zones.

b.

Click domain.nwtraders.msft, and then right-click domain.nwtraders.msft, and then click Properties.

c.

In the domain.nwtraders.msft Properties box, in the Allow dynamic updates list, click Yes, and then click OK.

Important: The following task should be performed on both servers. 2. Configure the TCP/IP properties so that your computer is a client of the DNS Server service on your computer.

a.

Open the Properties dialog box for My Network Places, and then open the Properties dialog box for Local Area Connection.

b.

Click Internet Protocol (TCP/IP), and then click Properties.

c.

In the Internet Protocol (TCP/IP) Properties dialog box, click Use the following DNS server addresses if necessary, type the IP address of your computer in the Preferred DNS server box, and then click OK.

d.

In the Local Area Connection Properties dialog box, click OK, and then close Network and Dial-up Connections.

e.

Close all open windows, and then log off.

22

Module 2: Implementing DNS in Windows 2000

Review Slide Objective

To reinforce module objectives by reviewing key points.




Installing the DNS Server Service

Lead-in




Configuring Zones in Windows 2000




Testing the DNS Server Service

The review questions cover some of the key concepts taught in the module.

1. What types of DNS zones can you create by using the DNS Server service in Windows 2000? Standard primary, standard secondary, and Active Directory integrated zones.

2. What functionality has been implemented with the Windows 2000 DNS Server service that allows the transfer of changes only to a zone database file? Incremental zone transfer (IXFR).

3. You have created an Active Directory integrated forward lookup zone. You cannot locate the zone database file that is associated with that zone on the hard disk of the DNS server. Why can’t you locate the zone database file? Where is the zone database information stored? Active Directory integrated zones are stored in Active Directory. Therefore, there are no files that are associated with them on the hard disk of the DNS server.

4. How can you test the DNS installation by using the DNS console? Which options are available? You can use the Test Now button on the Monitoring tab of the Properties dialog box for the server. You can perform a simple query, a recursive query, or both.