Sei sulla pagina 1di 28

Module 2: Implementing

DNS in Windows 2000

Contents

Overview 1
Multimedia Presentation: Basics of the
Domain Name System (DNS) 2
Installing the DNS Server Service 3
Configuring Zones in Windows 2000 5
Testing the DNS Server Service 13
Lab A: Installing and Configuring the
DNS Server Service 15
Review 22
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Desktop, Active Directory, ActiveX, BackOffice, FoxPro, JScript, Outlook,
PowerPoint, Visual Basic, Windows, and Windows NT are either registered trademarks or
trademarks of Microsoft Corporation in the U.S.A. and/or other countries.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

Project Leads: Mark Johnson, Gerry Lang, H. James Toland III (ComputerPREP, Inc.)
Instructional Designers: Jeanie Decker (Write Stuff), Chris Slemp (ComputerPREP, Inc.),
Victoria Fodale (ComputerPREP, Inc.), Jose Mathews (NIIT Inc.), Barbara Pelletier (S&T
OnSite), Rick Selby, H. James Toland III (ComputerPREP, Inc.)
Lead Program Managers: Jim Clark, Paul Adare (FYI TechKnowlogy Services)
Program Managers: Jeff Clark, Rodney Miller, Andy Ruth (Infotec),
Thomas Willingham (Infotec)
Testing Leads: Sid Benavente, Keith Cotton
Testing Developer: Greg Stemp (S&T OnSite)
Courseware Test Engineers: Jeff Clark, H. James Toland III (ComputerPREP, Inc.)
Lab Simulations Developers: Wai Chan (Meridian Partners Ltd.), David Carlile (Independent
Contractor), Tammy Stockton (S&T OnSite)
Graphic Artists: Julie Stone (Independent Contractor), Kimberly Jackson (Independent
Contractor)
Editing Manager: Lynette Skinner
Editors: Kelly Baker (Write Stuff), Jennifer Kerns (S&T OnSite)
Copy Editor: Patricia Neff (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T OnSite)
Multimedia Development: Kelly Renner (Entex)
Courseware Testing: Data Dimensions, Inc.
Production Support: Irene Barnett (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Gerry Lang
Group Product Manager: Robert Stewart

Simulations and interactive exercises were built by using Macromedia Authorware


Module 2: Implementing DNS in Windows 2000 iii

Instructor Notes
Presentation: This module provides the knowledge and skills necessary to install, configure,
50 Minutes and test the Domain Name System (DNS) in a Microsoft® Windows® 2000
network.
Lab:
25 Minutes At the end of this module, students will be able to:
 Install the DNS Server service.
 Configure zones in Windows 2000.
 Test the DNS Server service.

Materials and Preparation


This section provides you with the required materials and preparation that are
necessary to teach this module.

Required Materials
To teach this module, you need the following materials:
 Microsoft PowerPoint® file 1560B_02.ppt
 Multimedia presentation file PBSG_DNS.avi, Basics of the Domain Name
System (DNS)

Preparation Tasks
To prepare for this module, you should:
 Read all of the materials for this module.
 Read Key Concepts of DNS under Additional Reading on the Web page on
the Trainer Materials compact disc.
 View the multimedia presentation, Basics of the Domain Name System
(DNS), under Multimedia Presentations on the Web page on the Trainer
Materials compact disc.
 Complete the lab.
iv Module 2: Implementing DNS in Windows 2000

Module Strategy
Use the following strategy to present this module:
 Installing the DNS Server Service
The Active Directory™ directory service requires a DNS server. This topic
provides information about requirements and instructions for installing the
Windows 2000 DNS Server service. Explain to students that a computer
running Windows 2000 must be configured with a static Internet Protocol
(IP) address prior to installing the DNS Server service. Describe the actions
that the DNS Server service performs during the installation process, and
demonstrate the steps for installing the DNS Server service after running
Windows 2000 Setup. The students will perform this procedure in the lab;
therefore, they should only observe the demonstration.
 Configuring Zones in Windows 2000
This topic describes how to configure zone transfers, Active Directory
integrated zones, and dynamic update. Review primary and secondary zone
types and ensure the students understand that these are called standard
primary and standard secondary in Windows 2000. Identify the two methods
that are used for replicating zone information: full zone transfer (AXFR)
and incremental zone transfer (IXFR). Explain that IXFR has been
implemented with the DNS Server service to replicate only changes to the
zone database file. Explain how to create an Active Directory integrated
zone and how to convert an existing standard primary zone to an Active
Directory integrated zone. Describe the necessary steps for configuring the
DNS Server service to allow dynamic updates and configuring the DHCP
Server service to perform dynamic updates.
 Testing the DNS Server Service
This topic describes the two methods that are available in Windows 2000
for testing the DNS Server service. Explain that the ability to monitor and
test the DNS Server service by using the DNS console is a new feature in
the DNS Server service. This feature allows you to perform queries on a
scheduled basis to ensure that the DNS Server service is operating correctly.
In addition, explain that Nslookup, although it is not new to the
Windows 2000 DNS Server service, can be used to view resource records
for diagnostic purposes and to perform queries to test the DNS Server
service.
Module 2: Implementing DNS in Windows 2000 v

Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.

Important The lab in this module is also dependent on the classroom


configuration that is specified in the Customization Information section at the
end of the Classroom Setup Guide for course 1560B, Updating Support Skills
from Microsoft Windows NT 4.0 to Microsoft Windows 2000.

Lab Setup
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
There are no lab setup requirements or configuration changes that affect
replication or customization.

Lab Results
Performing the labs in this module introduces the following configuration
changes:
 The DNS Server service is installed on each student computer.
 Forward and Reverse lookup zones are created on each student computer.
 Each student computer is configured with a fully qualified domain name
(FQDN) that is specified in the multiple-maximum domain model.
 Each student computer is configured to use its own DNS service for DNS
forward lookup name resolution.
 Each student computer is configured to use the instructor DNS service for
DNS reverse lookup name resolution.
 Authority is delegated to the student computer for the
domain.nwtraders.msft domain.
 Dynamic updates are enabled.
Module 2: Implementing DNS in Windows 2000 1

Overview
Slide Objective
To provide an overview of
the module topics and  Installing the DNS Server Service
objectives.
Lead-in  Configuring Zones in Windows 2000
In this module, you will learn
how to install, configure, and  Testing the DNS Server Service
test the DNS Server service
in Windows 2000.

Domain Name System (DNS) is an integral part of client/server


communications in Transmission Control Protocol/Internet Protocol (TCP/IP)
networks. Microsoft® Windows® 2000 uses DNS as its primary method for
name resolution.
The Windows 2000 implementation of DNS includes several new features that
improve upon the DNS capabilities of Microsoft Windows NT® version 4.0 and
ease the administrative burden of maintaining DNS. These features include
incremental zone transfers, integration with the Active Directory™ directory
service, and support for dynamic updates. In addition, Windows 2000 provides
configuration wizards and other tools to help you manage and support DNS
servers and clients on your network.
At the end of this module, you will be able to:
 Install the DNS Server service.
 Configure zones in Windows 2000.
 Test the DNS Server service.
2 Module 2: Implementing DNS in Windows 2000

Multimedia Presentation: Basics of the Domain Name


System (DNS)
Slide Objective
To introduce the multimedia
presentation.
Lead-in
This multimedia
presentation describes key
components of DNS and
how the name resolution
process works. You should
understand these concepts
to support a Windows 2000
network effectively.

Run the multimedia Before you begin the process of installing and configuring the DNS Server
presentation located under service in Windows 2000, it is important to review some basic concepts of
Multimedia Presentations DNS.
on the Web page on the
Trainer Materials compact
disc. Note The purpose of this presentation is to review basic DNS concepts prior to
learning about the new features and enhancements in the Windows 2000 DNS
The estimated time to Server service. To view the Basics of the Domain Name System (DNS)
complete this multimedia presentation, open the Student Materials Web page on the Student Materials
presentation is 8 minutes. compact disc, click Multimedia Presentations, and then click the title of the
presentation.
Inform students that a copy
of the multimedia For additional basic information about DNS, see “Key Concepts of DNS” under
presentation is included on Additional Reading on the Web page on the Student Materials compact disc.
the Web page on the
Student Materials compact
disc.

This presentation is for


review purposes only. If
students require additional
information about DNS,
refer them to “Key Concepts
of DNS” under Additional
Reading on the Web page
on the Student Materials
compact disc.
Module 2: Implementing DNS in Windows 2000 3

Installing the DNS Server Service


Slide Objective
Networking Services
To illustrate the Networking
Services page in the To add or remove a component, click the check box. A shaded box means that only part
of the component will be installed. To see what’s included in a component, click Details.
Windows Components
Subcomponents of Networking Services:
wizard.
COM Internet Services Proxy 0.0 MB
Lead-in Domain Name System (DNS) 0.8 MB

Before you install the DNS Dynamic Host Configuration Protocol (DHCP) 0.0 MB
Internet Authentication Service 0.0 MB
Server service on a
QoS Admission Control Service 0.0 MB
computer running Simple TCP/IP Services 0.0 MB
Windows 2000, you must Site Server LDAP Services 1.8 MB
configure the computer with
a static IP address and DNS Description: Answers query and update requests for Domain Name System (DNS)
names.
domain name.
Total disk space required: 0.9 MB
Details...
Space available on disk: 378.6 MB

OK Cancel

For Active Directory and associated client software to function correctly, you
must first install and configure a DNS server.
Before you install the DNS Server service, you must configure TCP/IP with a
static IP address, because computers running Windows 2000 are configured as
Dynamic Host Configuration Protocol (DHCP) clients by default.
Perform the following TCP/IP configurations on the computer on which you are
installing the DNS Server service:
1. Assign a static IP address in the Internet Protocol (TCP/IP) Properties
dialog box.
2. Configure the DNS host and domain name on the server on which you are
installing the DNS Server service.
To do this, click Advanced in the Internet Protocol (TCP/IP) Properties
dialog box. On the DNS tab in the Advanced TCP/IP Settings dialog box,
verify that the DNS address in the DNS addresses, in order of use box is
correct, and then type the domain name in the DNS Domain Name box.

You can install the DNS Server service during Windows 2000 Setup, after
Windows 2000 Setup, or during Active Directory installation. If you install the
DNS Server service during Active Directory installation, you must manually
create a reverse lookup zone and set the zone attribute to Allow updates after
installation.
4 Module 2: Implementing DNS in Windows 2000

To install the DNS Server service after Windows 2000 Setup:


Delivery Tip
Demonstrate the steps for 1. Open Add/Remove Programs in Control Panel, and then click
installing the DNS Server Add/Remove Windows Components.
service after Windows 2000
Setup. 2. On the Windows Components page, click Networking Services, and then
click Details.
Inform the students that they
3. Select the Domain Name System (DNS) check box, click OK, and then
will perform this procedure
in the lab. Therefore, they
click Next.
should not follow along with 4. If prompted, provide the full path to the Windows 2000 distribution files,
the demonstration on the and then click Continue.
classroom computers.
The DNS Server service installation process performs the following actions:
 Installs the DNS Server service, and starts the service automatically
(without restarting the computer).
 Installs the DNS console, and adds the DNS shortcut to the Administrative
Tools menu. You use the DNS console to manage local and remote DNS
servers.
 Adds the following key for the DNS Server service to the registry:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\DNS
 Creates the systemroot\System32\Dns folder.
The DNS folder contains the DNS database files that are described in the
following table:
File type Description

Domain_name.dns The zone database file that is used to translate host names to
IP addresses for a zone.
z.y.x.w.in-addr.arpa The reverse lookup file that is used to translate IP addresses
to host names.
Cache.dns The cache file that contains the required host information
for resolving names outside of authoritative domains. The
default file contains records for all of the root servers on the
Internet.
Boot The file that controls how the DNS Server service starts. In
Windows 2000, the Boot file is optional because the boot
settings are stored in the registry.

Note The Boot file is not defined in any RFC, and is not needed for
compliance with RFC standards. The Boot file is a part of the Berkeley Internet
Name Domain (BIND)–specific implementation of DNS. If you are migrating
from a DNS server running BIND, copying the Boot file allows easy migration
of your existing configuration.
For more information on BIND, see the Internet Software Consortium Web site
at http://www.isc.org
Module 2: Implementing DNS in Windows 2000 5

 Configuring Zones in Windows 2000


Slide Objective
To introduce the zone types
in the Windows 2000
implementation of DNS.  Configuring Zone Transfers
Lead-in  Configuring Active Directory Integrated Zones
Zone information is stored in
a zone database file, and  Configuring Zones for Dynamic Update
you can configure a zone in
several ways.

A zone is a portion of the domain namespace that is defined by the resource


Delivery Tip records that are stored in a zone database file. A zone database file stores
Ask the students to describe
primary and secondary DNS
information that is used to resolve host names to IP addresses and IP addresses
zones. Point out that these to host names. With Windows 2000, you can create standard primary and
zone types are called standard secondary zones, which are the same as the primary and secondary
standard primary and zones you can create with the Windows NT 4.0 DNS Server service.
standard secondary in
Windows 2000. Zone transfer is the process of replicating a zone database file to multiple DNS
servers. Windows 2000 supports incremental zone transfers in addition to full
zone transfers.
After you install Active Directory, you can also create Active Directory
integrated zones. Active Directory integrated zones are primary zones that are
stored in the Active Directory and replicated during Active Directory
replication rather than through zone transfers.
You can also configure zones to better utilize network resources. For example,
you can configure zones for dynamic updates. The DNS dynamic update
protocol can be used to automatically update the zone database file without
administrator intervention.
6 Module 2: Implementing DNS in Windows 2000

Configuring Zone Transfers


Slide Objective
To list the options for
 Zone Transfer Initiation
configuring zone transfers.  Zone Transfer Types
Lead-in
Zone transfer is the process
 Full zone transfer (AXFR)
by which DNS servers  Incremental zone transfer (IXFR)
interact to maintain and
synchronize zone database  Configuring Zone Transfer Properties
files.
Serial number:
2 Increment
Refresh interval: 15 minutes
Retry interval: 10 minutes
Expires after: 1 days
Minimum (default) TTL: 0 :1 :0 :0

 Configuring DNS Notify

Zone transfers copy the zone database file information from the master server to
a secondary server.

Zone Transfer Initiation


The zone transfer process is initiated when one of the following occurs:
 A master server sends a notification of a change in the zone to the secondary
server or servers.
 The secondary server queries a master server for changes to the zone
database file. This occurs when the DNS Server service on the secondary
server starts, or when the refresh interval on the secondary server expires.

Zone Transfer Types


The two methods for replicating zone information are:
 Full zone transfer (AXFR). Replicates the entire zone database file.
Most DNS implementations use and support AXFR. When the refresh
interval expires on a secondary server, it queries its master server by using
an AXFR query. The secondary server detects whether its local copy of a
zone is the same as the master server copy by comparing serial numbers for
the zone.
 Incremental zone transfer (IXFR). Only replicates changes to the zone
database file.
IXFR is a recent, RFC-defined DNS implementation that is included in
Windows 2000 and can reduce the amount of zone data that is transferred
during replication. IXFR also uses serial numbers to determine if changes
have been made to a zone database file. However, if changes have been
made, only the resource records that changed are transferred, rather than the
entire zone database file. Changes and additions are kept in the cache until
the secondary server has received all of the updated information.
Module 2: Implementing DNS in Windows 2000 7

A server responding to the zone transfer request keeps record of the newest
version of the zone and the differences between that copy and several older
versions. When the server receives a request with an older serial number, it
sends only the changes required to make the client version current. However,
the server may respond with a full zone transfer when one of the following is
true:
1. The sum of the changes is larger than the entire zone.
2. The client serial number is lower than the serial number of the oldest of the
versions of the zone on the server. Only a limited number of previous
versions of the zone are kept on the server for performance reasons.
3. The server responding to the IXFR request does not recognize the query
type. If the server doesn’t recognize the query, the client will automatically
initiate an AXFR instead.

Note For more information on IXFR, see RFC 1995 under Additional
Reading on the Web page on the Student Materials compact disc.

Configuring Zone Transfer Properties


It is not necessary to explain You can control how often and when a zone transfer occurs by modifying the
each of the zone transfer Start of Authority (SOA) resource record. To do this, modify the following
properties in detail. settings on the Start of Authority (SOA) tab in the Properties dialog box for
the zone:
Explain them briefly, and
suggest that the students  Serial number. Tracks updates to the zone database file. Serial numbers
review this information in indicate if changes have been made to a zone database file.
depth outside of class.
 Refresh interval. Controls how often a secondary server will query its
master server for new data.
 Retry interval. If a secondary server cannot contact its master server, the
retry interval determines how long the secondary server will wait before
attempting to contact its master server again.
 Expire interval. Controls the length of time that a secondary server will use
its current zone data to answer queries when it cannot contact the master
server. At the end of the expire interval, if the secondary server cannot
contact its master server, it will stop performing name resolution.
 Minimum TTL. Specifies the Time to Live (TTL) interval, or the minimum
amount of time for which a response to a query is valid. The DNS server
that provides the name resolution information specifies the TTL interval for
that information.
8 Module 2: Implementing DNS in Windows 2000

Configuring DNS Notify


You can configure a master server to include a list of one or more secondary
servers that should be notified when a zone database file is updated. If a
secondary server receives notification from its master server that changes have
been made to the zone database file, it initiates a zone transfer to ensure that its
records are up-to-date.
To configure the notify list, open the Properties dialog box for the zone, click
the Zone Transfers tab, and then click the Notify button. You can select
automatic notification for all servers listed on the Name Servers tab, or
automatic notification for servers you specify individually in the Notify dialog
box.
Module 2: Implementing DNS in Windows 2000 9

Configuring Active Directory Integrated Zones


Slide Objective
To illustrate the concept of  Active Directory Integrated Zone Data Is
an Active Directory  Stored as an Active Directory object
integrated zone.  Replicated as part of domain replication

Lead-in
You can integrate DNS Active
Active Directory
Directory
zones into Active Directory Integrated
Integrated Zone
Zone
to provide fault tolerance
and increased security.

Active
Active Directory
Directory
contoso.com

DNS Server

Windows 2000 integrates DNS and Active Directory. Active Directory uses a
DNS-based namespace, which eliminates the need to create and maintain
separate naming services.
In Active Directory integrated zones, zone data is stored as an Active Directory
Key Points object, and is replicated as part of domain replication rather than through zone
Active Directory integrated
zones are stored in Active
transfers.
Directory. The zone
database files for Active Note Active Directory integrated zones can only be created on DNS servers
Directory integrated zones that are configured to run the DNS dynamic update protocol.
are not stored in the
systemroot\System32\Dns
folder, where the standard
zone database files are
Creating Active Directory Integrated Zones
stored. To add an Active Directory integrated zone, open the DNS console, right-click
the appropriate server name, and then click New Zone. In the Create New Zone
wizard, click Next. On the Select a Zone Type page, click Active Directory-
integrated, and then click Next. The wizard then prompts you to specify
whether the zone lookup type is forward or reverse.
When you select Forward lookup zone, the Create New Zone wizard prompts
you to specify the zone name. When you are finished specifying the zone
information, the wizard will automatically create the zone, the zone database
file, and the SOA and NS (name server) resource records. The contents of the
zone database file are replicated to all domain controllers in the domain.
When you select Reverse lookup zone, the Create New Zone wizard prompts
you to specify the network identification and subnet mask and to verify the
zone name. When you are finished specifying the zone information, the wizard
will automatically create the zone, the zone database file, and the SOA and NS
resource records.
10 Module 2: Implementing DNS in Windows 2000

Converting Existing Zones


You can convert an existing standard primary zone to an Active Directory
integrated zone. It is important to be aware of the following information before
you convert an existing zone to an Active Directory integrated zone:
 The server that hosts the standard primary zone must be a domain controller.
 Active Directory integrated zones are stored in Active Directory. When you
store a zone in Active Directory, the zone database file is copied into Active
Directory and deleted from the primary server for the zone.

To convert a standard primary zone to an Active Directory integrated zone,


open the Properties dialog box for the zone that you want to convert. Click the
General tab, and then click Change. In the Change Zone Type dialog box,
click Active Directory-integrated, and then click OK. Click OK in the
Properties dialog box.

Note The Active Directory-integrated option is not available in the Change


Zone Type dialog box until Active Directory has been installed.
Module 2: Implementing DNS in Windows 2000 11

Configuring Zones for Dynamic Updates


Slide Objective
To illustrate the dynamic  DNS Dynamic Update Protocol
update process.  Allows clients to automatically update DNS servers
 Can be used in conjunction with DHCP
Lead-in
The DNS Server service
allows client computers to 1 Request
Requestfor
forIPIPaddress
address
DHCP
Server
dynamically update their
resource records on a DNS 2
Assign
AssignIP IPaddress
address
server. DHCP
Windows ofof192.168.120.133
192.168.120.133 DHCPupdates
updates
Windows20002000 reverse
client reverseresource
resourcerecord
record
Dynamic updates can be clientupdates
updates for
forward forWindows
Windows2000
2000
used in conjunction with forwardresource
resource clients
record clientsand
andboth
both
DHCP to dynamically recordononDNS
DNS resource
server resourcerecords
recordsfor
for
update resource records server other clients
Computer1
Computer1 other clients
when the DHCP address of 192.168.120.133
192.168.120.133
a computer is released and
renewed. DNS Server Zone Database

DNS was originally designed to support only static changes to a zone database.
Because of the design limitations of a static DNS service, adding, removing, or
modifying resource records could only be done manually.
The Windows 2000 implementation of DNS supports the DNS dynamic update
protocol. The DNS dynamic update protocol allows Windows 2000 client
computers to update DNS servers automatically, so that resource records can be
updated without administrator intervention. To enable dynamic updates, the
client must be configured to perform dynamic updates, and the zone must be
configured to allow dynamic updates to occur.

Note For more information on the DNS dynamic update protocol, see
RFC 2136 under Additional Reading on the Web page on the Student
Materials compact disc.

To configure a zone for dynamic updates, open the Properties dialog box for
Key Points the zone and select the General tab. The options that become available when
The DNS dynamic update
protocol allows updates
you select Allow Dynamic Updates? are described in the following table:
directly from a client or from Option Description
a DHCP server on behalf of
a client computer. No Disables dynamic updates for the zone. This is the default
option.
Yes Allows all DNS dynamic update requests for the zone.
Only secure updates Allows only DNS dynamic updates that use secure DNS for
the zone.
12 Module 2: Implementing DNS in Windows 2000

The Only secure updates option appears only when the zone type is Active
Key Points Directory integrated. With secure dynamic updates, the authoritative DNS
Only Active Directory
integrated zones can be
server only accepts updates from client computers and servers that are
configured for secure authorized to send dynamic updates. Secure dynamic updates provide the
dynamic updates. following benefits:
 Protect zones and resource records from being modified by users without
authorization.
 Enable you to specify exactly which users and groups can modify zones and
resource records.

Note For more information on secure dynamic updates, see RFC 2137 in
Additional Reading on the Web page on the Student Materials compact disc.

Windows 2000 clients interact directly with the DNS server to update the
forward (A) resource record. When the DHCP server is configured to perform
dynamic updates, it updates the reverse (PTR) resource record for the
Windows 2000 clients and updates both the A and PTR resource records for
client computers that are running an operating system other than
Windows 2000.
When the DHCP server is not configured to perform dynamic updates,
Windows 2000 clients update both the A and PTR resource records.
Registration for client computers that are running an operating system other
than Windows 2000 must be done manually.

Note For more information on configuring a DHCP server for dynamic


updates, see module 13, “Supporting DHCP and WINS,” in course 1560B,
Updating Support Skills from Microsoft Windows NT 4.0 to Microsoft
Windows 2000.
Module 2: Implementing DNS in Windows 2000 13

Testing the DNS Server Service


Slide Objective
To highlight the different
methods for testing the DNS
Server service.
Lead-in Err or Monitoring
Monitoring the
the DNS
DNS Server
Server
There are two methods
available for testing the DNS
Server service. You can use Err or Using
Using Nslookup
Nslookup
the DNS console or the
Nslookup utility.

The Windows 2000 DNS Server service provides the capability to test and
monitor DNS by using the DNS console. Nslookup, an industry-standard utility,
is also available for testing the DNS Server service and testing resource records.

Monitoring a DNS Server


You can configure the DNS Server service to perform queries on a scheduled
basis to ensure that the service is operating correctly.
In the DNS console, open the Properties dialog box for the server that you
want to monitor, and then click the Monitoring tab. You can test a DNS server
by performing two types of queries:
 Simple query. This type of query performs a local test by using the DNS
client to query a DNS server.
 Recursive query. This type of query tests a DNS server by forwarding a
recursive query to another DNS server.

Under Select a test type, select A simple query against this DNS server, A
recursive query against other DNS servers, or both, and then click Test Now.
The test results will appear under Test results in the Properties dialog box for
the server.
14 Module 2: Implementing DNS in Windows 2000

Delivery Tip Using Nslookup


Run Nslookup in both Nslookup is the primary diagnostic utility for the DNS Server service and is
noninteractive and installed with TCP/IP. You can use Nslookup to view resource records and
interactive mode. Also, direct queries to any DNS server, including UNIX implementations of DNS.
show how to view Nslookup
Help by typing a question Nslookup has two modes:
mark (?) while in interactive
mode.  Interactive. Use this mode when you require more than one piece of data.
To run interactive mode, at the command prompt, type nslookup
To exit interactive mode, type exit
 Noninteractive. Use this mode when you require a single piece of data. Type
the Nslookup syntax at the command prompt, and the data is returned.

The following table describes the Nslookup syntax:


nslookup [–option ...] [computer-to-find | – (server)]
Syntax Description

-option… Specify one or more Nslookup commands. For a list of


commands, type a question mark (?) to open Help.
computer-to-find If the computer-to-find is an IP address, Nslookup returns the host
name. If the computer-to-find is a host name, Nslookup returns an
IP address. If the computer-to-find is a name and does not have a
trailing period, the default DNS domain name is appended to the
name. To find a computer outside of the current DNS domain,
append a period to the name.
-server Use this server as the DNS server. If the server is omitted, the
currently configured default DNS server is used.

Note For Nslookup to work properly, a PTR resource record for the DNS
server must exist in the server’s database. Upon startup, Nslookup performs a
reverse lookup on the IP address of the server that is running the DNS Server
service.
Module 2: Implementing DNS in Windows 2000 15

Lab A: Installing and Configuring the DNS Server Service


Slide Objective
To introduce the lab.
Lead-in
In this lab, you will install
DNS, delegate authority for
subdomains, create forward
and reverse lookup zones,
and configure zones for
dynamic updates.

Objectives
After completing this lab, you will be able to:
 Install the DNS Server service.
 Delegate authority for a domain.
 Create forward and reverse lookup zones.
 Enable dynamic update.

Prerequisites
Before working on this lab, you must be familiar with DNS concepts and
operations.

Lab Setup
To complete this lab, you need the following:
 A computer running Microsoft Windows 2000 Advanced Server that is
configured as a member server.
 A static IP address and subnet mask.
 A lab partner. One partner will create the primary zone, while the other will
create a secondary zone and designate his or her partner’s computer as the
master server.
 A fully qualified domain name (FQDN). Refer to the Student Computer IP
Addresses and FQDNs section of the lab for this information.

Note When required, use 192.168.x.200 (where x is the assigned classroom


number) as the IP address of the instructor computer.
16 Module 2: Implementing DNS in Windows 2000

Student Computer IP Addresses and FQDNs


The following table provides the IP address and FQDN of each student
computer in the fictitious domain nwtraders.msft. The FQDN is divided into
four parts, from most specific to least specific. In this case, the domain name is
the last three parts of the FQDN. For example, the FQDN
vancouver.namerica1.nwtraders.msft has the domain name
namerica1.nwtraders.msft.
Find the student number that the instructor has assigned to you, and make a
note of the IP address (where x is the assigned classroom number), FQDN, and
domain name for your student number.
Student number IP address FQDN

1 192.168.x.1 vancouver.namerica1.nwtraders.msft
2 192.168.x.2 denver.namerica1.nwtraders.msft
3 192.168.x.3 perth.spacific1.nwtraders.msft
4 192.168.x.4 brisbane.spacific1.nwtraders.msft
5 192.168.x.5 lisbon.europe1.nwtraders.msft
6 192.168.x.6 bonn.europe1.nwtraders.msft
7 192.168.x.7 lima.samerica1.nwtraders.msft
8 192.168.x.8 santiago.samerica1.nwtraders.msft
9 192.168.x.9 bangalore.asia1.nwtraders.msft
10 192.168.x.10 singapore.asia1.nwtraders.msft
11 192.168.x.11 casablanca.africa1.nwtraders.msft
12 192.168.x.12 tunis.africa1.nwtraders.msft
13 192.168.x.13 acapulco.namerica2.nwtraders.msft
14 192.168.x.14 miami.namerica2.nwtraders.msft
15 192.168.x.15 auckland.spacific2.nwtraders.msft
16 192.168.x.16 suva.spacific2.nwtraders.msft
17 192.168.x.17 stockholm.europe2.nwtraders.msft
18 192.168.x.18 moscow.europe2.nwtraders.msft
19 192.168.x.19 caracas.samerica2.nwtraders.msft
20 192.168.x.20 montevideo.samerica2.nwtraders.msft
21 192.168.x.21 manila.asia2.nwtraders.msft
22 192.168.x.22 tokyo.asia2.nwtraders.msft
23 192.168.x.23 khartoum.africa2.nwtraders.msft
24 192.168.x.24 nairobi.africa2.nwtraders.msft

Estimated time to complete this lab: 25 minutes


Module 2: Implementing DNS in Windows 2000 17

Exercise 1
Installing the DNS Server Service

Scenario
Currently, there is one DNS server on your network, which contains the primary zone for
nwtraders.msft. The server that you are installing will be authoritative for a subdomain of
nwtraders.msft. You want the DNS Server service to be able to resolve DNS name queries to IP
addresses, and to resolve host IP addresses on your network to their registered host name.

Goal
In this exercise, you will configure the domain name of your computer and install the DNS Server
service.

Tasks Detailed Steps

1. Configure the DNS Suffix a. Log on as Administrator with a password of password.


for your computer. When b. Open the Properties dialog box for My Computer.
prompted, restart the
computer. c. In the System Properties dialog box, on the Network Identification
tab, click Properties.
• Domain Suffix:
domain.nwtraders.msft d. In the Identification Changes dialog box, click More.
(where domain is your e. In the DNS Suffix and NetBIOS Computer Name dialog box, in the
assigned domain name) Primary DNS suffix of this computer box, type
domain.nwtraders.msft (where domain is your assigned domain
name), and then click OK.
f. Click OK to close the Identification Changes dialog box, and then
click OK to close the Network Identification message box.
g. Click OK to close the System Properties dialog box, and then click
Yes in the System Settings Change message box to restart your
computer.
2. Start the Windows a. Log on as Administrator with a password of password.
Components wizard, and b. In Control Panel, double-click Add/Remove Programs, and then click
install the DNS Add/Remove Windows Components.
subcomponent of
Networking Services. Copy c. On the Windows Components page, under Components, click
the required files from the Networking Services, and then click Details.
Windows 2000 Advanced d. Under Networking Services, verify that all check boxes are cleared,
Server compact disc. select the Domain Name System (DNS) check box, and then click
OK.
e. In the Windows Components wizard, click Next.
f. If prompted, insert the compact disc labeled Windows 2000 Advanced
Server, and then click OK.
g. After the required files have been copied, click Finish, and then close
all windows.
18 Module 2: Implementing DNS in Windows 2000

Exercise 2
Delegating Authority for a Domain

Scenario
You need delegation records in the primary zone for nwtraders.msft that point to the authoritative
DNS server for the new subdomain. This is necessary both to transfer authority and to provide
correct referrals.

Goal
In this exercise, you will delegate authority from the instructor DNS Server to the student DNS
Server that will host the primary zone for the new subdomain.

Tasks Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number.

1. Add the instructor’s DNS a. Open DNS from the Administrative Tools menu.
Server to your DNS console. b. In the console tree, right-click DNS, and then click Connect to
Computer.
c. In the Select Target Computer dialog box, click The following
computer. In the text box, type London and then click OK.
2. Delegate authority for a. In the console tree, expand London, expand Forward Lookup Zones,
domain.nwtraders.msft to and then expand nwtraders.msft.
your DNS Server. b. In the console tree, right-click nwtraders.msft, and then click New
Delegation.
c. In the New Delegation wizard, on the Welcome to the New
Delegation Wizard page, click Next.
d. On the Delegated Domain Name page, in the Delegated domain box,
type domain and then click Next.
e. On the Name Servers page, click Add.
f. In the New Resource Record dialog box, in the Server name box,
type the FQDN for your computer, click Resolve, then click OK.
g. On the Name Servers page, click Add.
h. In the New Resource Record dialog box, in the Server name box,
type the FQDN for your partner’s computer, click Resolve, and then
click OK.
i. On the Name Servers page, click Next.
j. On the Completing the New Delegation Wizard page, click Finish.
Module 2: Implementing DNS in Windows 2000 19

Exercise 3
Creating Forward and Reverse Lookup Zones

Scenario
You must create lookup zones on the DNS Servers for the subdomain you created in exercise 1.

Goal
In this exercise, you will create a forward and reverse lookup zone.

Tasks Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number.

1. Add a standard primary a. In the console tree, right-click server (where server is your computer
forward lookup zone for name), and then click Configure the server.
domain.nwtraders.msft. b. On the Welcome to the Configure DNS Server Wizard page, click
Next.
c. On the Forward Lookup Zone page, ensure that Yes, create a
forward lookup zone is selected, and then click Next.
d. On the Zone Type page, ensure that Standard primary is selected,
and then click Next.
e. On the Zone Name page, in the Name box, type
domain.nwtraders.msft and then click Next.
f. On the Zone File page, ensure that Create a new file with this file
name is selected, and then click Next.

Important: Perform the following procedure on the computer of the partner with the lowest student number.

2. Add a standard secondary a. On the Reverse Lookup Zone page, ensure that Yes, create a reverse
reverse lookup zone for your lookup zone is selected, and then click Next.
subnet. b. On the Zone Type page, click Standard secondary, and then click
Next.
c. On the Reverse Lookup Zone page, verify that Network ID is
selected. For the network ID, type the first three octets of the IP
address of your computer, and then click Next. (For example, for an IP
address of 192.168.1.1, type 192.168.1.)
d. On the Master DNS Servers page, in the IP address box, type the
instructor’s IP address, click Add, and then click Next.
e. On the Completing the Configure DNS Server Wizard page, click
Finish.
20 Module 2: Implementing DNS in Windows 2000

Tasks Detailed Steps

Important: Perform the following procedure on the computer of the partner with the highest student
number.

3. Add a standard secondary a. Open DNS from the Administrative Tools menu.
forward lookup zone for b. Right click Server, and then click Configure the server.
domain.nwtraders.msft and
a standard secondary reverse c. On the Welcome to the Configure DNS Server Wizard page, click
lookup zone for your subnet. Next.
d. On the Forward Lookup Zone page, verify that Yes, create a
forward lookup zone is selected, and then click Next.
e. On the Zone Type page, click Standard secondary, and then click
Next.
f. On the Zone Name page, type domain.nwtraders.msft and then click
Next.
g. On the Master DNS Servers page, in the IP address box, type the IP
address of your partner’s computer, click Add, and then click Next.
h. On the Reverse Lookup Zone page, verify that Yes, create a reverse
lookup zone is selected, and then click Next.
i. On the Zone Type page, click Standard secondary, and then click
Next.
j. On the Reverse Lookup Zone page, verify that Network ID is
selected. For the network ID, type the first three octets of your IP
address, and then click Next. (For example, for an IP address of
192.168.1.1, type 192.168.1.)
k. On the Master DNS Servers page, in the IP address box, type the IP
address of the instructor’s computer, click Add, click Next, and then
click Finish.
Module 2: Implementing DNS in Windows 2000 21

Exercise 4
Enabling Dynamic Update

Scenario
You want DHCP and client computers to update DNS records automatically to decrease the
administrator’s workload.

Goal
In this exercise, you will enable dynamic update on the DNS Server.

Tasks Detailed Steps

Important: Perform the following procedure on the computer of the partner with the lowest student number.

1. Enable dynamic update on the a. In the console tree, expand Server, and then expand Forward Lookup
forward lookup zone for Zones.
domain.nwtraders.msft. b. Click domain.nwtraders.msft, and then right-click
domain.nwtraders.msft, and then click Properties.
c. In the domain.nwtraders.msft Properties box, in the Allow dynamic
updates list, click Yes, and then click OK.

Important: The following task should be performed on both servers.

2. Configure the TCP/IP a. Open the Properties dialog box for My Network Places, and then
properties so that your open the Properties dialog box for Local Area Connection.
computer is a client of the b. Click Internet Protocol (TCP/IP), and then click Properties.
DNS Server service on your
computer. c. In the Internet Protocol (TCP/IP) Properties dialog box, click Use
the following DNS server addresses if necessary, type the IP address
of your computer in the Preferred DNS server box, and then click
OK.
d. In the Local Area Connection Properties dialog box, click OK, and
then close Network and Dial-up Connections.
e. Close all open windows, and then log off.
22 Module 2: Implementing DNS in Windows 2000

Review
Slide Objective
To reinforce module
objectives by reviewing key  Installing the DNS Server Service
points.
Lead-in  Configuring Zones in Windows 2000
The review questions cover
some of the key concepts  Testing the DNS Server Service
taught in the module.

1. What types of DNS zones can you create by using the DNS Server service
in Windows 2000?
Standard primary, standard secondary, and Active Directory
integrated zones.

2. What functionality has been implemented with the Windows 2000 DNS
Server service that allows the transfer of changes only to a zone database
file?
Incremental zone transfer (IXFR).

3. You have created an Active Directory integrated forward lookup zone. You
cannot locate the zone database file that is associated with that zone on the
hard disk of the DNS server. Why can’t you locate the zone database file?
Where is the zone database information stored?
Active Directory integrated zones are stored in Active Directory.
Therefore, there are no files that are associated with them on the hard
disk of the DNS server.

4. How can you test the DNS installation by using the DNS console? Which
options are available?
You can use the Test Now button on the Monitoring tab of the
Properties dialog box for the server. You can perform a simple query, a
recursive query, or both.

Potrebbero piacerti anche