Skip to main content

Implement DNS in server 2016

  Implement DNS in windows server 2016

DNS

Windows Server 2016 supports the use of user-friendly domain names to represent 

the IP address of a host or a client. This requires name resolution so that the 

computer can identify the IP address that the user-friendly name refers to.

Host Name Resolution is supported by Domain Name Services (DNS). DNS is a 

distributed database that is used in TCP/IP networks to translate computer names to 

IP addresses. It is commonly associated with the Internet but is also used extensively 

in private networks. DNS provides the following benefits:

• DNS names are user-friendly, making them easier to remember than IP addresses

• DNS names remains constant even when IP addresses change

• DNS allows users to connect to local servers by using the same naming convention as the Internet.

With the release of Windows Server 2016 there are a few new features available. 6 

New Features in Server 2016 with DNS are

DNS Policies: You can now control how your DNS server handles queries based on 

DNS Policies that can be configured for different scenarios.

IPv6 Root Hints: When you install DNS IPv6 Root Hints will be populated natively 

without having to update it manually.

Response Rate Limiting: RRL is used to prevent DNS amplification attacks against a 

local DNS server.

DNS Based Authentication of Named Entities: DANE prevents man in the middle 

attacks on your DNS server by using Transport Layer Security Authentication records.

Unknown Record Support: Non Microsoft DNS servers have records that are not 

directly supported by a Microsoft DNS server. You can now add records which are not 

explicitly supported.

Extended Windows PowerShell Support: There are new PowerShell cmdlets introduced.


Components of DNS

DNS provides a system that allows a simplified name to represent any number of 

configured addresses. It makes it simpler to use a domain name like myspace.com 

for most users instead of an IP address.

DNS was designed with three main components: namespace and resource records, nameservers and resolvers.


DNS Namespace

The DNS database hierarchical naming scheme is called a domain name space. Each 

node in the hierarchy represents a partition of the DNS database. The nodes are 

known as domains, and each of them must have a name as the DNS database is 

indexed by name. When you add domains to the hierarchy, the name of the parent 

domain is appended to the domain, which becomes a child domain or subdomain.


DNS Nameservers

A nameserver is a server that handles queries regarding the location of a domain's 

services such as website, emails, etc. It is also a part of the DNS which maintains a 

directory of domain names and translates them to IP addresses.

Whenever a domain is visited by a user, DNS does an initial lookup for the name 

servers and reviews the DNS record. Any DNS nameserver can be queried for a 

resource record and if the server is not authoritative for the requested domain, it 

checks to see if it has a cached version or the resource record. 

If it doesn't have a cached version, it queries the authorized name server for an upto-date copy of the record. If a new resource record comes up from the authorized 

nameserver, it is cached for future searches.


DNS Resolver

A DNS resolver is a server on the internet that converts domain names to IP 

addresses. When using the internet, every time you connect to a website using its 

domain name like google.com, your computer contacts a DNS resolver to get the 

current IP address of google.com.

When you send a request to the DNS resolver, it accesses other servers in the DNS to 

obtain the address then sends you the response.


DNS Zones Types

The complete Domain Name System (DNS) hierarchy cannot be stored on a single 

server. Portions of Domain Name System (DNS) hierarchy is divided and stored 

among multiple DNS servers.

A DNS Zone is a database that contains Resource Records of a contiguous DNS 

Namespace. The administrative responsibility for a DNS Namespace has been 

delegated to an organization, by using the concept of DNS Zone. The DNS Zone is 

Authoritative for the portion of DNS Namespace which it holds.

DNS Zones can be generally classified into , Primary DNS Zone, Secondary DNS Zone, 

Stub Zone and Active Directory Integrated Zone.


Primary DNS Zone

A Primary DNS zone is the original Read-Write Authoritative DNS zone of portion of 

a DNS Namespace. When a DNS Server hosts a primary zone, that DNS Server is 

considered as the Authoritative DNS Server and it is the primary source for 

information of that zone. Zone updates are possible only in a Primary DNS zone. 

Primary DNS zone is hosted in the Primary DNS Server.


Secondary DNS Zone

A Secondary DNS Zone is Read-Only copy of a Primary Zone, or another Secondary 

Zone, kept in a Secondary DNS Server. A Secondary DNS Zone is used to reduce the 

load on Primary DNS Servers and also for preventing single point of failure.

The Zone information from the Primary DNS Server is transferred to the Secondary 

DNS Server via a process known as Zone Transfer.


Stub DNS Zone

A stub zone is a copy of a zone that contains only those resource records necessary 

to identify the authoritative Domain Name System (DNS) servers for that zone. A 

stub zone is used to resolve names between separate DNS namespaces. 

This type of resolution may be necessary when a corporate merger requires that 

the DNS servers for two separate DNS namespaces resolve names for clients in 

both namespaces.

A stub zone consists of the following

The start of authority (SOA) resource record, name server (NS) resource records, and 

the glue A resource records for the delegated zone.

The IP address of one or more master servers that can be used to update the stub zone. 


Active Directory Integrated Zone
Active Directory Integrated Zones stores its zone data in Active Directory. 
Integrated zones can be replicated to all domain controllers in the domain and 
forest. Active Directory integrated zones use multi-master replication, this means 
any domain controller running the DNS server service can write updates to the 
zone for which they are authoritative.
Following are the advantages of Active Directory integrated Zones
• Replication is faster, more secure and efficient.
• Better redundancy due to zone data being copied to all Domain Controllers
• Improved Security if secure dynamic update is enabled
• No need to schedule or manage zone transfers

DNS Zone File
A DNS Zone file is a plain text file stored on a controlling DNS server that contains 
all the records for every domain within a given zone. Zone files can include many 
different record types, it can also contain the complete Internet Protocol to domain 
mapping of the domain.
DNS zone files help in Domain Name System management. The files provide 
valuable information such as the email address of the admin, DNS records, the name 
servers involved and other additional information.

A Zone transfer is where the master DNS servers transfer zone data from the master to secondary. Zone transfers take place when they are not integrated with Active Directory. Zone transfers can occur during any of the following 
• When the refresh interval expires 
• When a master server notifies a change has occurred 
• When the server has rebooted or DNS service has restarted 
• A manual transfer has occurred from the DNS console

A DNS query is a demand for information sent from a DNS client to a DNS server. In most cases a DNS request is sent, to ask for the IP address associated with a domain name. An attempt to reach a domain, is actually a DNS client querying the DNS servers to get the IP address, related to that domain. Generally queries can be classified as Recursive, Iterative and Inverse queries.

DNS Records
Canonical or CNAME record will alias one site name to another. The DNS lookup will then 
route domain name requests the new name that the A record holds. These records must 
point to a fully qualified domain name.
The ALIAS record is functionally similar to a CNAME record in that it is used to point one 
name to another. That said, while CNAME records are for subdomains, an ALIAS record is 
used to lead the apex domain name (example.com) to a subdomain such as 
host.example.com. The authoritative nameservers for the Apex domain will subsequently 
resolve the IP of the hostname to direct traffic.
TXT records hold the free-form text of any type. Initially, these were for human-readable 
information about the server such as location or data center. Presently, the most common 
uses for TXT records today are SPF and Domain_Keys(DKIM).
SRV Generalized service location record, used for newer protocols instead of creating 
protocol-specific records such as MX. This type of record, while helpful, is not commonly 
used.
Pointer or PRT records point an IP to a canonical name and used explicitly in reverse DNS. 
It is important to note that a reverse DNS record needs to be set up on the authoritative 
nameservers for the person that owns the IP, not the person that owns the canonical name.

DNS Caching
A DNS cache sometimes called a DNS resolver cache is a temporary database, maintained 
by a computer's operating system, that contains records of all the recent visits and 
attempted visits to websites and other internet domains.
In other words, a DNS cache is just a memory of recent DNS lookups that your computer 
can quickly refer to when it's trying to figure out how to load a website.

A DNS forwarder -  is a DNS server that can resolve unresolved queries from other servers. If you designate a particular server as the server to forward queries to, that server becomes the forwarder. Queries are often forwarded to an external DNS server, such as an ISP's DNS servers. Forwarding all unresolved queries to a specific server and having that server forward them out to the Internet, can reduce security concerns because you are limiting all your external DNS traffic to a single server. 

A DNS server that is configured to use a forwarder will first use its primary and secondary DNS server entries, then, if a query is not resolved, send the request off to the forwarder. If a response is not received within the time specified, the server will attempt to use its root hints.


Conditional forwarding- occurs where a server only forwards queries for certain domains to certain DNS servers. In other words, instead of forwarding all unresolved queries to a forwarder, you specify that you will only forward requests for certain domains to certain forwarders. Conditional forwarding is primarily used to improve performance of DNS queries. 

DNS performance is increased because DNS servers do not have to query the domain root servers, or Internet root servers, but can instead go directly to the DNS server that hosts that domain. Configuring conditional DNS forwarding is very similar to configuring regular forwarding. 
The extra step is to configure the "conditional" part. Basically, you must define what domains you want to go to a particular DNS forwarder.



Comments

Post a Comment

Popular posts from this blog

what is computer network and their types ?

   what is network ? -  A network is a group of two or more computer systems, which are connected together. It also consist of a collection of computers, printers, scanner and other devices that are liked together. Networking has single purpose to share information as fast as possible.   The basic types of network- 1) LAN - LAN stands for Local Area Network. It is used to network computers within a limited area like office, school by using the network media. 2) CAN - Campus Area Network is an interconnection of local area networks within limited geographical area. campus network can be additional to the set of wireless connections. connects several buildings to the same network. Example, corporate office campus, university. 3) MAN - MAN means Metropolitan Area Network, which optimized for a larger geographic area than a LAN, ranging from several blocks of buildings to entire city. 4) WAN - WAN is Wide Area Network that is network connection of wide area such as the w...
Post a Comment
Read more

Levels of Software Testing

   Levels of Software Testing There are various testing levels one of which is unit testing in which the smallest testable part of an application is testing for correctness. In integration testing we check the system when we linking  the various modules.  In system testing we check the system as a whole from customers’ viewpoint. Acceptance testing tries to check whether the system is acceptable by most of the users. Alpha testing is carried out at developer’s site and beta is at customer’s site. A Testers workbench is a virtual environment used to verify the correctness or soundness of a design or model. 11 step testing process is a experience based practical approach for solution to a test assignment.     UNIT TESTING -        Unit testing is a software development process in which the smallest testable parts of an application, called units, are individually and independently scrutinized for proper operation. Unit testing is often...
Post a Comment
Read more

PL / SQL IN DBMS

                                          PL / SQL   Pl/SQL    state Loops in PL/SQL   Built in Function     Cursor Management     Exception INTRODUCTION   PL/SQL stands for Procedural Language/SQL. PL/SQL extends SQL by adding constructs found in procedural languages,  resulting in a structural language that is more powerful than  SQL.PL/SQL is not case sensitive. ‘C’ style comments (/* ……… */)  may be used in PL/SQL programs whenever required.   All PL/SQL programs are made up of blocks, each block performs  a logical action in the program. A PL/SQL block consists of three parts  1. Declaration section   2. Executable section   3. Exception handling section  Only the executable section is required. The other sections are  optional.  A PL/SQL block h...
Post a Comment
Read more