{"id":1379,"date":"2018-04-27T10:47:44","date_gmt":"2018-04-27T10:47:44","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=1379"},"modified":"2018-05-05T18:51:54","modified_gmt":"2018-05-05T18:51:54","slug":"dns-domain-name-service-administration","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=1379","title":{"rendered":"DNS (Domain Name Service) Administration"},"content":{"rendered":"<p><a href=\"http:\/\/wiki.thomasandsofia.com\/2018\/04\/18\/microsoft-windows-server-2016\/\">Main Menu<\/a><\/p>\n<h1>Domain Name System<\/h1>\n<p>22: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474966?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474966?start=0<\/a><\/p>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/04\/What-is-DNS.pdf\" target=\"_blank\" rel=\"noopener\">What-is-DNS<\/a><\/p>\n<p>Domain Name System<\/p>\n<ul>\n<li>Internet&#8217;s Phonebook<\/li>\n<li>Associates hosts with IP addresses\n<ul>\n<li>facebook.com = 31.13.69.228<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Windows DNS<\/p>\n<ul>\n<li>Tools &gt; DNS<\/li>\n<li>R-Click the server &gt; All tasks\n<ul>\n<li>start<\/li>\n<li>stop<\/li>\n<\/ul>\n<\/li>\n<li>Forward Lookup Zones<\/li>\n<li>Reverse Lookup Zones<\/li>\n<li>Trust Points\n<ul>\n<li>All DNS servers to validate DNS data from other DNS servers<\/li>\n<\/ul>\n<\/li>\n<li>Conditional Forwarders\n<ul>\n<li>Allow a DNS server to forward a specific DNS query to\n<ul>\n<li>another DNS server<\/li>\n<li>several other DNS servers<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>The Host File<\/h1>\n<p>23: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6475302?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6475302?start=0<\/a><\/p>\n<h2>C:\\Windows\\System32\\drivers\\etc\\hosts<\/h2>\n<ul>\n<li>To edit, you must open your text editor with administrative rights.\n<ul>\n<li>Start button &gt; R-Click Notepad &gt; Run as administrator<\/li>\n<li>Drag the file into the editor (I didn&#8217;t know you could do this&#8230;.)<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ff0000;\"><strong>This file is commonly manipulated by hackers to redirect a browser to fake copies of known sites, such as facebook.com<\/strong><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>DNS Zones<\/h1>\n<p>24: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474970?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474970?start=0<\/a><\/p>\n<ul>\n<li>Contains DNS Resource Records\n<ul>\n<li>Records mapping Host names to IP addresses<\/li>\n<\/ul>\n<\/li>\n<li>2 Types of records\n<ul>\n<li>Forward lookup Zones\n<ul>\n<li>Host name to IP address<\/li>\n<\/ul>\n<\/li>\n<li>Reverse Lookup Zones\n<ul>\n<li>IP address to Host name<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Primary DNS Zones<\/h2>\n<ul>\n<li>Primary source of resource record information<\/li>\n<li>If not AD integrated, file stored at %windir%\\system32\\dns<\/li>\n<li>May be stored in AD if DNS server is also a writeable Domain Controller\n<ul>\n<li>This is good because it will then be replicated using AD replication<\/li>\n<\/ul>\n<\/li>\n<li>Commonly used due to security and ease of use.<\/li>\n<li>These are the only zones that can be directly edited.<\/li>\n<\/ul>\n<h3>Purpose<\/h3>\n<ul>\n<li>Allow DNS clients to resolve host name IP addresses<\/li>\n<\/ul>\n<h2>Secondary DNS Zones<\/h2>\n<ul>\n<li>Replica of a primary DNS zone stored on a remote DNS server<\/li>\n<li>Required network connectivity of remote DNS server<\/li>\n<li>Is read-only.\u00a0 Change requests are passed onto primary DNS server<\/li>\n<li>Are NOT saved in Active Directory<\/li>\n<\/ul>\n<h3>Purpose<\/h3>\n<ul>\n<li>Redundancy<\/li>\n<li>Failover<\/li>\n<\/ul>\n<h2>Stub DNS Zones<\/h2>\n<ul>\n<li>Read-only zone<\/li>\n<li>Information obtained from remote DNS server<\/li>\n<li>Only contains information about authoritative name servers<\/li>\n<li>No resource records for host names<\/li>\n<li>Can be saved in Active Directory<\/li>\n<\/ul>\n<h3>Purpose<\/h3>\n<ul>\n<li>Less resource intensive version of a secondary zone.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>Creating a DNS Zone<\/h1>\n<p>25: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6602196?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6602196?start=0<\/a><\/p>\n<h2>Forward Lookup Zone<\/h2>\n<ul>\n<li>Server Manager &gt; Tools &gt; DNS<\/li>\n<li>R-click Forward Lookup Zones &gt; New Zone &gt; New Zone Wizard<\/li>\n<li>Zone Type\n<ul>\n<li>Primary, Secondary or Stub<\/li>\n<li>Store in AD?\n<ul>\n<li>If YES, a new window asking how to replicate\n<ul>\n<li>To all DNS servers running on domain controllers in this Forest\n<ul>\n<li>Broadest replication<\/li>\n<\/ul>\n<\/li>\n<li>To all DNS servers running on domain controllers in this Domain\n<ul>\n<li>Default<\/li>\n<\/ul>\n<\/li>\n<li>To all domain controllers in this domain\n<ul>\n<li>Just for Windows 2000 domain controllers (must be obsolete)<\/li>\n<\/ul>\n<\/li>\n<li>To all domain controllers specified in the scope of this directory partition\n<ul>\n<li>Needs to be configured before this option becomes available.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Zone Name\n<ul>\n<li>A FQDN (MyOtherDomain.com)<\/li>\n<li>A sub domain (the current domain is appended automatically)<\/li>\n<\/ul>\n<\/li>\n<li>Dynamic Update\n<ul>\n<li>Allow only secure dynamic updates (recommended for Active Directory)\n<ul>\n<li>Default<\/li>\n<li>Strongly advised unless there is a real need to do otherwise.<\/li>\n<\/ul>\n<\/li>\n<li>Allow both secure and non-secure dynamic updates\n<ul>\n<li>Allows updates from anywhere<\/li>\n<li>Security Risk!\u00a0 Untrusted sources can post updates!\u00a0 BAD!<\/li>\n<\/ul>\n<\/li>\n<li>Do not allow dynamic updates\n<ul>\n<li>All records must be updated manually.<\/li>\n<li>Typical in the non-windows world to my knowledge.<\/li>\n<li>Only option available if NOT integrated with Active Directory<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Reverse Lookup Zone<\/h2>\n<p>Almost the same as a forward, but subtle differences<\/p>\n<ul>\n<li>Server Manager &gt; Tools &gt; DNS<\/li>\n<li>R-click Reverse Lookup Zones &gt; New Zone &gt; New Zone Wizard<\/li>\n<li>Zone type, replication type &#8211; all the same as above<\/li>\n<li>Reverse Lookup Zone Name\n<ul>\n<li>IPv4 or IPv6<\/li>\n<\/ul>\n<\/li>\n<li>Identify via\n<ul>\n<li>Network ID\n<ul>\n<li>First 3 octets of the subnet\n<ul>\n<li>Defines a subnet????<\/li>\n<\/ul>\n<\/li>\n<li>Auto populates Reverse Lookup Zone Name below<\/li>\n<li>Example: 10.0.2<\/li>\n<\/ul>\n<\/li>\n<li>Reverse Lookup Zone Name\n<ul>\n<li>Example: 2.0.10.in-addr.arpa<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Dynamic Updates\n<ul>\n<li>Same as above<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Resource Record Types<\/h1>\n<p>26: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474972?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474972?start=0<\/a><\/p>\n<h2>Resource Records<\/h2>\n<ul>\n<li>Provide DNS based data about computers on a network\n<ul>\n<li>Like a host name and its associated IP address<\/li>\n<\/ul>\n<\/li>\n<li>SOA &#8211; Start of Authority\n<ul>\n<li>Every zone contains an SOA record<\/li>\n<li>Contains information about the DNS server that provides the data for this zone (Master record?)<\/li>\n<\/ul>\n<\/li>\n<li>NS &#8211; Name Server\n<ul>\n<li>Every zone has an NS record<\/li>\n<li>Indicates the zone authoritative DNS server<\/li>\n<\/ul>\n<\/li>\n<li>A &#8211; Address\n<ul>\n<li>Maps a FQDN to an IP address<\/li>\n<li>mysub.mydomain.com &gt; 10.0.2.10<\/li>\n<\/ul>\n<\/li>\n<li>PTR &#8211; Pointer\n<ul>\n<li>Opposite of an A record<\/li>\n<li>10.0.2.10 &gt; mysub.mydomain.com<\/li>\n<\/ul>\n<\/li>\n<li>CNAME &#8211; Canonical Name\n<ul>\n<li>Creates and &#8216;alias&#8217; for a FQDN<\/li>\n<li>anothersub.mydomain.com &gt; mysub.mydomain.com<\/li>\n<\/ul>\n<\/li>\n<li>MX &#8211; Mail Exchange\n<ul>\n<li>List mail servers for the domain<\/li>\n<li>Not listed, but Lower Priority values get HIGHER priority\n<ul>\n<li>Priority 0 = Highest priority<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>SRV &#8211; Service Record\n<ul>\n<li>Specifies servers for a particular service\n<ul>\n<li>Add a PORT (?)\n<ul>\n<li>No example \ud83d\ude41<\/li>\n<\/ul>\n<\/li>\n<li>_service._proto.name. TTL class SRV priority weight port target.\n<ul>\n<li>_sip._tcp.mysip.mydomain.com. 14400 IN SRV 0 5 5060 sipserver.mydomain.com.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Creating DNS Resource Records<\/h1>\n<p>27: <a href=\"https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474968?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474968?start=0<\/a><\/p>\n<ul>\n<li>DNS &gt; Server &gt; Forward &gt; Rclick zone name &gt; Select record type\n<ul>\n<li>Selecting &#8220;Other new records&#8221; allows you to pick from a drop down list.<\/li>\n<\/ul>\n<\/li>\n<li>Pretty straight forward from here.\n<ul>\n<li>For CNAMEs, you can &#8216;browse&#8217; your local DNS for previously created records.<\/li>\n<li>ALIAS records are NOT true alias records.\u00a0 You cannot assign a &#8216;root&#8217; domain &#8220;domain.com&#8221; to a CNAME.\n<ul>\n<li>Lame<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Reverse records create the rDNS\n<ul>\n<li>DNS &gt; Server &gt; Reverse Lookup &gt; zone\n<ul>\n<li>Add the IP &amp; a FQDN.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Use NSLOOKUP to test the values\n<ul>\n<li>DNS &gt; Rclick server &gt; Launch nslookup\n<ul>\n<li>Very similar to dig<\/li>\n<li>From cmd:\n<ul>\n<li>nslookup domain.name<\/li>\n<li>nslookup ip.add.re.ss<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Main Menu Domain Name System 22: https:\/\/www.udemy.com\/windows-server-2016\/learn\/v4\/t\/lecture\/6474966?start=0 What-is-DNS Domain Name System Internet&#8217;s Phonebook Associates hosts with IP addresses facebook.com = 31.13.69.228 Windows DNS Tools &gt; DNS R-Click the server &gt; All tasks start stop Forward Lookup Zones Reverse Lookup Zones Trust Points All DNS servers to validate DNS data from other DNS servers Conditional Forwarders ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=1379\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"class_list":["post-1379","post","type-post","status-publish","format-standard","hentry","category-microsoft-windows-server-2016"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1379"}],"version-history":[{"count":9,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1379\/revisions"}],"predecessor-version":[{"id":1390,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1379\/revisions\/1390"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}