MCSE 05 Implementing of a Network Infrastructure 05 Theory

8/6/2019 MCSE 05 Implementing of a Network Infrastructure 05 Theory

http://slidepdf.com/reader/full/mcse-05-implementing-of-a-network-infrastructure-05-theory 1/36

ADVANTAGE PROADVANTAGE PRO ± Chennai¶s Premier Networking Training Center

DNS Processes:Name Query

ADVANTAGE PRO ± Chennai¶s Premier Networking Training Center




Recursive and Iterative Queries

Name Caching

Forwarders

Root Hints

Delegation and Glue Records

Name Query Behavior Name Query Behavior




DNS Client querying for:Mail1.Contoso.Com

Recursive Query to itsConfigured DNS Server 1. Client sends recursive query

to local DNS Server

2. Local DNS Server checks: Forward lookup zone Cache

3. If found, the DNS Server returns answer to Client

4. If not found, the DNS Server uses Forwarder address or Root Hints.

Recursive QueryRecursive Query




If configured to useRoot Hints,Local DNS makes IterativeQueries:

1. Local DNS Server sends

iterative query to Root server to obtain authoritative NS

2. Root server responds with aReferral to a DNS Server

closer to the submitteddomain name

NonNon--Recursive (Iterative) QueryRecursive (Iterative) Query




1. Local DNS server then makes iterative query to thatserver.

2. Process continues until Local DNS receives AuthoritativeResponse

3. Response is then sent to the DNS client




Possible Response to an Iterative Query

References a DNS Server ³closer´ to name in query

Usually one level below server being queried

ReferralReferral




The DNS Server caches Host Name and IP Address of: Host Names resolved via iterative queries to other DNS

Servers

Name Servers that it learns are authoritative for unknown

domains

DNS Server uses its cached data in conjunction with itszone data to resolve subsequent queries: If specific Host/IP Mapping are in cache Server returns

that data to querying host

Will used cached Name Server data when trying toresolve subsequent queries to unknown domains

DNS Server CachingDNS Server Caching




Length of time entries stay in cache (TTL) is set byresponding server




If DNS Server learns that Host Name is invalid or doesnot exist from an authoritative server, it caches thatinformation

On subsequent queries it can then respond to clientwithout attempting to contact the remote Server

Helps to reduce overall traffic between servers.

Negative CachingNegative Caching




DNS Client (Resolver) also caches resolved Host Name/IPMapping data

Client checks local cache before contacting DNS Server

Local HOSTS file, if it exists, is pre-loaded into cache atstartup

Clients also perform Negative Caching

Entries remain in cache for duration specific by TTL

ClientClient--side (Resolver) Cachingside (Resolver) Caching




If DNS Server cannot resolve name using local or cacheddata, it must communicate with other name servers toresolve request, often across Internet or WAN

Forwarders are DNS Servers configured to handle queriesthat cannot be resolved using local data, and for whichqueries across the Internet or WAN are necessary

Reduces workload on local DNS Servers, tasks specificmachines with remote query functions

ForwardersForwarders




DNS Servers may be configured with address of one or more Forwarders

DNS Servers use Forwarders in one of two modes

Non-exclusive mode DNS Server passes queries that cannot be resolved with local

data to specified Forwarder

If Forwarder cannot resolve request, local DNS Server attempts resolution via normal process of iterative queries viaRoot Hints.

Forwarder Behavior Forwarder Behavior




Exclusive Mode

Same as above, except local Server does not attemptresolution via Root Hints if Forwarder cannot resolverequest.

Windows 2003 DNS Servers can be set Exclusive via ³Donot use recursion´ option in Server properties.




Used to resolve names for which server is notauthoritative : Root Hints direct queries from name servers to Root

of namespace

Configuration Cache.dns

Edit Root Hints in the Properties of the DNS Server

Root HintsRoot Hints




DNS Servers configured to only ³query and cache´

Not authoritative for any domain

No zone files ± only cached data

Windows 2003 DNS Servers function as Caching Onlyservers at initial install if no zones are configured Uses Root Hints to carry out query process

Caching Only DNS Server Caching Only DNS Server




Delegation of Subdomains to aSeparate Zone

Requires NS and ARecords in Parent

Zone

Lists AuthoritativeName Server for theDelegated Zone

Delegation and Glue RecordsDelegation and Glue Records




Delegation NS Record in Parent Zone

Necessary for Name Resolution

Glue Record

A Record in Parent Zone

Needed when NS is a member of the delegated domain




Recursive and Iterative Queries

Name Caching

Forwarders

Root Hints

Delegation and Glue Records

SummarySummary




DNS Processes:Server-Side Processes




DNSDNSProcessesProcesses

Server Server--sideside ProcessesProcesses




Name Server Types

Zone Transfer Process

Active Directory Integration of DNS Zones

Round Robin

Subnet Prioritization

Discussion TopicsDiscussion Topics




DNS Servers can be configured with several zone typesor none at all:

Normal Operation Standard Primary Standard Secondary AD Integrated

Caching Only (No Zones)

Numerous options for optimal configuration based onnetwork topology, size of namespace, etc.

Name Server FunctionsName Server Functions




Standard Primary Zone Authoritative server for its zone (or zones)

Hosts master (writeable) copy of zone file(s)

Changes to Zone Data are carried out on this server¶slocal zone files

In Win2k, supports dynamic update of zone files

Standard Secondary Zone

Receives its Zone Data and updates from authoritativeMaster Name server in its zone via Zone Transfer

process

Zone TypesZone Types




Master Server Server from which a Secondary Name Server

receives its zone data and updates NOTE: A Secondary can function as Master to

another Secondary

Active Directory Integrated Zone

Zone Data is stored in Active Directory database

Only on Windows 2003 Domain Controllers

Multiple writable / master copies of zone

Caching-only Servers




Transfer of Records to a Secondary Name Server in aZone

Pulled from a Master Server Master can be the Primary Name Server or another Secondary

Server Notification Based

Two Types: Full Zone Transfer

Windows 2003, Windows NT ® operating system 4.0

Incremental Zone Transfer Windows 2003

Zone TypesZone Types




Notification of Change

Master Notifies Secondary

Notify List

Notification Process: Serial Number field in the SOA RR is updated

Master sends a Notify message to servers on the Notify List

Secondary servers initiate the Zone transfer process

DNS NotifyDNS Notify




Transfer of the Entire Zone Database: Secondary waits ± Refresh

Secondary polls the master server for its SOA RR

Secondary compares master SOA serial number to itsown

If the number from the master is higher ± The zonedatabase on the secondary is out of date

Full Transfer (AXFR) query is sent to the master

Master responds with the full zone database

Full Zone Transfer Full Zone Transfer




If the master does not respond at step 2: The Retry field specifies how often the secondary retries the

process

If no answer after the interval in the Expire field The secondary server discards the zone




Based on Zone Version History Maintained by Master

Increases Disk Space Needs on the Server

Same Process as Full Transfer until the Transfer query Secondary sends an Incremental Transfer (IXFR) instead of

AXFR query

Master sends only changes unknown to the secondary

Incremental Transfer Incremental Transfer




AD Integrated Zone Stored as AD Objects

Replicated as part of normal AD Replication

Multi-master Replication model

Benefits: Fault Tolerance

Security Simplified Management

More Efficient Replication of Large Zones

Active Directory Integrated ZonesActive Directory Integrated Zones




DNS Transfers Full Zone Transfers send the Entire Database

Incremental Zone Transfers send Each Change

Per-Property Processing Only Relevant Changes Propagated

Every DNS Server running on a DC is Authoritative SOA Records

MultiMulti--master Replicationmaster Replication




Near Simultaneous Changes to the Same Object onDifferent DCs Results in inconsistent information between DCs

Replication Collision Change happens on Second DC before first change is

replicated

Resolution: AD disambiguates the names

Compares the version number of the changes If the versions are the same Timestamps are compared

Latest change is kept

Name Collisions (Active Directory Integrated)Name Collisions (Active Directory Integrated)




Multiple Resource Records for one name (same name, differentIP Addresses)

Server rotates order of A recordswhen responding

Example with three A records:

1. First client queries toresolvewww.newcorp.com andreceives 172.16.64.11first in the reply

2. Second client receives172.17.64.22 first inresponse to the queryon same name

Round RobinRound Robin




1. Third client receives the address 172.18.64.33

2. The next client would receive the first address in order as theserver restarts the rotation

Enabled by ³Advanced Properties of the DNS Server´setting in the DNS MMC




Response is reordered based on thesubnet of the client and resourcerecord (RR)

The host Srv1.newcorp.com hasthree host IP addresses registeredin DNS zone data

DNS Client queries the DNS Server to resolve Srv1.newcorp.com

The DNS Server notes theoriginating IP of the client, andreorders the response to provideaddress matching client¶s ownnetwork

List is not prioritized if no localnetwork match is found

Round Robin with Subnet PrioritizationRound Robin with Subnet Prioritization




Name Server Types

Zone Transfer Process

Active Directory Integration of DNS Zones

Round Robin

Subnet Prioritization

SummarySummary

MCSE 05 Implementing of a Network Infrastructure 05 Theory

Documents