This page begins with the basic concepts of DNS and moves on to
troubleshooting. The golden rule when dealing with DNS is this,
remember that the name of the DNS game is name resolution. By that I
mean we humans like friendly names like cisco.com, whereas computer like
dotty dot number like 10.1.13.20. What DNS does is to keep a mapping
of the two parts:
IP Address = 10.1.13.20 - Resource =
BigServer.cisco.com
One trait I noticed with DNS is that many of its
features come in pairs, this symmetry will help you to remember and to understand how
DNS operates.
Whether you are configuring or whether you are troubleshooting there are two aspects
of DNS to
consider: a)
Registration --> sending information to the DNS server database. b) Query <--
retrieving IP addresses from the DNS hierarchical system.
Registration
The best way to register clients is through DHCP. The DHCP server gives
out not only the client's IP address, but also the address of the DNS servers.
The good news is that DNS is now dynamic (DDNS). This means that if a client
changes it's IP address, then either the client updates DNS directly, or DHCP
will act on the clients behalf and send a message to update the (A) Host
record in DNS.
Query
From the client's point of view, when it needs to know the IP address of a resource, it contacts the DNS server(s)
named in the TCP/IP property
sheet. Best practice is to give out this DNS server IP through DHCP.
What you need to configure in DHCP is Option Type 006 - DNS.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of Solarwinds' offer.
Recursive queries are the default method. A recursive query means that the DNS server takes full responsibility for
finding the IP address that the client wants. Take as an
example, a client wants to query google.com. It is unlikely that the server is
authoritative, or has a Host record for Google.com. So, the DNS server
contacts the root server for the IP address of .com servers; it then contacts
those .com servers and asks for the IP address of google.com. Finally the
DNS server sends the information to the client.
Woops! I left out the very first step. The root of the DNS system is a dot (period) "." In Server 2003,
the icon representing the DNS server has a 'Root Hints' tab. Here you find the IP addresses of all the top level domains. It is because DNS is
hierarchical, that it scales so well, and is superior to WINS which only offers
a limited, flat-field system.
"." (Root of DNS)
.com .org .net .edu .mil .gov
.co.uk
Iterative
Iterative means the server
returns the best answer it can. In the above example the DNS server would
say to the client. 'I do not know where google.com is, here is the IP
address of the root servers, you go and query them.'
A forward query is where you know the hostname, but your operating system
needs the IP address to locate the resource. The best way to create your
Active Directory forward lookup zone is for DCPROMO to create it when the member
server is promoted. Example "DNS, please tell me the IP address of
LogonServer". Response from DNS, LogonServer 10.209.12.20.
Reverse Lookup
I always think of reverse lookup as a hackers tool, where they know the IP
address but want to know the hostname. A classic situation would be that
you can ping an IP address, and want to know what the hostname of that address.
Ping - 10.209.12.20.
NSLookup - 10.209.12.20 Reply from
DNS LogonServer 10.209.12.20.
In fact there are many legitimate
reasons for using reverse lookups, authenticating mail servers and
troubleshooting with NSLookup to name two. Windows Server 2003 is very
friendly in helping you create the reverse zone (technically called in-addra.arpa).
Where it is less friendly is that you have to create the PTR or pointer records
yourself. However if you are organized and create the reverse lookup zone
before you populate the forward lookup zone, then you can check a box saying -
"Update Associated Pointer (PTR) Record"
Calculating IP Address ranges is a black art, which many network managers
solve by creating custom Excel spreadsheets. IPAT cracks this problem of
allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network
address and the subnet mask, then IPAT works out the usable addresses and their
ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing
computers.
Again we have a pair of utilities. IPCONFIG and NSLookup are your key
DNS commands.
Both are available at the command prompt on Windows 2003, XP and even NT 4.0
machines.
IPCONFIG
IPCONFIG has two new switches /registerdns and /flushdns. If you need to add a record to DNS, then IPCONFIG / registerdns will save you a
reboot. Perhaps a connection is failing because of stale, invalid,
cached IP address, IPCONFIG / flushdns will clear the cache and you can make
that connection.
There is also another pair of switches, /release and /renew for use when
refreshing DHCP leases. Also remember IPCONFIG /all to check on DNS and DHCP server
settings.
NSLookup comes in two modes
a) Non-interactive where you
just want a quick lookup of a server name, example: NSLookup 10.209.12.20
b) Interactive mode which is more difficult to master. Here you
type:
NSLookup
>
My best advice when you reach the prompt is to type: help.
Example ls -t NS topbanana.com
This would list all records of type Name Servers in the topbanana.com domain.
If you experiment with NSLookup and nothing happens, then remember that you
need a Reverse Lookup Zone with (PTR) pointer records. Once you create
those PTR records, NSLookup will return that server name.
I use NSLookup when I am troubleshooting from a
client machine and I wish to list the DNS records. It saves a long walk to
the DNS server and gets around having to install the AdminPak just to view the
DNS records.
Guy's Challenge - Download
this free device backup utility
(CatTools)
CatTools is a free program for backing up configuration settings on
hardware devices. Here is Guy's challenge. If you
download CatTools, then it will not only take care of backups, but
also it will show you something new about the hardware on you
network. I could give you a money back guarantee - but CatTools is
already free! Thus, I just make a techie to techie challenge, you
will learn more about your network if you:
The extra features you get in your eBook
include: lots of examples on 'How to ...'. New pages
with deployment recommendations. Detailed instructions and screen shots showing the menus to
configure.
Go for offline convenience
and get a printable version with copy enabled and no expiry date.
Released October 2003. Check out the features.
See Also
Migration from NT 4.0 is a separate topic from pure installation. In brief there are two main
strategies, upgrade the PDC in an existing domain or start with a new
domain and import the users from NT 4.0 using a bulk import program like CSVDE.
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
The extra features you get in your eBook
include: lots of examples on 'How to ...'. New pages
with deployment recommendations. Detailed instructions and screen shots showing the menus to
configure.
