zone properties. zone properties continued aging allows zone to remove “stale” or “old”...
TRANSCRIPT
Zone Properties Continued
• Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period of time
• Aging and Scavenging must be set on both zone and server to work
Recap
• SOA contains information about the zone–Refresh Interval – zone transfer frequency– Expires After – how long without a zone
transfer–Aging and Scavenging • Old or Stale Records• Set on server and zone
Single-Label Names
• The host name is a single-label name– Example: “ping client2” – “client2” is a
single-label name because it is not an FQDN
Single-Label Names Continued
• The computer first tries to resolve the name by appending “Primary DNS Suffix” –Name of domain to which it belongs
Single-Label Names Continued• Client then tries “DNS Devolution”–Allows client to try all DNS domains above it
in the DNS “tree”– Example: client in sales.west.Company.com
attempts to contact “client2:”• client2.sales.west.Company.com• client2.west.Company.com• client2.Company.com
Tips
• Support for NetBIOS/single-label names:– In your own domain: a GlobalNames zone.– In other domains: “DNS Suffix Search List”
in Group Policy.• DNS Devolution can be disabled using
Group Policy.
GlobalNames Zones Continued
• To implement a GlobalNames zone:1. Create a new zone named GlobalNames2. Run dnscmd /enableGlobalNamesSupport 1
command3. Create records for NetBIOS clients
DNS Suffix Search List
• The DNS Suffix Search List:–Used to provide a list of DNS suffixes to be
tried with single-label names– Example: Computer that attempts to
contact “client2” might need to try:• client2.Company.com• client2.partner.com• client2.vendor.com
Recap
• Support for NetBIOS/single-label names:– In your own domain: a GlobalNames zone• Create a GlobalNames zone and run dnscmd
– In other domains: “DNS Suffix Search List” in Group Policy.
DNS Server Properties Continued
• “Enable round robin” is used when there are duplicate records for a host
• The DNS server will cycle though the records as queries come in from clients
DNS Server Properties Continued
• “Enable netmask ordering” is used when there are duplicate records for a host
• The DNS server will provide the record that best matches the client’s IP address
Duplicate Records
• If a server has two records for the same host, Netmask Ordering and Round Robin can both be used
• If both are enabled, Netmask Ordering takes precedence
Duplicate Records Continued
• If the client’s IP address is Class A, Netmask Ordering will return the 10.10.10.50 record.
• If the client’s IP address is Class C, Netmask Ordering will return the 192.168.1.50 record.
• Round Robin will alternate between the records as client requests are processed.
Recap
• Extra logging, enable Debug Logging• Duplicate records:–Netmask Ordering–Round Robin
• Unix DNS = enable BIND Secondaries
DNS Records
• “A” records map an FQDN to an IPv4 address.
• “AAAA” records map an FQDN to an IPv6 address.
DNS Records Continued
• “CNAME” records provide alias’s for servers.
• Commonly used for servers that host multiple web sites.
DNS Records Continued• “MX” records
identify email servers.
• The lower the priority the more preferred the email server.
DNS Records Continued• “SRV” records
identify services on the network.
• The default priority is 0.
• If there are multiple records, preference is given to the server with the lower priority.
DNS Records Continued
• “NS” records identify authoritative DNS servers for the zone.
• “SOA” (Start of Authority) records are the first record in any zone and contain settings for the zone.
DNS Records Continued
• Active Directory records are kept in an “_msdcs.domain” zone.– For example, “_msdcs.Company.com.”
Recap
• A – Name to IPv4• AAAA – Name to IPv6• PTR – IPv4 or IPv6 to Name• CNAME – Alias• MX – Email, priority – lower gets more traffic• SRV – Services• NS – DNS servers
DNSCMD SwitchesCommand Description
/ageallrecordsSets the current time on all time stamps in a zone or node.
/clearcache Clears the DNS server cache.
/createbuiltindirectorypartitionsCreates the built-in DNS application directory partitions.
/createdirectorypartition Creates a DNS application directory partition.
DNSCMD SwitchesCommand Description
/deletedirectorypartition Deletes a DNS application directory partition.
/directorypartitioninfo Lists information about a DNS application directory partition.
/enlistdirectorypartitionAdds a DNS server to the replication set of a DNS application directory partition.
/recordadd Adds a resource record to a zone.
/recorddelete Removes a resource record from a zone.
DNSCMD Switches ContinuedCommand Description
/zonechangedirectorypartitionChanges the directory partition on which a zone resides. Used to change the replication scope for an ADI zone.
/zonedelete Deletes a zone from the DNS server.
/zoneexport Writes the resource records of a zone to a text file for auditing purposes.
/zoneaddCreates a new zone on the DNS server:/primary = Standard Primary/Secondary = Standard Secondary/dsprimary = ADI
DNSCMD Switches ContinuedCommand Description
/zonerefreshForces a refresh of the secondary zone from the master zone.
/zoneresettype Changes the zone type.
/zoneupdatefromdsUpdates an Active Directory–integrated zone with data from Active Directory Domain Services (AD DS).
DNSCMD Switches ContinuedCommand Description
/resetlistenaddresses
Can be used to limit DNS servers to responding to DNS queries only on particular addresses. Example, only IPv6 clients.
/startscavenging Initiates server scavenging.
DNSCMD Switches Exampled
• To set the replication scope on an ADI zone to all DNS servers in the forest:
Dnscmd server /zonechangedirectorypartition zonename /forest