Introduction to DNS in Windows Server 2003
This page begins with the basic concepts of DNS and moves on to troubleshooting. The golden rule when dealing with DNS is this, remember that the name of the DNS game is name resolution. By that I mean we humans like friendly names like cisco.com, whereas computer like dotty dot number like 10.1.13.20. What DNS does is to keep a mapping of the two parts:
IP Address = 10.1.13.20 – Resource = BigServer.cisco.com
One trait I noticed with DNS is that many of its features come in pairs, this symmetry will help you to remember and to understand how DNS operates.
Topics for DNS
- Registration and Query
- Recursive and Iterative Queries
- Forward and Reverse lookup
- Two troubleshooting utilities – Ipconfig and NSLookup
- Free IP Address Tracker
Whether you are configuring or whether you are troubleshooting there are two aspects of DNS to consider:
a) Registration –> sending information to the DNS server database.
b) Query <– retrieving IP addresses from the DNS hierarchical system.
The best way to register clients is through DHCP. The DHCP server gives out not only the client’s IP address, but also the address of the DNS servers.
The good news is that DNS is now dynamic (DDNS). This means that if a client changes it’s IP address, then either the client updates DNS directly, or DHCP will act on the clients behalf and send a message to update the (A) Host record in DNS.
From the client’s point of view, when it needs to know the IP address of a resource, it contacts the DNS server(s) named in the TCP/IP property sheet. Best practice is to give out this DNS server IP through DHCP. What you need to configure in DHCP is Option Type 006 – DNS.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
Recursive queries are the default method. A recursive query means that the DNS server takes full responsibility for finding the IP address that the client wants. Take as an example, a client wants to query google.com. It is unlikely that the server is authoritative, or has a Host record for Google.com. So, the DNS server contacts the root server for the IP address of .com servers; it then contacts those .com servers and asks for the IP address of google.com. Finally the DNS server sends the information to the client.
Woops! I left out the very first step. The root of the DNS system is a dot (period) "." In Server 2003, the icon representing the DNS server has a ‘Root Hints’ tab. Here you find the IP addresses of all the top level domains. It is because DNS is hierarchical, that it scales so well, and is superior to WINS which only offers a limited, flat-field system.
"." (Root of DNS)
.com .org .net .edu .mil .gov .co.uk
Iterative means the server returns the best answer it can. In the above example the DNS server would say to the client. ‘I do not know where google.com is, here is the IP address of the root servers, you go and query them.’
A forward query is where you know the hostname, but your operating system needs the IP address to locate the resource. The best way to create your Active Directory forward lookup zone is for DCPROMO to create it when the member server is promoted. Example "DNS, please tell me the IP address of LogonServer". Response from DNS, LogonServer 10.209.12.20.
I always think of reverse lookup as a hackers tool, where they know the IP address but want to know the hostname. A classic situation would be that you can ping an IP address, and want to know what the hostname of that address.
Ping – 10.209.12.20.
NSLookup – 10.209.12.20 Reply from DNS LogonServer 10.209.12.20.
In fact there are many legitimate reasons for using reverse lookups, authenticating mail servers and troubleshooting with NSLookup to name two. Windows Server 2003 is very friendly in helping you create the reverse zone (technically called in-addra.arpa). Where it is less friendly is that you have to create the PTR or pointer records yourself. However if you are organized and create the reverse lookup zone before you populate the forward lookup zone, then you can check a box saying – "Update Associated Pointer (PTR) Record"
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers.
Again we have a pair of utilities. IPCONFIG and NSLookup are your key DNS commands. Both are available at the command prompt on Windows 2003, XP and even NT 4.0 machines.
IPCONFIG has two new switches /registerdns and /flushdns. If you need to add a record to DNS, then IPCONFIG / registerdns will save you a reboot. Perhaps a connection is failing because of stale, invalid, cached IP address, IPCONFIG / flushdns will clear the cache and you can make that connection.
There is also another pair of switches, /release and /renew for use when refreshing DHCP leases. Also remember IPCONFIG /all to check on DNS and DHCP server settings. See more about ipconfig in PowerShell 3
NSLookup comes in two modes
a) Non-interactive where you just want a quick lookup of a server name, example: NSLookup 10.209.12.20
b) Interactive mode which is more difficult to master. Here you type:
My best advice when you reach the prompt is to type: help.
Example ls -t NS topbanana.com
This would list all records of type Name Servers in the topbanana.com domain.
If you experiment with NSLookup and nothing happens, then remember that you need a Reverse Lookup Zone with (PTR) pointer records. Once you create those PTR records, NSLookup will return that server name.
I use NSLookup when I am troubleshooting from a client machine and I wish to list the DNS records. It saves a long walk to the DNS server and gets around having to install the AdminPak just to view the DNS records.
Kiwi CatTools is a free program for backing up configuration settings on hardware devices. Here is Guy’s challenge. If you download CatTools, then it will not only take care of backups, but also it will show you something new about the hardware on you network. I could give you a money back guarantee – but CatTools is already free! Thus, I just make a techie to techie challenge, you will learn more about your network if you:
Migration from NT 4.0 is a separate topic from pure installation. In brief there are two main strategies, upgrade the PDC in an existing domain or start with a new domain and import the users from NT 4.0 using a bulk import program like CSVDE.