Slide 1

Download Report

Transcript Slide 1 

Domain Name
System
Domain Name System
• DNS is a client/server protocol which provides
Name to IP Address Resolution.
DNS Terms And Concepts
• Domain Name Space
– Fully Qualified Domain Name (FQDN)
• DNS Server
• DNS Client (Resolver)
• Query
– Recursive
– Iterative
•
•
•
•
DNS Zone Types
DNS Record Types
DNS Forwarder
Client Configuration
DNS Name Space
• A DNS Namespace is a hierarchical tree in
which each node represents a named domain
• Each level of the domain namespace is
separated by a period
• The first level of the tree is where you’ll find
the top-level domains which form the base of
the DNS namespace.
DNS Name Space
SRV01.SALES.SOUTH.CONTOSO.COM.
6
DC01.Sales.South.Contoso.com
FQDN= DC01.Sales.South.Consoso.COM.
7
Server
• DNS Server
– A computer running the Domain Naming System
(DNS) Service
– Hosts a namespace or portion of a namespace
(Domain)
– Is “authoritative” for a namespace or Domain
– Resolves name resolution requests submitted by
DNS Clients (DNS Client=Resolver)
8
“owns” contoso.com name space
and therefore is
authoritative to that space.
9
Mail2.
Authoritative “NO”. I ‘own
this space and there is no
record
“owns” contoso.com name space
and therefore is
authoritative to that space.
10
‘owns’ microsoft.com
namespace – not
authoritative to contoso.com
therefore sends query to
another DNS server
11
Recursive Query
•
Client Side
– The DNS Client typically
issues a Recursive Query
to its configured name
server
– This says, in effect,
“don’t return until you
have an answer or have
failed to find an answer”
to the query.
•
Server Side
– When the Server receives a
Recursive Query, unless
Recursion is disabled, server
“goes to work” for the
client.
– Queries other name servers
until it resolves client’s
query, or fails to do so.
– Responds to client with
resolved address or
“failure” message.
Iterative Query
•
•
•
Asks for “Final Answer” or “Closer
Server”:
Typically used between servers
during resolution of client
requests:
– Lower-level server will issue
Iterative queries to top-level
servers
– Reduces workload on toplevel servers
Response to an Iterative Query :
– Requested address
– Authoritative “No”
– A Referral, if server
recognizes the domain name
being queried and knows a
server address for that
domain.
DNS Zone Terminology
• Zone
– A collection of name/address mappings for hosts within a
contiguous portion of the DNS namespace
• Zone Data is maintained on a DNS Server:
– Flat “zone file” containing lists of mappings
– Stored in Active Directory database
• A server is “authoritative” for a zone if it can resolve
names and addresses requested by clients
– In most cases a zone corresponds to a domain,
subdomain, or contiguous series of domains and
subdomains
DNS Zone Types
• Forward Lookup Zone
– Resolves Names to IP Address
•
•
•
•
A (Host) Record
SRV
CNAME
Etc.
• Reverse Lookup Zone
– Resolves IP Addresses to Host
Names
• PTR (Pointer) Records
15
The Root or “dot” (.) Zone
This DNS server that is authoritative
for the Root Zone “owns” the entire
namespace.
It is the “top” of the hierarchy and
does not refer to or forward queries
to any other server.
This would be a zone defined within
a root hint DNS server in the toplevel domains
16
Record Types
Record Types:
– A (Host)
– PTR (Pointer)
– NS (NameServer)
– SOA (Start of Authority)
– SRV (Service Record)
– CNAME (Alias)
– MX (Mail Exchanger)
– Etc.
Record Types Defined
• A (Host)
– Primary entry for any computer or device on the network
– Resolves host name to IP address
• PTR (Pointer)
– Reverse lookup entry, resolves IP Address to host name
• NS (Name Server)
– Identifies a named host as a DNS Server for a zone
• SOA (Start of Authority)
– Identifies primary DNS name server with “authority” to resolve
names for a given zone
Additional Record Types Defined
• SRV (Service Record)
– Indicates availability of a given service on a given host
– Example:
• Windows® Domain Controllers register SRV Records which are used
to direct client logon requests…
• CNAME (Alias)
– Typically relates a well known “common name” to a
specific host name.
– Example:
• “WWW” is commonly registered as a CNAME record for Web
servers
• MX (Mail Exchanger)
– Identifies E-Mail Servers
– Example: MS Exchange registers an MX record
DNS Forwarder
•
•
DNS Servers can be configured to
forward queries to designated
“Forwarders”
Forwarders
– Handle all non-local queries
– Enabling forwarders allocates
burden of resolving unknown
names to designated server(s)
DNS Client Configuration

Client Configuration is Critical




Server Addresses
DNS Suffix Configuration
Dynamic updates
Windows clients rely on DNS Name Resolution to
perform key functions:



21
Locate/Connect to DCs for authentication
Locate/Connect to Servers
Locate/Connect to WebServers
Client Configuration – DNS Server Addresses

Server Addresses




22
Preferred DNS Server Address
Alternate DNS Server Address(es)
Sends query to Preferred DNS server
Alternate DNS Server used ONLY if Preferred is not available.
Preferred DNS Server Configuration
The Preferred
DNS Server is
the one the
client tries
first…
If Preferred
Server is not
available, the
client tries the
Alternate DNS
Server (if so
configured)…
23
Alternate DNS Server Configuration
Optionally, you
can enter a
whole list of
Alternate DNS
Servers
24
The Preferred
and Alternate
Servers
specified on
the previous
Properties
page
automatically
appear at the
top of this list,
and Preferred
and Alternates
are queried in
order listed…
Name Query Resolution

When a host name is submitted to DNS:



25
Resolver first checks the cache (if caching enabled)
If the name is in the cache, the data is returned to the user
If name is not in cache, resolver queries DNS servers listed
in the TCP/IP properties.
Client Configuration - DNS Suffixes
If the query cannot be resolved as is, then suffixes are
systematically appended to the name in the query
Primary DNS Suffix
Connection-specific DNS Suffix
Domain Suffix Search List
Client
is configured to use either
Primary and Connection Specific
or
Suffix Search List
26
Configuring Domain Suffixes
Primary DNS Suffix
System Properties > Computer Name >Change > More
27
Configuring Domain Suffixes
Suffix Selection
Option
Domain Suffix
Search List
Client uses either
Primary and
Connectionspecific or Suffix
Search List, not
both!
28
Connection-specific
Suffix
Nitpicking DNS Naming
Terminology
• Fully Qualified Domain Name
– Srv1.Sales.Contoso.Com.
– Terminating period makes it Fully Qualified!
• Unqualified Multi-label Name
– Srv1.Sales.Contoso.Com
– No Period!
• Single-label Unqualified Name
– Srv1
– No domain suffix!
– No info to “qualify” name or indicate where in the namespace to look
for this host
29
How Suffixes are Applied

If client submits FQDN (including period)


If client submits multi-label unqualified name (no period)


Resolver uses FQDN Submitted
Resolver adds terminating period and uses that name
If multi-label name submitted with period fails to resolve,
or if client submits single-label unqualified name (no
suffix)

30
Resolver appends specified Suffixes, adds period, and keeps
trying! The suffixes it appends depends on how the DNS Suffix
property is configured
Example: Primary & Connectionspecific setting
• Resolver appends Primary and Connection-specific suffixes
– Resolver appends Primary Domain Name from System Properties >
Computer Name > Change > more
– Resolver “devolves” domain name from left to right
– Tries Parent of specified domain
– If that fails, tries “Parent of Parent”
31