Microsoft always recommends Active Directory-Integrated because it provides fault tolerance and high security.
When the opportunity arises, always review the Resource Records.
AAAA is becoming more popular as IPv6 popularity grows.
If you get an error that it cannot contact RPC server, it might be because SRV records are missing, DNS is not configured properly, or you are not pointing to the correct DNS server.
Demonstrate the NSLookup command.
Chapter 4 configuring and managing the dns server role
Configuring and Managing
the DNS Server Role
Technology Skill Objective Domain Objective #
Installing the DNS Server
Configure a Domain
Name System (DNS)
Introducing DNS Zones Configure DNS zones 2.2
Configuring DNS Resource
Configure DNS records 2.3
Configure DNS replication 2.4
Introducing the DNS Name
Configure name resolution
Domain Name System (DNS)
• Without DNS, your network will most likely not
function — clients won’t be able to resolve names
to Internet Protocol (IP) addresses.
• In addition, Active Directory clients use DNS to
locate domain controllers.
• Before DNS, name resolution was handled
through the use of text files called HOSTS files
that were stored locally on each computer.
• The HOSTS file listed each name of the host and
its corresponding IP address.
• Whenever a new host was added to the network,
an administrator would manually update the
HOSTS file with the new host name or IP address
• How do we manage billions of DNS records?
• Can one server handles/stores all DNS records?
• If multiple servers,
– How do the records being stored?
– How administrators can manage these records? Can
permission delegations happen?
– How about high availability?
• How a client can resolve name to IP using DNS?
ITMT 1371 – Windows 7 Configuration
Domain Name System
• DNS because of the following benefits:
– Ease of Use
• A DNS namespace is a hierarchical, tree-
structured list of DNS host names or domain
name, starting at an unnamed root that is used
for all DNS operations.
• The DNS namespace has a hierarchical structure
and each DNS domain name is unique within a
• Each domain can have additional child domains.
• At the top of the Internet DNS namespace is the
– The root domain is represented by “.” (a period).
• Under the DNS root domain, the top-level
domains, or first-level domains, are
organizational types such as .org, .com, and .edu.
– Generic — generic, top-level domain names.
– Country code — Examples of country code domain
names are .uk., .jp, and .us.
– Infrastructure domain — .arpa is the Internet’s
infrastructure domain name.
Traditional Top-Level Domain Names
• com – Commercial.
• .edu – Education.
• .gov – Agencies of U.S. federal government.
• .net – Computers of network providers and ISPs.
• .org – Nongovernmental and nonprofit
• Second-level domains are registered to
individuals or organizations.
• Second-level DNS domains can have many
subdomains, and any domain can have hosts.
• A host is a specific computer or other network
device within a domain.
Fully Qualified Domain Name (FQDN)
• DNS uses the fully qualified domain name (FQDN)
to map a host name to an IP address.
• An FQDN describes the exact relationship
between a host and its DNS domain.
• DNS hierarchical structure is that workload for
name resolution is distributed across many
• For administrative purposes, DNS domains can be
organized into zones.
• A zone is a collection of host name–to–IP address
mappings for hosts in a contiguous portion of the
• Zone data is maintained on a DNS name server
and is stored in one of two ways:
– As a text-based zone file containing lists of mappings,
called a standard zone or a file-backed zone.
– Within an Active Directory database, called an Active
Standard Primary Zone
• A standard primary zone hosts a read/write copy
of the DNS zone in which resource records are
created and managed.
• Only one server can host and load the master
copy of the zone.
– no additional primary servers for the zone are
permitted, and only the server hosting the primary
zone is allowed to accept dynamic updates and
process zone changes.
Standard Secondary Zone
• A copy of the zone file may be stored on one or more
servers to balance network load, provide fault tolerance,
or avoid forcing queries across a slow, wide area network
• This standard secondary zone is a read-only copy of the
standard primary DNS zone.
• Information from a primary zone is transmitted to a
secondary zone by performing a zone transfer, which is
done by copying the zone file from the primary server to
a secondary server.
• A zone transfer can be a full zone transfer (called
an AXFR), in which the entire contents of the zone
is copied from the primary server to the
secondary server during each zone transfer.
• An incremental zone transfer (called an IXFR), in
which only changed information is transmitted
after an initial AXFR, in order to cut down on
bandwidth usage between.
Forward Lookup Zone
• Most queries sent to a DNS server are forward
– They request an IP address based on a DNS name.
Includes Host (A) resource records that translate form
host name to IP address.
Reverse Lookup Zone
• The Reverse Lookup zone is in-addr.arpa domain.
• Enables a host to determine another host’s name
based on its IP address.
– Contains the Pointer (PTR) resource record that
translates from IP addresses to host names.
• A stub zone is a copy of a zone that contains only those
resource records necessary to identify the authoritative
DNS servers for that zone.
• A stub zone is a pointer to the DNS server that is
authoritative for that zone, and it is used to maintain or
improve DNS resolution efficiency.
• The stub zone contains a subset of zone data consisting
of an SOA, an NS, and an A record.
• Like a standard secondary zone, resource records in the
stub zone cannot be modified; they must be modified at
the primary zone.
DNS Server Types
• DNS server types are determined by the type of
zone or zones they host and by the functions they
• A DNS server may host either primary or
secondary zones or both.
• If the server doesn’t host any zones, it is referred
to a caching-only server.
• A server is said to be authoritative for a particular
zone if it hosts a primary or secondary zone for a
particular DNS domain.
Primary Name Server
• Primary name servers have been configured with
one or more primary DNS zones.
• When a change is made to the zone data, such as
adding resource records to the zone, the changes
must be made on the primary server for that
zone; these changes will then propagate to
secondary name servers.
Secondary Name Server
• A secondary name server hosts one or more
secondary zone databases.
• Because a zone transfer is used to create a
secondary zone, the primary name server and
zone already must exist to create a secondary
• Caching-only servers do not host any zones and are not
authoritative for any domain.
• Caching-only DNS servers start with an empty cache and
then add resource record entries as the server fulfills
• This information is then available from its cache when
answering subsequent client queries.
• A caching-only DNS server is valuable at a site when DNS
functionality is needed locally but when creating a
separate domain or zone is not desirable.
• Zones are stored in Active Directory.
• No distinction between primary and secondary
• Changes made on one DNS server are replicated
to other DNS Server.
Installing the DNS Server Role
• Before you can use DNS Server Role, you must
install it with Server Manger.
• The resource record is the fundamental data storage unit
in all DNS servers.
– Start of Authority (SOA)
– Name Server (NS)
– Host (A)
– Host (AAAA)
– Canonical Name (CNAME)
– Mail Exchanger (MX)
– Pointer (PTR)
– Service Record (SRV)
Start of Authority (SOA) Resource
• Identifies which name server is the authoritative
source of information for data within this domain.
– The first record in the zone database file must be an
SOA record. In the Windows Server 2008 DNS server,
SOA records are created automatically with default
values when you create a new zone.
Name Server (NS) Resource Records
• Identifies the name server that is the authority for
the particular zone or domain; that is, the server
that can provide an authoritative name-to-IP
address mapping for a zone or domain.
A and AAAA Resource Records
• The A resource record is the fundamental data
unit of the DNS that is used to translate the host
name to the IPv4 address.
• The AAAA resource record is used to translate
the host name to the IPv6 address.
• The Pointer (PTR) resource record is the
functional opposite of the A record, providing an
IP address-to-name mapping, which is found in
the reverse lookup zones.
Service Record (SRV)
• Enables clients to locate servers that are
providing a particular service.
– Windows Server 2008 Active Directory clients rely on
the SRV record to locate the domain controllers they
need to validate logon requests.
• DNS servers resolve DNS queries using local authoritative or
• But if the server does not contain the requested data and is not
authoritative for the name in a query, it may perform recursive
resolution or return a referral to another DNS server depending on
whether the client requested recursion.
• The DNS Server service must be configured with root hints to
resolve queries for names that it is not authoritative for or for
which it contains no delegations.
• Root hints contain the names and IP addresses of the DNS servers
authoritative for the root zone. You can use the DNS console to
manage the list of root servers, as well as the dnscmd command-
• By default, DNS servers use a root hints file, called
cache.dns, on Microsoft DNS servers.
• The cache.dns file is stored in the %systemroot
%System32Dns folder on the server computer.
• When the server starts, cache.dns is preloaded
into server memory.
• By using root hints to find root servers, a DNS
server is able to complete recursive queries.
DNS Resolver Cache
• Any Windows computer, key the following at a
• To purge the cache, key the following at a
• A forwarder is a DNS server on a network used to
forward DNS queries for external DNS names to
DNS servers outside of that network.
• A conditional forwarder forwards queries on the
basis of domain name.
• You can use the Dnscmd command-line tool to
perform most of the tasks that you can do from
the DNS console.
• This tool can be used to script batch files, to help
automate the management and updates of
existing DNS server configurations, or to perform
setup and configuration of DNS servers.
Advanced DNS Server Properties
• Advanced DNS server properties refer to the
settings that can be configured in the Advanced
tab of the DNS Server Properties dialog box.
• These properties relate to server-specific
features, such as disabling recursion, handling
resolution of multi-homed hosts, and achieving
compatibility with non-Microsoft DNS servers.
• DNS names and the DNS protocol are required for Active
Directory domains and for compatibility with the
• The DNS namespace is hierarchical and based on a
unique root that can have any number of subdo-mains.
• An FQDN is the name of a DNS host in this namespace
indicating the host’s location relative to the root of the
DNS domain tree.
– An example of an FQDN is
• A DNS zone is a contiguous portion of a namespace for
which a server is authoritative.
• A server can be authoritative for one or more zones and
a zone can contain one or more contiguous domains.
• A DNS server is authoritative for a zone if it hosts the
zone, either as a primary or secondary DNS server.
• Each DNS zone contains the resource records it needs to
answer queries for its portion of the DNS namespace.
• There are several types of DNS servers: primary,
secondary, master name, and caching-only.
• A DNS server that hosts a primary DNS zone is
said to act as a primary DNS server.
• Primary DNS servers store original source data for
• With Windows Server 2003, you can implement
primary zones in one of two ways: as standard
primary zones (zone data is stored in a text file) or
as an Active Directory–integrated zone (zone data
is stored in the Active Directory database).
• A DNS server that hosts a secondary DNS server is said to
act as a secondary DNS server.
• Secondary DNS servers are authoritative backup servers
for the primary server.
• The servers from which secondary servers acquire zone
information are called masters.
• A caching-only server forwards requests to other DNS
servers and hosts no zones, but builds a cache of
frequently requested records.
• Recursion is one of the two process types for DNS
• A DNS client will request that a DNS server
provide a complete answer to a query that does
not include pointers to other DNS servers,
effectively shifting the workload of resolving the
query from the client to the DNS server.
• For the DNS server to perform recursion properly,
the server needs to know where to begin
searching for names in the DNS namespace.
• This information is provided by the root hints file,
cache.dns, which is stored on the server
• A DNS server on a network is designated as a
forwarder by having the other DNS servers in the
network forward the queries they cannot resolve
locally to that DNS server.
• Conditional forwarding enables a DNS server to
forward queries to other DNS servers based on
the DNS domain names in the queries.