INF214x Basic Networking Practical Exercises - [email protected] Basic Networking – Practical Exercises Overview ... 4. Use the command to add a scope from

INF214x Basic Networking – Practical Exercises

Overview

This course includes practical exercises where you can try out the techniques

demonstrated in the course for yourself. This guide lists the steps for the

individual practical exercises.

For the exercises that use PowerShell, a script is included at the end of the

exercise. You can paste the script into the lab environment Powershell or

PowerShell window by using the Actions drop-down. Make sure your cursor

is in place in the PowerShell window before pasting!

Module 1 - DHCP Basics

DHCP Server Role and Delegation

In this exercise, you will install and authorize the DHCP server role, and configure

DHCP Administrators and DHCP Users.

1. Log in to LON-SVR1 as Administrator with the password Pa55w.rd.

2. Open Server Manager and use the Add Roles and Features Wizard to

install the DHCP Server role.

3. Accept all the default settings and wait for the role to install.

4. On the last page of the Wizard click Complete DHCP configuration. If you

have closed the Wizard, click the Notification icon.

5. In the DHCP Post-Install configuration wizard read that the Wizard will

create the DHCP Administrator and DHCP Users groups. The Wizard will also

authorize the server, click Next.

6. On the Authorization page, click Commit, and then close the wizard.

7. From the Server Manager Tools menu, open the DHCP console.

8. Right-click the server, notice the Deactivate selection.

9. Ensure that IPv4 and IPv6 nodes have green check marks. You may need to

click the nodes.

Configure DHCP Administrators and DHCP Users

1. Sign in to LON-DC1 as Adatum\Administrator with the password

Pa55w.rd.

2. Go to Server Manager then Tools and select Active Directory Users and

Computers.

3. Expand Adatum.com and click on the Users container. Refresh the console

and verify that the DHCP Administrators and DHCP Users groups are

present.

4. In the properties of DHCP Administrators group add Adatum\Abbi

Skinner. DHCP Administrators have administrative privleges on DHCP

services.

5. In the Properties of the DHCP Users group add Adatum\Dante Dabney.

DHCP Users have view-only access to DHCP services.

6. In the Server Manager dashboard, select DHCP, scroll down to Services,

right-click and Restart Services.

We are restarting the DHCP Service so we don’t have to wait for the

permissions to propagate.

Verify the administrative and user access permissions

1. Return to LON-SVR1 and sign in as Adatum\Abbi with password Pa55w.rd.

2. Open Server Manager, on the Tools menu, open the DHCP management

console.

3. Right-click DHCP, select Add Server, This authorized server.

4. Add both LON-DC1 and LON-SVR1, and then apply your changes. The

servers should be added to the console navigation pane.

5. Right-click LON-SVR1.adatum.com, and select unauthorize, click Yes to

verify your choice.

6. Notice the Access Denied message. You must be a Enterprise Administrator

to authorize/unauthorize DHCP servers. Just because a task is available does

not mean a DHCP Administrator or DHCP user will have the permissions to

do that task.

7. Abbi, DHCP administrator, would be able to create and modify DHCP

setttings. Dante, DHCP User, would only be able to view the settings.

8. You can stay logged in as Abbi to test her permissions in the next exercises,

or you can sign out and sign in as the Adatum\Administrator.

DHCP Relay Agent

In this exercise, you will install and configure a DHCP relay agent.

1. Sign in to EU-RTR as Adatum\Administrator with the password Pa55w.rd.

2. In Server Manager, Tools menu, open Routing and Remote Access.

3. Add the DHCP relay agent to the router on EU-RTR:

• In the navigation pane, expand EU-RTR (local), expand IPv4, right click

General, and then click New Routing Protocol. Notice your other

choices.

• In the Routing protocols list, DHCP Relay Agent, and then click OK.

4. Configure the DHCP relay agent.

• In the navigation pane, right click DHCP Relay Agent, and then New

Interface.

• In the New Interface for DHCP Relay Agent dialog box, click

London_Network, and then click OK.

• Right-click DHCP Relay Agent, and then Properties.

• Server Address: 172.16.0.11, Add, OK. (This is the IP Address of LON-

SVR1. The server on which you just installed DHCP.)

5. You have now configured a DHCP relay agent on EU-RTR. Clients needed a

DHCP server can go through EU-RTR to LON-SVR1.

6. Close Routing and Remote Access.

DHCP Scopes (GUI)

In this exercise, you will create and configure a DHCP scope. This exercise requires

the DHCP server role to be installed on the server.

Create a new DHCP scope

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.

2. In Server Manager, from the Tools menu, select the DHCP console.

3. Right-click IPv4, and select New Scope. Create a new scope with these

values:

• Name: Branch Office

• Description: Redmond satellite office

• IP Address Range: 172.16.0.100 – 172.16.0.200

• Length: 16

• Subnet Mask: 255.255.255.0

• Exclusions: 172.16.0.190 – 172.16.0.200 (don’t forget to click Add)

• Continue through the pages, notice the default Lease Duration of 8 hours.

• Options: Router 172.16.0.1 (IP Address for EU-RTR virtual machine). This

means client will receive this information so they will know about the

DHCP relay agent.

• Accept the remaining default settings for DNS and WINS and Activate the

scope.

4. Expand your new scope and select Address Pool. Verify the address range

for distribution. Verify the IP addresses excluded from distribution.

5. Select Address Leases and verify there are not leases.

Configure LON-CL1 to automatically receive IP addresses

1. Sign in to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.

2. Open the Network and Sharing Center, click Change Adapter Settings,

right-click London_Network, and select Properties.

3. Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

4. Make the following change

• Obtain an IP address automatically

• Obtain DNS Server address automatically

5. Open a command window and run the ipconfig /all command.

6. Notice the IP Address. Is it in the range 172.16.0.100 – 172.16.0.200?

7. Notice the Lease Obtained and Lease Expired dates. The default lease was 8

days.

8. Notice the Default Gateway (Router), 172.16.0.1, was assigned by the scope.

9. If your settings do not look correct, you may need to run ipconfig /renew.

10. Take a minute to return to LON-SVR1 and verify in the DHCP management

console, that the Address Leases includes the new IP address for LON-CL1.

As an Administrator, you should have a plan for deciding which IP

addresses to exclude from dynamic assignment. For example, you might

always exclude the first 10 addresses or the last 20 addresses. This will

depend on how many static IP addresses you need to assign. By being

consistent in how those addresses are selected it will be easier to

administer large number of clients.

DHCP Scopes (PowerShell)

In this exercise, you will add a DCHP IPv4 scope, provide an exclusion range, set the

default router, and activate the scope.

Note: If you need help with the PowerShell commands there is a suggested script

at the end of the exercise. You can copy the commands into the lab environment

using the instructions at the beginning of this document. But, do try to construct

the commands yourself.

Create a scope


Pa55w.rd.

2. Open an elevated PowerShell prompt. If you like, use the Properties on the

window to increase the font size, and change the coloring.

3. Read about the Add-DhcpServerv4Scope cmdlet. If prompted, do not

update the Help files.

Get-Help Add-DhcpServerv4Scope –ShowWindow

4. Use the command to add a scope from 192.168.0.100 to 192.168.0.200.

Name the scope BranchOffice2 and use the 255.255.0.0 subnet mask.

5. Use Get-DhcpServerv4Scope to verify your new scope. Make a note of the

ScopeID (192.168.0.0).

6. Read about the Add-DhcpServerv4ExclusionRange cmdlet.

Get-Help Add-DhcpServerv4ExclusionRange -showwindow

7. Use Add-DhcpServerv4ExclusionRange to add an exclusion

from 192.168.0.190 to 192.168.0.200.

8. Use Get-DhcpServerv4ExclusionRange to verify your new exclusion.

9. Read about the Set-DhcpServerv4OptionValue cmdlet.

10. Use Set-DhcpServerv4OptionValue to specify a Router with IP address

192.168.0.1. configure the router (default gateway) to be applied at server

level.

11. Use Get-DhcpServerv4OptionValue to verify your new setting. Notice this is

OptionID number 3.

12. Read about the Set-DhcpServerv4Scope cmdlet.

Get-Help Set-DhcpServerv4Scope -showwindow

13. Use Set-DhcpServerv4Scope to activate your scope.

14. Open the DHCP console (Server Manager\Tools\DHCP).

15. Verify your new scope with the exclusion range and router was successfully

created.

Answers (Script):

# Add a scope for BranchOffice2

Add-DHCPServerv4Scope –StartRange 192.168.0.100 –EndRange

192.168.0.200 –Name BranchOffice2 –SubnetMask 255.255.255.0

# Verify the scope was added

Get-DHCPServerv4Scope -ScopeID 192.168.0.0 | Format-List

# Add an exclusion range for 192.168.0.190 – 192.168.0.200

Add-DHCPServerv4ExclusionRange –Scopeid 192.168.0.0 –StartRange

192.168.0.190 –EndRange 192.168.0.200

# Verify the exclusion

Get-DHCPServerv4ExclusionRange –Scopeid 192.168.0.0 | Format-List

# Configure a Server Option (3) for the router

Set-DhcpServerv4OptionValue –router 192.168.0.1

# Verify your Server Option

Get-DhcpServerv4OptionValue

# Activate your scope

Set-DHCPServerv4Scope –ScopeID 192.168.0.0 –State Active

# verify the state of your scope

Get-DHCPServerv4Scope -ScopeID 192.168.0.0.

DHCP Options (GUI)

In this exercise, you will explore various DHCP options.


Pa55w.rd.


3. Start by configuring a Server option.

4. Expand the IPv4 node and click Server Options. Notice there is already a

Router option.

5. Right-click Server Options and select Configure Options...

6. Scroll through the different options that you can create.

7. Select 004 Time Server, add LON-DC1.Adatum.com and ensure that it

resolves to the address 172.16.0.10 Click OK.

8. Ensure the entry was created successfully.

9. Now, create a Scope Level option.

10. Within the Scope [172.16.0.0] Branch Office, right-click Scope Options, and

then select Configure Options.

11. Notice that you have inherited the Server router option you have just

configured.

DHCP options can be applied to a Server, a Scope, a Class, or a Reserved

client. Plan your options carefully to avoid conflicting information at the

different levels. In the case of a conflict, the more specific option will be

applied.

DHCP Reservations

In this exercise you will create a DHCP reservation.

Obtain LON-CL1’s MAC Address


2. Open Windows PowerShell.

3. Use ipconfig /all to get the MAC address. Make a note of it.

Use the MAC address to create a reservation


Pa55w.rd.


3. Locate your scope, right-click Reservations and select New Reservation.

4. Add a reservation with the following settings:

• Reservation Name: LON-CL1

• IP Address: 172.16.0.101

• MAC Address (you noted earlier): 00-15-5D-A3-97-EB

• Support Types: DHCP

5. Make sure the reservation is was added and is listed.

Test the DHCP reservation


2. Run ipconfig /release.

3. Run ipconfig /renew.

4. Verify the DHCP server has assigned LON-CL1 the reserved IP address

172.16.0.101.

5. Return to LON-SVR1 and verify that 172.16.0.101 has been assigned to LON-

CL1 in the scope Address Leases node.

Be sure you do not reserve an IP address that is already in use or an IP

address that is part of a DHCP exclusions list. If the address is not

assigned double check your MAC address.

Superscopes

In this exercise you will create a superscope.

Note: This exercise requires two DHCP scopes.


Pa55w.rd.

4. Create a superscope. Right-click the IPv4 node and select New

Superscope.... Configure it as follows:

• Name: Superscope

• Scopes: Highlight the two scopes, Branch Office and Branch Office 2.

• Click Finish.

5. Notice the following:

• The two individual scopes are now bundled under the superscope

that you just created and can now be administered as single entity.

• Right-click the superscope and notice your choices: Deactivate, New

Scope, and Configure Failover.

• Select Display Statistics and review the information.

Multicast Scopes

In this exercise, you will create a Multicast scope.


Pa55w.rd.

2. Open the DHCP management console.

3. Right-click the IPv4 node and select New Multicast Scope... Using New

Multicast scope will ensure the IP address range is valid.

4. Configure it as follows:

• Name: Multicast Scope

• Address range: 224.0.0.100 to 224.0.0.200.

• For all other values, accept the defaults in the Wizard and activate the

scope.

4. In the DHCP server console, expand Multicast Scope and view the Address

Pool values and Address leases.

5. Right-click Multiscope Scope, select Properties, and then the Lifetime tab.

6. Notice you now have the ability to designate a Multicast scope lifetime

value for the scope of infinite, or a set a specific expiry date. For example,

during the broadcast times.

7. Remember that a multicast scope is always in the 224 IP address range.

DHCP Policies

In this exercise you will create, configure, and view two Server Level policies and a

Scope Level policy.


Pa55w.rd.

2. Open the DHCP management console.

3. Go to the IPv4 node, right-click Policies node and then select New Policy…

Create a new server Level Policy based on the MAC Address of LON-CL2.

Configure the policy as follows:

• Policy Name: LON-CL1 MAC Address Policy

• Policy Conditions:

• Criteria (notice your other choices) = MAC Address

• Operator = Equals

• Value = 00155DA397EB

• Notice you could add/or another condition.

• Policy Settings:

• Vendor Class = DHCP Standard options

• Option = 004 Time Servers

• Server Name = LON-DC1

4. Create a new Server Level Policy for Remote Access clients and configure it as

follows:

• Policy Name: Remote Access Policy


• Criteria = User Class


• Value = Default Routing and remote Access Class


• Vendor Class = DHCP Standard options

• Option = 006 DNS Servers

• Server Name = LON-DC1 (We add LON-DC1 as the DNS Server

because we have only one DNS server available in our

environment, but it’s also possible to set up a second DNS server

that is used by clients accessing your network remotely.)

5. View the policies you have just created in the DHCP console, and move one

up over the other to change the order in which they are run.

6. Select a scope and then New Policy (under the scope). Create a new Scope

Level Policy based on the LON-CL1 MAC Address and configure it as follows

(this requires an active scope).

• Policy Name: LON-CL1 IP Scope Policy


• Criteria = MAC Address


• Value = 00155DA397EB


• Start Address = < your choice based on existing scope>

• End Address = < your choice based on existing scope>

• Vendor Class = DHCP Standard Options

• Available Options = 042 NTP Servers

• Server Name = LON-DC1

7. Review what you have done. Notice there are Server level, and Scope level

policies. Do you see the difference and why you would choose one over the

other?

You can also use Filters in the DHCP Console to Allow or Deny DHCP

services to specific clients based on their MAC Addresses. This is also

known as MAC Address Filtering. Additionally, you can define specific

hardware types to be allowed or defined DHCP services such as Fiber

Channel, IEEE 802 and many more. This can be configured in the IPv4

Properties dialogue box by clicking the Filter tab and clicking the

Advanced button, and then selecting the hardware type. Uncheck the

checkbox to apply filtering to any of the hardware types listed. You

should try creating and enabling a Filter yourself, using the virtual lab

machines.

Module 2 – DHCP Advanced

DHCP Split Scopes

In this exercise you will create a Split-Scope. You will need two DHCP servers for this

exercise.


Pa55w.rd.

2. Create a new scope for the 172.0.2.100 to 172.0.2.200 range.

3. Right-click your new scope and select Advanced…,and then Split –Scope.

4. In the DHCP Split-Scope Configuration Wizard add LON-DC1.Adatum.com

with IP Address 172.16.0.10 as the additional server.

5. On the Percentage of Split screen, select an 80/20 split between the Host

DHCP Server (LON-SVR1) and the Added DHCP Server (LON-DC1).

6. Specify a Delay in DHCP Offer for the Added DHCP Server of 5

milliseconds.

7. Still on LON-SVR1 verify that the Address Pool under this scope has 80% of

addresses available to it and that there’s an exclusion listed which accounts

for 20% of the overall addresses.

8. Go to LON-DC1 and verify the scope that you configured on LON-SVR1 is

now present on LON-DC1 and that there is an address pool which has 20%

of addresses available to it with an exclusion list for 80% of the addresses.

9. Activate the new scope on LON-DC1.

DHCP Failover

In this exercise you will configure and verify DHCP Failover.

Create a new scope for high availability


Pa55w.rd.

2. Create a new Scope on LON-DC1 and configure it as follows:

• Name: HA Scope

• Start IP Address: 172.16.1.210

• End IP Address: 172.16.1.225

• Subnet range: 255.255.255.0

• Accept the defaults for the remainder of the wizard and activate the

scope.

Configure DHCP failover

1. On LON-SVR1, right-click your new scope and select Configure Failover...

2. Add LON-DC1 as the Partner Server. If prompted provide the administrator

credentials.

3. Complete the Create a new failover relationship page with the following

configuration:

• Relationship Name: take the default

• Max Client Lead Time: default

• Mode: Hot Standby

• Role of Partner Server: Standby

• Address reserved for standby server: 5%

• State Switchover Interval: default – disabled

• Enable Message Authentication: Enabled

• Shared Secret: Pa55w.rd

4. Click Next and complete the wizard.

5. If you return to LON-DC1 and refresh the DHCP console you will see the new

scope has been propagated to this server. Viewing the Properties and

selecting the Failover tab will verify the settings

View the configuration details

1. On LON-SVR1, open the DHCP console, right-click the server and Stop the

service.

2. Notice a red arrow now appears beside the IPv4 node.

3. On LON-DC1, open the DHCP console.

4. Open the IPv4 Properties, select the Failover tab, and then select Edit.

Notice the State of this server reports lost contact with partner.

5. Click the Change to partner down button. In the prompt, note the current

state (communicated interrupted), and change to partner down. You can

control how these states change, whether automatically or manually, and

when these states change through the State Switchover Interval settings..

6. Sign in to LON-CL1 and open a command prompt.

7. Run the command ipconfig /release.

8. Run the command ipconfig /renew to obtain a new lease. This will take

longer than usual while LON-CL1 tries to find a DHCP server.

9. Run the command ipconfig /all to list network configuration details.

10. Notice LON-DC1, 172.16.0.10, is now the DHCP server.

11. Verify LON-DC1 issued a lease to LON-CL1. The lease doesn’t have to be

within the high availability scope.

12. Return to LON-SVR1 and start the DHCP service.

13. Check the IPv4 node properties, Failover tab and Edit button. Notice it is in a

Recover Wait state. In this state, the server will wait for the MCLT in order to

ensure that any processing that the server might have done prior to losing its

connectivity will not cause future difficulties. A server in Recover Wait does

not respond to DHCP client requests.

DHCP Database Backup and Restore

In this exercise you will perform various tasks to administer and maintain your

DHCP database. Specifically, you will verify the DHCP database files, create a

backup, and restore a DHCP database.

Backup the DHCP database


Pa55w.rd.

2. Open File Explorer and go to the location C:\Windows\System32\dhcp.

Note the various database files types.

3. Open the DHCP server console, right-click lon-svr1.adatum.com and select

Backup…

4. In the subsequent folder prompt, specify the location

C:\Windows\System32\dhcp\backup as the location and click OK.

5. In File Explorer go to C:\Windows\System32\dhcp\backup and verify the

backup files that are present.

Restore the DHCP database

1. Return to the DHCP console, right-click lon-svr1.adatum.com and select

Restore…

2. Specify C:\Windows\System32\dhcp\backup as the location where you can

find the backup and click OK.

3. Accept the prompt to restart the DHCP Server service and click Yes.

4. Verify that you receive a prompt saying the database was restored

successfully and click OK.

Windows PowerShell commands

1. As you have time, experiment with Windows PowerShell backup and restore

commands.

2. To back up the DHCP data for all scopes, use the following command:

Backup-DhcpServer -ComputerName lon-svr1.adatum.com -Path

C:\Windows\system32\dhcp\backup

3. To restore the DHCP database, use the following command:

Restore-DhcpServer -ComputerName lon-svr1.adatum.com -Path

C:\Windows\system32\dhcp\backup

DHCP Database Export and Import

In this exercise, you will export and import a DHCP server configuration using

Windows PowerShell.

Export the DHCP database


Pa55w.rd.

2. On LON-SVR1 and open the DHCP console.

3. Select a scope with a reservation and options.

4. In File Explorer, create a folder C:\ExportDHCP.


6. Export the DHCP server configuration.

Export-DHCPServer -file C:\exportdhcp\dhcp.xml

7. Open the file C:\ExportDHCP\dhcp.xml and view its contents.

8. What information does it contain?

DHCP configuration details such as class definitions, reservations, scopes, filters,

and leases.

Import the DHCP database

1. Change to LON-DC1.

2. In File Explorer, connect to the location \\LON-SVR1\C$ and copy the folder

C:\ExportDHCP to the local C: drive.


4. Import the DHCP server settings and lease details. You could just import the

leases.

Import-DHCPserver –File C:\exportdhcp\dhcp.xml –BackupPath

C:\Windows\System32\dhcp\backup

5. Click Yes when prompted to confirm you wish to import the settings.

6. Why was the –BackupPath parameter specified in the import command?

It is a mandatory parameter and must be specified. This is because the

command will create a backup before doing an import to allow for rollback if

needed

7. Open the DHCP console.

8. Expand the IPv4 node and verify the information was imported.

9. Do you see when you would use export/import rather than backup/restore?

DHCP Audit Logs

In this exercise you will enable, configure and view audit logs for DHCP.

Review the DHCP audit log


Pa55w.rd.

2. In Server Manager, open DHCP, right-click on the IPv4 node, and select

Properties. Notice where the DHCP database and backup are being stored.

3. Open File Explorer and go to C:\Windows \System32\dhcp.

4. Locate and open the dhcpSrvLog-XYZ.log file.

5. Note the event codes at the top of the file.

6. Which Event ID flags a new IP Address being leased to a client?

Event ID 10

7. What are codes about 50+ used for?

Provides rogue server detection information.

8. Close the Audit log.

Configure audit logs using PowerShell (optional)


2. Identify a cmdlet that will allow you view the current settings for the audit

logs.

Get-DhcpServerAuditLog

3. Question: Find a Windows PowerShell command to disable audit logging.

Set-DhcpServerAuditLog –enable $false

4. Restart the DHCP Server service.

5. Open the IPv4 properties dialogue and verify that auditing is now disabled.

You may need to refresh the DHCP console.

6. In File Explorer create a new folder called C:\DHCPAuditLogs.

7. Find a Windows PowerShell command to specify a new audit log location of

C:\DHCPAuditLogs and re-enable auditing.

Set-DhcpServerAuditLog –enable $true –Path C:\DHCPAuditLogs

8. Stop the DHCP Server service and then start the DHCP Server service. A

restart will not change the log path.

9. Open the DHCP console and verify auditing is now enabled again. Go to the

Advanced tab and verify the audit log path is now C:\DHCPAuditLogs. You

may need to refresh the console.

10. What type of data can you obtain from within the audit logs?

Answers will vary but items such as IP Addresses, MAC Addresses, Relay

Agent Information, and server authorized may be among the answers.

DHCP Diagnostics

In this exercise you will configure and view DHCP statistics and then examine Event

Viewer entries.

Configure DHCP statistics


Pa55w.rd.

2. In the DHCP console, right-click the IPv4 node and select Properties.

3. In the General tab, check the Automatically update statistics every:

checkbox and enter zero hours and 5 minutes. Apply your settings and close

the properties dialog box.

4. Right-click the IPv4 node and select Display Statistics….

5. Notice the values that are present. If you haven’t already done so, you should

configure server scopes, and have clients receive IP addresses to generate

some data.

6. Close the Server Statistics dialogue box, right-click a scope, and select

Display Statistics….

7. Notice the Scope Statistics and data that is available in comparison to

what’s available at the server level.

8. Close the Scope Statistics dialog box.

View DHCP statistics and examine the Event Viewer

1. On LON-DC1 open Server Manager and from the Tools menu, select Event

Viewer.

2. In Event Viewer, go to Application and Services

Logs/Microsoft/Windows/DHCP-Server.

3. Click the Operations log and scroll through the events that appear. You may

see events such as:

• Scope Activation: Event ID 73

• Option Setting changes: Event ID 76

4. Close Event Viewer.

Module 3 – DNS Basics

DNS Forwarders

In this exercise you will configure a DNS forwarder.

1. Login to EU-RTR as Adatum\Administrator with the password Pa55w.rd.

2. In Server Manager, go to Manage and select Add Roles and Features.

3. In the Add Roles and Features Wizard install DNS Server, accepting all the

defaults. Wait until the installation is successfully complete.

4. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

5. In Server Manager, in the Tools menu, select DNS.

6. Right-click LON-DC1, and then click Properties.

7. Click the Forwarder tab and select Edit.

8. Add EU-RTR.adatum.com as the forwarding server, ensure it validates

successfully. You will see an error relating to no IPv6 address being available for

the host name in question. This is as expected. Delete this IPv6 error entry and

click OK.

9. Notice that Use root hints is no forwarders are available is checked.

10. Click the Root hints tab. Ensure that root hints servers display. Read the

description of a root hint. Notice that you can Add a root hint server.

11. Open a PowerShell prompt.

12. View cmdlets that pertain to forwarders.

Get-Command *forwarder*

13. View DNS forwarder information.

Get-DnsServerForwarder

14. Notice the UseRootHint property is set to True. If a forwarder is not available or

configured root hints will be used.

15. The forwarder can typically be used for Internet addresses which are not

resolvable with internal name servers. Your ISP providers’ DNS server would be a

good choice for a forwarder.

DNS Conditional Forwarders

In this exercise you will view the options to configure conditional forwarders.



3. Expand LON-DC1, right-click the Conditional Forwarders node, and select New

Conditional Forwarder…

4. Examine the following options:

• Specify a DNS domain.

• Enter the IP Addresses of the master servers.

• Store the conditional forwarder details in Active Directory and replicate the

details to all DNS servers in the domain or forest, or all Domain Controllers in

the domain.

• Number of seconds before forward queries timeout in seconds.

5. We will not configure a Conditional Forwarder now as we do not have a second

domain which can be validated successfully in our virtual machine environment.

6. You may close the New Conditional Forwarder dialogue.

DNS Monitoring

In this exercise you will review DNS Monitoring information.



3. Right-click LON-DC1, select Properties, and switch to the Monitoring tab.

4. Select A simple query against this DNS server and A recursive query to other

DNS servers, and then click Test Now.

5. Test results should begin appearing.

• Notice that the Simple Query passes.

• Notice that the Recursive Query fails. This is normal given that there are no

forwarders configured for this DNS server.

• Notice that automatic testing is available at different test intervals. Use this

only while you are actively troubleshooting the DNS server.

6. Open a Windows PowerShell prompt.

7. Use Get-Service to view the status of the Windows DNS Server and DNS Client

services. Notice both services are Running.

Get-Service *dns*

8. Use Stop-Service to stop the DNS service. Verify your results.

Stop-Service DNS

9. Return to the DNS Manager and test the Simple Query. Notice the Simple Query

now fails.

10. Use Start-Service to start the DNS service.

Start-Service DNS

11. Verify the Simple Query test now passes.

12. Right-click LON-DC1, select Properties, and then click on the Debug Logging

tab.

13. Check the Log packets for debugging checkbox option and click OK.

14. Run some additional Monitoring tests.

15. Go to the folder %SystemRoot%\System32\Dns and open the dns.log. This is

where the output can be viewed and analyzed.

16. Note: You may need to refresh the console and wait a moment while the log file

is populated with information.

17. Review the dns.log file. At the top of the file is logging key for information about

the packets.

18. Be sure to turn off Monitoring and Debugging.

DNS Event Logging

In this exercise you will use review Monitoring and Event Logging information.

1. In the LON-DC1 Properties window, select the Event Logging tab.

2. Read about how the DNS event log maintains a record of errors, warnings, and

other events encountered by the DNS server. Different logging levels are

available and you can use this information to analyze server performance.

3. In Server Manager, go to Tools, and then Event Viewer.

4. In Event Viewer go to Applications and Services Logs and select DNS Server.

5. There are Informational events. For example, Event ID 2 indicates the DNS server

has started.

6. There are Warning events. For example, Event ID 4013 indicates the DNS server

is waiting on Active Directory Domain Services to signal synchronization has

completed.

7. There are Error events. For example, Event ID 408 indicates the DNS server could

not open a socket.

8. All events provide a detailed Description and usually a Help and Support Center

link.

9. In the Server Manager dashboard, select DNS main page, scroll down to Events.

Under Tasks, enable Informational events. These are the same logs you viewed

in Event Viewer.

10. Notice the presence of the same log events as you saw in the DNS Global Logs

earlier, however there are more options available in Event Viewer to manage,

configure Alerts, and filter the logs.

DNS Host Records

In this exercise you will configure DNS host resource records using the DNS console.

Create a host record using DNS Manager



3. In the DNS Manager console, expand LON-DC1, expand Forward Lookup

Zones, and select Adatum.com.

4. Notice a number of resource records have already been created. These are mainly

A records for the servers and client computers.

5. Right-click Adatum.com and notice the selection options to create a New Host

(A or AAAA), New Alias (CNAME), New Mail Exchanger (MX), and Other New

Records...

6. Select Other New Records... and view the large number of resource records that

are available. Select a record of interest and view the description that is provided.

7. Return and select New Host (A or AAAA). Add a new host record to ensure

www.adatum.com will be resolved to a specific IP address.

• Name: www

• IP address: 172.16.0.200

8. Verify your new A record was added to the Adatum.com Forward Lookup Zone.

Create a host record using Power Shell


2. View cmdlets that pertain to resource records.

Get-Command *resourcerecord*

3. View all the adatum.com resource records. Notice the zone name is required.

Get-DnsServerResourceRecord -ZoneName adatum.com

4. Use Add-DnsServerResourceRecordA to ensure ftp.adatum.com is resolved to

IP address 172.16.0.201. Specify a TimeToLive value of 120 seconds.

Add-DnsServerResourceRecordA -Name ftp -IPv4Address 172.16.0.201 -

TimeToLive 00:02:00 -ZoneName adatum.com

5. Return to the DNS Manager tool, Refresh the page, and verify the new record

was created.

6. Login to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.

7. Open a PowerShell prompt and test connectivity to ftp.adatum.com.

ping ftp.adatum.com

8. Note that ftp.adatum.com resolves to 172.16.0.201, however you receive a

message that the destination host is unreachable. This is because the IP address

does not exist in our virtual machine network.

9. Verify the ftp.adatum.com information is now available in the DNS client cache.

The cache is populated even though you were not able to successfully ping the

server.

Get-DNSClientCache

10. Note the TimeToLive value associated with the record. Once the TimeToLive value

(2 minutes, 120 seconds, as specified in the 00:02:00 value) has expired, the

record will be cleared from the cache. Wait for the 120 seconds, view the client

cache again and verify the record is no longer cached locally.

DNS Dynamic Updates

In this exercise you will verify the functionality of dynamic updates.


2. Open DNS Manager, expand the Forward Lookup Zone node, and select the

adatum.com zone.

3. Verify there is a record present for LON-CL1.adatum.com with an IP address of

172.16.0.50.


5. Click the Start button and type services.msc to open the Services console.

6. Locate the DNS Client service, in the service properties dialogue set the startup

type to Disabled, apply the setting and then Stop the service in the same

dialogue. Click OK to close the dialogue. Make sure the service is disabled.

7. Open the Network and Sharing Center, change adapter settings, right-click

London_Network, double-click Internet Protocol v4, change the IP address

assigned to 172.16.0.60.

8. Return to LON-DC1 and refresh the adatum.com zone.

9. Wait a minute and continue to refresh the adatum.com zone. Verify that the

record value does not change.

10. Return to the LON-CL1, open the services console, locate the DNS Client service

again and this time set the Startup type to Automatic. Apply your settings and

then Start the service.

11. Return to LON-DC1 and refresh the adatum.com zone.

12. Verify the LON-CL1 record has now been dynamically updated to the newly

assigned IP address 172.16.0.60.

Aging and Scavenging (DNS Manager)

In this exercise you will configure TTL, zone aging, and DNS server scavenging.


2. Open the DNS Manager, expand LON-DC1, expand Forward Lookup Zones,

right-click Adatum.com, and then click Properties.

3. Select the Start of Authority (SOA) tab.

4. In the Minimum (default) TTL box, type 2. Notice this setting is in hours, but

you can specify seconds, minutes, hours or days.

5. Apply your changes and return to the DNS Manager main page.

6. Right-click LON-DC1, and notice the Set Aging/Scavenging for All Zones and

Scavenge Stale Resource Records settings. These are DNS server level settings.

7. Select Set Aging/Scavenging for All Zones.

• Check the Scavenge stale resource records check box.

• Read about the No Refresh and Refresh Internal settings. Notice the

defaults are 7 days. Change the value to 5 days for both.

• Click Okay to save your changes and click the checkbox to Apply these

settings to the existing Active Directory-integrated zones.

8. Refresh the DNS management console go to the Adatum.com zone right click

the SOA record and choose Properties.

9. In the General tab click the Aging button and notice the 5 day values present

now for No-refresh and Refresh interval values.

Active Directory Integrated Primary Zones

In this exercise you will create a primary zone that is stored in a local file.



3. Expand LON-DC1, right-click Forward Lookup Zones, and then select New

Zone…

4. Create a zone with the following details.

• Zone Type: Primary Zone

• Check the box: Store in Active Directory

• Replication scope: To all DNS servers running on domain servers in the

domain

• Zone Name: ADZone.com

• Dynamic updates: Allow only secure dynamic updates

5. Open a Command Prompt and type ADSIedit to launch the LDAP editor. This is a

tool that can be used to manage and view records in the Active Directory

database.

6. In the console tree, right-click ADSI Edit, and then select Connect to...

7. In the Connection Point section click the Select or type a Distinguished Name

or Naming Context radio button.

8. Type the following text in the field.

DC=DomainDNSZones,DC=adatum,DC=com and click OK.

9. Once successfully connected, in the console tree again, expand default naming

content [LON-DC1.Adatum.com] then

DC=DomainDNSZones,DC=adatum,DC=com the CN=MicrosoftDNS followed

by DC=Adatum.com.

10. Notice all the resource records are listed as objects, double click some records

and view their properties. These are the objects that get replicated between DNS

Servers which have Active Directory-Integrated zones.

11. Notice also that all the root hint servers are listed under the

DC=RootDNSServers section.

12. Do not make any changes in ADSI Edit.

DNS Reverse Lookup Zones

In this exercise you will create and configure a reverse lookup zone.

Create a reverse lookup zone



3. Expand LON-DC1, right-click Reverse Lookup Zones, and then select New

Zone.

4. Read about the different types of zones (Primary, Secondary, and Stub).

5. Create a Primary Zone and indicate you want to Store the zone in Active

Directory.

6. Select how you want the information replicated in Active Directory: To all DNS

servers running on domain controllers in this domain: adatum.com.

7. On the Reverse Lookup Zone Name page select IPv4 Reverse Lookup Zone.

8. Enter the Network ID, which is 172.16.0

9. On the Dynamic Update page choose to Allow only secure dynamic updates.

10. Finish the wizard and verify you have a new Reverse Lookup Zone, in the format

0.16.172.in-addr.arpa.

11. Notice that by default, SOA and NS record types have been created.

12. In the DNS management console go to View then Advanced and return to the

Reverse Lookup Zone node.

13. Notice the presence of three additional Reverse Lookup Zones present i.e. 0.in-

addr.arpa, 127.in-addr.arpa and 255.in-addr.arpa. These are auto generated

by DNS for 0.0.0.0, loopback and broadcast functions. This means the DNS

server is authoritative for these reverse lookup zones.

14. Go to the Forward Lookup Zone, Adatum.com, and create an A record with the

following details.

• Name: LON-SVR3

• IP address: 172.16.0.88

• Check the box to Create associated pointer (PTR) record

15. Verify the A record has been successfully created in the adatum.com Forward

Lookup Zone.

16. Go to the Reverse Lookup Zone, then click on 0.16.172.in-addr.arpa and verify

the PTR record has also been created successfully. Be sure to refresh the

console.

View zones using PowerShell


2. View cmdlets that pertain to DNS server zones.

Get-Command *zone*

3. View the existing DNS server zones. Verify the reverse lookup zone you just

created exists.

Get-DnsServerZone

4. Notice that the presence of the auto generated reverse lookup zones as well as

the one you created earlier.

5. Which cmdlet could be used to create a Reverse Lookup Zone?

Add-DNSServerPrimaryZone

DNS Troubleshooting

In this exercise you will troubleshoot DNS client problems.



3. View cmdlets that pertain to DNS clients.

Get-Command *dnsclient*

4. View information about the client’s DNS server address. Notice that Interface

Index 11 is using DNS server 172.16.0.10. with the InterfaceAlias name of

Ethernet.

Get-DnsClientServerAddress

5. Test the ability to resolve host names like LON-SVR1. Notice an A resource record

is returned for LON-SVR1 with an IP address of 172.16.0.11.

Resolve-DnsName LON-SVR1 -DnsOnly

6. View the client cache and confirm LON-SVR1 information is now available locally.

Get-DnsClientCache

7. Use Set-DnsClientServerAddress to configure the DNS server address

172.16.0.20 on Interface Index 11. This is not the DNS server. We are purposely

incorrectly configuring the DNS server information.

Set-DnsClientServerAddress -InterfaceIndex 11 -ServerAddresses

172.16.0.20

8. Try to resolve the LON-SVR1 host name. Notice that a timeout error occurs and

the host name is not resolved. The Resolve-DNSName cmdlet forces a DNS

name resolution query, as such we do not reference the cache and even though

there is a value it is not referenced using this command.


9. Use Set-DnsClientServerAddress to correct your DNS server settings to DNS

server address 172.16.0.10 on Interface Index 11

Set-DnsClientServerAddress -ServerAddresses 172.16.0.10 -InterfaceIndex

11

10. Verify host name resolution is now working.


DNS Cache Locking

In this exercise, you will configure DNS Cache Locking.

Note: If you are running a lab instance from a previous lesson you should end the lab

session and start a new one to ensure you have a clean virtual machine environment to

work in. The lab steps are based on a new lab instance.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd

2. Open the DNS management console, right-click on LON-DC1, select Properties,

and then the Advanced tab.

3. In the server options: list locate the Secure cache against pollution option and

uncheck the box to disable it. Click OK to apply your setting change.

4. Open a Windows PowerShell console.

5. View commands that pertain to the server cache.

Get-Command *servercache*

6. Which PowerShell cmdlet would you use to view details about cache locking?

Get-DNSServerCache

7. Run the command and verify the EnablePollutionProtection value is False. This

indicates cache locking is not enabled.

8. Use Set-DNSServerCache to enable cache locking with a locking percent of 90.

Set-DNSServerCache -PollutionProtection $True -LockingPercent 90

9. Use Get-DNSServerCache to verify cache locking has been enabled with a

locking percent of 90.

10. Open the DNS management console, right-click on LON-DC1, select Properties

and open the Advanced tab.

11. Verify the Secure cache against pollution checkbox is now checked. You may

need to refresh the console to view the updated value.

12. Note: It is also possible to configure the cache locking feature using the

command line tool dnscmd.

DNS Socket Pools

In this exercise you will use PowerShell and Dnscmd to configure DNS socket pools.

Configure the DNS socket pool using PowerShell


2. Open a PowerShell prompt.

3. Pipe the output of Get-DNSServer to a file so it is easy to view and search the

DSN server settings.

Get-DNSServer > C:\ServerSettings.txt

4. Open the C:\ServerSettings.txt file and search for the term socket.

5. Within the ServerSettings section there are two settings of interest.

• SocketPoolSize defines how large the socket pool is and has a value of 2500.

• SocketPoolExclusionPortRanges defines the range of ports excluded from

the socket pool. There are no exclusions defined.

6. Export the current configuration to an XML file. This will make it easier to edit.

Get-DnsServer -ComputerName "LON-DC1.Adatum.com" | Export-Clixml -

Path "c:\DnsServerConfig.xml"

7. Change the SocketPoolSize setting in xml file to 5000.

8. Return to the PowerShell console and import the xml file into an object.

$x = Import-Clixml "c:\DnsServerConfig.xml"

9. Configure the DNS service to use the imported object.

Set-DnsServer -InputObject $x -ComputerName "LON-DC1.Adatum.com"

10. Note: If you receive an error on either of the previous two commands, run them

again in order, and ensure each command completes successfully.

11. Verify the SocketPoolSize value is now 5000.

Get-DNSServer

https://technet.microsoft.com/en-us/library/ee649148(v=ws.10).aspx

Configure the DNS socket pool using Dnscmd

1. A simpler way to configure to the DNS socket pool is to use the Dnscmd utility.

2. Open a command prompt and view the current DNS socket pool setting.

Dnscmd /Info /SocketPoolSize

3. Verify the socket pool size is 5000, as was set earlier.

4. Change the DNS socket pool size to 2500.

Dnscmd /Config /SocketPoolSize 2500

5. Verify the SocketPoolSize value is 2500.

Dnscmd /Info /SocketPoolSize

Module 4 – DNS Implementations

GlobalNames Zone

In this exercise you will create and configure a GlobalNames Zone.


2. Use File Explorer to connect to \\FileServer\C$. The name will not resolve.


4. View cmdlets that pertain to the GlobalNames Zone.

Get-Command *globalname*

5. View information about the GlobalNames Zone. Notice this feature is not

enabled.

Get-DNSServerGlobalNameZone

6. Enable the GlobalNames Zone.

Set-DNSServerGlobalNameZone -Enable $true

7. In the DNS management console create a Forward Lookup Zone with the

following settings.

• Zone Type: Primary and Store the zone in Active Directory

• AD Replication Scope: To All DNS Servers running on DCs in this Forest:

Adatum.com

• Zone Name: GlobalNames (this is not case sensitive)

• Dynamic Updates: Do not allow dynamic updates

8. Notice that SOA and NS record types have been automatically created for the

new zone.

9. Create a New Alias (CNAME)... record type.

• Alias name: FileServer

• FQDN for target host: LON-SVR1.adatum.com (Click Browse, double-click

LON-DC1, select Forward Lookup Zones, select Adatum.com. Continue to

drill-down until you can add LON-SVR1.adatum.com.

10. You have now configured the GlobalNames zone. A CNAME record is configured

so fileserver will resolve to LON-SVR1.adatum.com.

11. Use File Explorer to verify \\FileServer\C$ now resolves correctly.

Secondary Zones and Zone Transfers

In this exercise you will use DNS Manager to create and configure a secondary zone.

Create a Secondary Zone on EU-RTR

1. Login to EU-RTR as Adatum\Administrator with the password Pa55w.rd.

2. If the DNS Server role is not already installed on EU-RTR, use the Roles and

Feature Wizard in Server Manager.

3. After the role is installed, open the DNS Manager.

4. Right-click Forward Lookup Zones and create to a New Zone with the following

settings.

• Zone Type: Secondary zone

• Zone Name: Adatum.com

• Master DNS Server: LON-DC1.Adatum.com (Ensure the lon-dc1.adatum.com

validates successfully.)

5. You now have a secondary zone for adatum.com on EU-RTR.

Copy the Secondary Zone to EU-RTR

1. Right-click the new Adatum.com secondary zone and select Transfer from

Master. Notice the error and the red mark over the new zone, saying Zone not

loaded by DNS Server.

2. Go to LON-DC1, right click the Adatum.com zone and select Properties.

3. Click the Zone Transfers tab and check the Allow zone transfers: check box.

4. Check the To any server radio button. You could be more specific, but we will

keep it simple.

5. Continue and apply your changes.

6. Return to EU-RTR and refresh the DNS management console.

7. Right-click the adatum.com secondary zone and select Transfer new copy of

zone from Master.

8. Verify the zone gets populated on EU-RTR. You may need to refresh the console

or retry the transfer.

INF214x Basic Networking Practical Exercises - [email protected] Basic Networking – Practical Exercises Overview ... 4. Use the command to add a scope from

Documents