1dv416 windowsadministration i, 7.5hp module 2 dns & dhcp

MODULE 2 – DNS & DHCP 1DV416 – Windowsadministration I, 7.5hp

Lecture content

Today's lecture

• DNS

– 3 olika användningsområden

• Internet

• Lokalt

• Active Directory

• DHCP

• Namesapces

2013-11-26 © 2013 Jacob Lindehoff 2

DNS – Domain Name System

• Create user-friendly names:

– Servers

– Clients

– Services

What’s ny056.lnu.se IP address?

ny056.lnu.se IP is 194.47.174.56

Client DNS server

DNS-server data ny056.lnu.se 194.47.174.56

Forward Lookup


DNS Structure

• Relative to the DNS root

• Fully Qualified Domain Name, FQDN

• Maximum depth of a DNS tree is 127 levels .

arpa com edu gov mil org

w3

server1

The root of the DNS tree (usually indicated by a dot)

DNS – Domain Name System Domain name • Each node can be up to 63 characters long • DNS requires that the nodes that have the same parent should have

different names

Conflict because they have the same FQDN voyager.dfm.lnu.se.

voyager.dfm.lnu.se.

.

se

lnu

dfm

voyager

nv it

moon voyager

moon.it.lnu.se.


DNS domain:

”.”

se com org

lnu

lnu.se. (node)

lnu.se (domain)


DNS domains ”.”

se com org

lnu

lnu.se. (node)

lnu.se (domänen) it nv dfm

a b

dfm.lnu.se (domänen)

dfm.lnu.se. (node)

DNS – Domain Name System Toppdomäner

De ursprungliga toppdomänerna: • com • edu • gov • mil • net • org • int http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains




Delegating control

• One of the goals in the design of the DNS was to decentralize the administration:

• Parent domain contains only a pointer

lnu

.

mil net se

kth lu

Managed by Linnaeus dfm it nv

lnu

.

mil net se

kth lu

Managed by Linnaeus nv it dfm

Managed by DFM institution on Linnaeus


Name servrer and zones

• Name server = "application" that store information about the zone

• Loaded from a file or another name server

• Responsibility for the zone

• May be responsible for multiple zones

.

se

com org

lu lnu

kth

lu.se (zone) lnu.se (zone)

se (zone)


Zones

• Contains all domain names in the domain, except for domain names in delegated subdomains

• Name servers loads the zone is not the domain

se

lnu

nv dfm eko

it

.

se (zone)

it.lnu.se (zone)

eko.lnu.se (zone)

dfm.lnu.se (zone) nv.lnu.se (zone)

lnu.se (zone)

Delegering


• Types of name servers:

Primary Master Secondary Master

c:\Windows\System32\dns\

The primary name server loads zone data from the zone file.

1.

1.

The secondary name server loads zone data from the primary name server or another secondary name server.

2.

2.

When the secondary name server starts up, contact the their "master" server, and if necessary, it downloads zone data from its "master" server, this is called "zone transfer".

3.

3.

”.”

se

lnu.se

dfm.lnu.se

”.”

se com net

lnu kth

dfm it nv

1.

jacob.dfm.lnu.se

2.

se 3.

jacob.dfm.lnu.se 4.

lnu.se

5.

jacob.dfm.lnu.se

6.

dfm.lnu.se

7.

jacob.dfm.lnu.se

8.

jacob.dfm.lnu.se

Adressen till

9. 10.


Recursive Queries:

Request for address=

Reference to =


Caching

• Performance

• Positive caching

• Negative caching


Time To Live:

• Max time

• Long TTL

– Pros

– Cons

• Short TTL

– Pros

– Cons


DNS Suffix

• Primary DNS domain

• DNS suffixes should not be confused with the Active Directory domain name


DNS installation

• Configuring static IP

• Configure DNS Sufix

• Add Role

Installation of DNS • Pre-Setup DNS • Add role • Show cache with ipconfig


Lookup zones

• Forward lookup zones:

– domain names to IP addresses

• Reverse lookup zones:

– IP addresses to domain names


Resource Record Types:

• A (Host)

• CNAME(Alias)

• NS (Name Server)

• SOA(Start of Authority)

• MX (Mail Exchanger)

• SRV(Service Record)

• PTR (Pointer)


A-record:

• Identifies the IP address from a hostname

• Ex. dfm.lnu.se -> 194.47.172.11


CNAME records:

• Create alias

• A host name is the alias for a different hostname

• Ex. teknik.lnu.se -> dfm.lnu.se


Name Server (NS) record:

• Identifies the DNS server for a zone

• Ex: dfm.lnu.se-> ns1.dfm.lnu.se


SOA

• Start of Authority (SOA)

• The name server has the best information on DNS zone

• Make sure the server is responsible (authoritative) for the DNS zone

• An SOA record is required in all DNS zones

• Only one SOA record per DNS zone


MX records:

• mail Exchanger

• Identifies which server is the mail server

• Ex. [email protected] -> mail.lnu.se


SVR Records:

• Service Records

• Identifying a server that provides a network service

• Ex. _TCP._FTP.dfm.lnu.se-> Ftp01.dfm.lnu.se


PTR records:

• Pointer

• The opposite of A-mail

• Translating IP to domain name

• Ex. 194.47.172.11 -> dfm.lnu.se


Mappning av IP-adresser till namn:

• in-addr.arpa

• Reverse Zone

• 2.168.192.in-addr.arpa

IP-adresser blir mer specifika från vänster till höger: 192.168.2.3 Domännamn blir mer specifika från höger till vänster: kvarnholmen.kalmar.se

Anger vilken dator det är

Anger vilken dator det är

Create zones and records • Create a Forward Lookup Zone

– A record – The CNAME (Alias) – NS (name server) – SOA (Start of Authority)

• Create a Reverse Lookup Zone – PTR (Pointer)


Where all information is stored:

DNS-serverminnet

• authoritative information • (primary master and slave zones). • cached information. • rotnamnsserver information.

Zonedata files

\\%systemroot%\ system32\dns\*.dns

User Input (add, modify, or delete a and zone)

All Tasks->Update Server Data Files

Show Updates (Refresh or F5) The files are loaded from the hard drive

when the server starts up


”Forward lookup zone”-DNS-filen:

; Database file kalmar.se.dns for kalmar.se zone. ; Zone version: 7 @ IN SOA ns2003.kalmar.se. hostmaster.kalmar.se. ( 7 ; serial number 900 ; refresh 600 ; retry 86400 ; expire 3600 ) ; default TTL ; Zone NS records ; @ NS ns2003.kalmar.se. ; Zone records @ A 192.168.20.3 @ MX 10 mail.kalmar.se. jacob A 192.168.20.3 jakob CNAME jacob.kalmar.se. mail A 192.168.20.6 ns2003 A 192.168.20.3


”Reverse lookup zone”-DNS-filen:

; Database file 20.168.192.in-addr.arpa.dns for 20.168.192.in-addr.arpa zone. ; Zone version: 2 @ IN SOA ns2003.kalmar.se. hostmaster.kalmar.se. ( 2 ; serial number 900 ; refresh 600 ; retry 86400 ; expire 3600 ) ; default TTL ; Zone NS records @ NS ns2003.kalmar.se. ; Zone records 3 PTR ns2003.kalmar.se.


Internet root name servers:

Here are some of cache.dns file:

H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET.

13 of the root name servers are 10 in America, one in Japan and 2 in Europe, including one in Stockholm

DNSfiles • Where the information is stored • Show .dns files • When is the information saved


Resolver:

• Client side of the DNS

• Translates names questions from program to DNS queries

• Have different functionality on different operating system


nslookup

• Tool to look up information in a DNS server

• nslookup - dnsserver

• Recursive or Iterative queries

nslookup • How does the command work

– Querying DNS – Specific Record types

• Recursive Vs. iterative questions


Name servers to query:

1. Name servers that the client should use. The primary name server is the top of the list 1.

2. Add, edit and delete the name servers

2.


SRV records

• Is used to locate services on a network

• Distribute load

• Redundancy

• Today it is used only for Active Directory


• SRV records – priority

– weight

• Example – A host has 1 in priority and 1 weight

– Another host has 1 in priority and 2 weight

– Host 2 will get twice as much load as host 1

• Port

• Target (host computer)

DNS – Domain Name System If we have two FTP servers in te.hik.se domain and want to add two SRV records for them, we can do it by using the "DNS Console" tool.

1. Which service that you wish to create an SRV record

1. Which protocol to use. 2.

2. 3. The priority of the SRV record. 3.

4. The weight of the SRV record 4.

5. Which port number to be used when the service is contacted

5.

6. The domain name of the computer that hosts the service

6.


SRV records cont.:

• The two SRV records that we create might look like this:

Name Type Data _ftp Service Location [1][0][21] soder.te.hik.se _ftp Service Location [2][0][21] kvarnholmen.te.hik.se


SRV records:

If we add the following three SRV records.

_http Service Location [0][2][80] www.kalmar.se _http Service Location [0][1][80] www2.kalmar.se _http Service Location [1][1][8000] malmen.kalmar.se

Problem: Not too many browsers or FTP clients who use of SRV records to find the host computer. So why has Microsoft implemented the SRV records?

Answer:

Microsoft was looking for a way that made it possible for "Windows 2000" clients to find domain controllers and services in the domains, the SRV records perfect. The other functionality, such as locating FTP servers and HTTP servers, they got in the bargain.


Stub zone: • SOA • NS • A records for the delegated zone • The IP address of one or more master servers that can update the

stub zone Parent zone: hik.se

Stub zone: te.hik.se

Request transfer

Transfer

Child zone: te.hik.se

SOA: te.hik.se NS: soder.te.hik.se A: 10.0.0.14 MX: mailsrv.te.hik.se SRV: _ldap._tcp.te.hik.se NS: malmen.te.hik.se A: 10.0.0.15

SOA: te.hik.se NS: soder.te.hik.se A: 10.0.0.14 NS: malmen.te.hik.se A: 10.0.0.15

DHCP

DHCP – Dynamic Host Configuration Protocol

• Bootstrap Protocol (BOOTP)

• Centralized management of IP addresses

• Avoid IP address conflicts

Local network

DHCP-Server

DHCP-client

DHCP IP-address database IP-address 1 IP-address 2 IP-address 3 IP-address 4

DHCP-client

No DHCP-client

DHCP

DHCP terminology:

• Scope

• Exclusion range

• Address pool

• Lease

• Reservation

Installation

DHCP

Initialization lease process: • IP lease request - DHCP Discover • IP lease offer - DHCP Offer • IP lease selection - DHCP Request • IP lease confirmatory - DHCP Acknowledge

DHCP Discover

DHCP Request

DHCP Offer

DHCP Acknowledge

DHCP Client DHCP Server

DHCPOFFER

Source IP address = 137.107.3.24 Dest IP address = 255.255.255.255 Assigned IP address = 131.107.8.13 Client MAC Address = 00-aa-ca-36-7d-2b Subnet mask = 255.255.255.0 Server identifier = 131.107.3.24

DHCPDISCOVER

Source IP address = 0 0 0 0 Dest IP address = 255.255.255.255 MAC Address = 00-aa-ca-36-7d-2b

Configuration • Configure a scope • Add options

DHCP

• What should you consider when you create a scope: – at least one scopes per DHCP server

– several scopes per DHCP server

– Exclude static IP addresses

– Information is not replicated between DHCP servers

• After you create a scope, you can: – add additional IP address ranges to be excluded

– reserve IP addresses

– adjusting the length of the lease

– configure settings and classes to be used within your scope

DHCP

DHCP-tjänstens interaktion med DNS-tjänsten: 1. The client initiates a DHCP request message 2. The server returns a DHCP Acknowledgment 3. The client updates the A record 4. The DHCP server updates the PTR record

1. IP Lease request

2.

IP Lease acknowledgement

3. DNS dynamic update of A (host) name

4. Dynamic DNS update the PTR (pointer) name

DNS Server DHCP Server

DHCP Client

DHCP

DHCP service's interaction with DNS service with older OS: 1. The client initiates a DHCP request message 2. The server returns a DHCP Acknowledgment 3. The DHCP server updates the A record 4. The DHCP server updates the PTR record

1. IP Lease request

2.

IP Lease acknowledgement

4.

Dynamic DNS update the PTR (pointer) name

3.

Dynamic DNS update A (host) name

DNS-Server DHCP-Server

DHCP Client (Older than Windows 2000)

Namespaces

The basics • Policies:

– Naming – Longevity – Locality – Exposure

• Procedures: – Adding – Changing – Deleting.

• Centralized management

2013-11-26 © 2013 Jacob Lindehoff 53

Ref. The Practice of System and Network Administration (2007), Thomas A. Limoncelli, Christine Hogan, Strata Chalup

Namespaces

Namespaces Policies

• What names are permitted / not permitted

• How do we create names?

• Collisions?

• Renaming allowed?

2013-11-26 © 2013 Jacob Lindehoff 54


Namespaces

Namespaces Policies – Creating Names

• Formula

• Theme

• Function / purpose

• Description

• No method

2013-11-26 © 2013 Jacob Lindehoff 55


1dv416 windowsadministration i, 7.5hp module 2 dns & dhcp

Documents