DNS (Domain Name Service) Administration

  Microsoft Windows Server 2016

Main Menu

Domain Name System

22: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6474966?start=0

What-is-DNS

Domain Name System

  • Internet’s Phonebook
  • Associates hosts with IP addresses
    • facebook.com = 31.13.69.228

Windows DNS

  • Tools > DNS
  • R-Click the server > All tasks
    • start
    • stop
  • Forward Lookup Zones
  • Reverse Lookup Zones
  • Trust Points
    • All DNS servers to validate DNS data from other DNS servers
  • Conditional Forwarders
    • Allow a DNS server to forward a specific DNS query to
      • another DNS server
      • several other DNS servers

The Host File

23: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6475302?start=0

C:\Windows\System32\drivers\etc\hosts

  • To edit, you must open your text editor with administrative rights.
    • Start button > R-Click Notepad > Run as administrator
    • Drag the file into the editor (I didn’t know you could do this….)
  • This file is commonly manipulated by hackers to redirect a browser to fake copies of known sites, such as facebook.com

 

DNS Zones

24: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6474970?start=0

  • Contains DNS Resource Records
    • Records mapping Host names to IP addresses
  • 2 Types of records
    • Forward lookup Zones
      • Host name to IP address
    • Reverse Lookup Zones
      • IP address to Host name

Primary DNS Zones

  • Primary source of resource record information
  • If not AD integrated, file stored at %windir%\system32\dns
  • May be stored in AD if DNS server is also a writeable Domain Controller
    • This is good because it will then be replicated using AD replication
  • Commonly used due to security and ease of use.
  • These are the only zones that can be directly edited.

Purpose

  • Allow DNS clients to resolve host name IP addresses

Secondary DNS Zones

  • Replica of a primary DNS zone stored on a remote DNS server
  • Required network connectivity of remote DNS server
  • Is read-only.  Change requests are passed onto primary DNS server
  • Are NOT saved in Active Directory

Purpose

  • Redundancy
  • Failover

Stub DNS Zones

  • Read-only zone
  • Information obtained from remote DNS server
  • Only contains information about authoritative name servers
  • No resource records for host names
  • Can be saved in Active Directory

Purpose

  • Less resource intensive version of a secondary zone.

 

Creating a DNS Zone

25: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6602196?start=0

Forward Lookup Zone

  • Server Manager > Tools > DNS
  • R-click Forward Lookup Zones > New Zone > New Zone Wizard
  • Zone Type
    • Primary, Secondary or Stub
    • Store in AD?
      • If YES, a new window asking how to replicate
        • To all DNS servers running on domain controllers in this Forest
          • Broadest replication
        • To all DNS servers running on domain controllers in this Domain
          • Default
        • To all domain controllers in this domain
          • Just for Windows 2000 domain controllers (must be obsolete)
        • To all domain controllers specified in the scope of this directory partition
          • Needs to be configured before this option becomes available.
  • Zone Name
    • A FQDN (MyOtherDomain.com)
    • A sub domain (the current domain is appended automatically)
  • Dynamic Update
    • Allow only secure dynamic updates (recommended for Active Directory)
      • Default
      • Strongly advised unless there is a real need to do otherwise.
    • Allow both secure and non-secure dynamic updates
      • Allows updates from anywhere
      • Security Risk!  Untrusted sources can post updates!  BAD!
    • Do not allow dynamic updates
      • All records must be updated manually.
      • Typical in the non-windows world to my knowledge.
      • Only option available if NOT integrated with Active Directory

Reverse Lookup Zone

Almost the same as a forward, but subtle differences

  • Server Manager > Tools > DNS
  • R-click Reverse Lookup Zones > New Zone > New Zone Wizard
  • Zone type, replication type – all the same as above
  • Reverse Lookup Zone Name
    • IPv4 or IPv6
  • Identify via
    • Network ID
      • First 3 octets of the subnet
        • Defines a subnet????
      • Auto populates Reverse Lookup Zone Name below
      • Example: 10.0.2
    • Reverse Lookup Zone Name
      • Example: 2.0.10.in-addr.arpa
  • Dynamic Updates
    • Same as above

Resource Record Types

26: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6474972?start=0

Resource Records

  • Provide DNS based data about computers on a network
    • Like a host name and its associated IP address
  • SOA – Start of Authority
    • Every zone contains an SOA record
    • Contains information about the DNS server that provides the data for this zone (Master record?)
  • NS – Name Server
    • Every zone has an NS record
    • Indicates the zone authoritative DNS server
  • A – Address
    • Maps a FQDN to an IP address
    • mysub.mydomain.com > 10.0.2.10
  • PTR – Pointer
    • Opposite of an A record
    • 10.0.2.10 > mysub.mydomain.com
  • CNAME – Canonical Name
    • Creates and ‘alias’ for a FQDN
    • anothersub.mydomain.com > mysub.mydomain.com
  • MX – Mail Exchange
    • List mail servers for the domain
    • Not listed, but Lower Priority values get HIGHER priority
      • Priority 0 = Highest priority
  • SRV – Service Record
    • Specifies servers for a particular service
      • Add a PORT (?)
        • No example 🙁
      • _service._proto.name. TTL class SRV priority weight port target.
        • _sip._tcp.mysip.mydomain.com. 14400 IN SRV 0 5 5060 sipserver.mydomain.com.

Creating DNS Resource Records

27: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/6474968?start=0

  • DNS > Server > Forward > Rclick zone name > Select record type
    • Selecting “Other new records” allows you to pick from a drop down list.
  • Pretty straight forward from here.
    • For CNAMEs, you can ‘browse’ your local DNS for previously created records.
    • ALIAS records are NOT true alias records.  You cannot assign a ‘root’ domain “domain.com” to a CNAME.
      • Lame
  • Reverse records create the rDNS
    • DNS > Server > Reverse Lookup > zone
      • Add the IP & a FQDN.
  • Use NSLOOKUP to test the values
    • DNS > Rclick server > Launch nslookup
      • Very similar to dig
      • From cmd:
        • nslookup domain.name
        • nslookup ip.add.re.ss

 

 

LEAVE A COMMENT