You are previewing DNS on Windows Server 2003, 3rd Edition.
O'Reilly logo
DNS on Windows Server 2003, 3rd Edition

Book Description

While computers and other devices identify each other on networks or the Internet by using unique addresses made up of numbers, humans rely on the Domain Name System (DNS), the distributed database that allows us to identify machines by name. DNS does the work of translating domain names into numerical IP addresses, routing mail to its proper destination, and many other services, so that users require little or no knowledge of the system. If you're a network or system administrator, however, configuring, implementing, and maintaining DNS zones can be a formidable challenge. And now, with Windows Server 2003, an understanding of the workings of DNS is even more critical. DNS on Windows Server 20003 is a special Windows-oriented edition of the classic DNS and BIND, updated to document the many changes to DNS, large and small, found in Windows Server 2003. Veteran O'Reilly authors, Cricket Liu, Matt Larson, and Robbie Allen explain the whole system in terms of the new Windows Server 2003, from starting and stopping a DNS service to establishing an organization's namespace in the global hierarchy. Besides covering general issues like installing, setting up, and maintaining the server, DNS on Windows Server 2003 tackles the many issues specific to the new Windows environment, including the use of the dnscmd program to manage the Microsoft DNS Server from the command line and development using the WMI DNS provider to manage the name server programmatically. The book also documents new features of the Microsoft DNS Server in Windows Server 2003, including conditional forwarding and zone storage in Active Directory (AD) application partitions. DNS on Windows Server 2003 provides grounding in:

  • Security issues

  • System tuning

  • Caching

  • Zone change notification

  • Troubleshooting

  • Planning for growth

If you're a Windows administrator, DNS on Windows Server 2003 is the operations manual you need for working with DNS every day. If you're a Windows user who simply wants to take the mystery out of the Internet, this book is a readable introduction to the Internet's architecture and inner workings.

Table of Contents

  1. DNS on Windows Server 2003
  2. A Note Regarding Supplemental Files
  3. Preface
    1. Versions
    2. What's New in This Edition
    3. Organization
    4. Audience
    5. Obtaining the Example Programs
    6. Viewing Microsoft Knowledge Base Articles
    7. Conventions Used in This Book
    8. Using Code Examples
    9. How to Contact Us
    10. Quotations
    11. Acknowledgments
  4. 1. Background
    1. 1.1. A (Very) Brief History of the Internet
    2. 1.2. On the Internet and Internets
      1. 1.2.1. The History of the Domain Name System
    3. 1.3. The Domain Name System in a Nutshell
    4. 1.4. The History of the Microsoft DNS Server
    5. 1.5. Must I Use DNS?
      1. 1.5.1. If You're Connected to the Internet . . .
      2. 1.5.2. If You Have Your Own TCP/IP-Based Internet . . .
      3. 1.5.3. If You Have Your Own Local Area Network or Site Network . . .
  5. 2. How Does DNS Work?
    1. 2.1. The Domain Namespace
      1. 2.1.1. Domain Names
      2. 2.1.2. Domains
      3. 2.1.3. Resource Records
    2. 2.2. The Internet Domain Namespace
      1. 2.2.1. Top-Level Domains
        1. 2.2.1.1. Country-code top-level domains
        2. 2.2.1.2. New top-level domains
      2. 2.2.2. Further Down
      3. 2.2.3. Reading Domain Names
    3. 2.3. Delegation
    4. 2.4. Name Servers and Zones
      1. 2.4.1. Delegating Subdomains
      2. 2.4.2. Types of Name Servers
      3. 2.4.3. Datafiles
    5. 2.5. Resolvers
    6. 2.6. Resolution
      1. 2.6.1. Root Name Servers
      2. 2.6.2. Recursion
      3. 2.6.3. Iteration
      4. 2.6.4. Choosing Between Authoritative Name Servers
      5. 2.6.5. The Whole Enchilada
      6. 2.6.6. Mapping Addresses to Names
    7. 2.7. Caching
      1. 2.7.1. Time to Live
  6. 3. Where Do I Start?
    1. 3.1. Which Name Server?
      1. 3.1.1. Getting the DNS Server
      2. 3.1.2. Handy Mailing Lists and Usenet Newsgroups
      3. 3.1.3. Finding IP Addresses
    2. 3.2. Choosing a Domain Name
      1. 3.2.1. On Registrars and Registries
      2. 3.2.2. Where in the World Do I Fit?
        1. 3.2.2.1. whois
      3. 3.2.3. Back in the U.S.A.
        1. 3.2.3.1. The generic top-level domains
        2. 3.2.3.2. Choosing a registrar
      4. 3.2.4. Checking That Your Network Is Registered
      5. 3.2.5. Registering Your Zones
  7. 4. Setting Up the Microsoft DNS Server
    1. 4.1. Our Zone
    2. 4.2. Installing the Microsoft DNS Server
      1. 4.2.1. Active Directory
    3. 4.3. The DNS Console
    4. 4.4. Setting Up DNS Data
      1. 4.4.1. Adding a New Server to the DNS Console
      2. 4.4.2. Creating a New Zone
        1. 4.4.2.1. The SOA record
        2. 4.4.2.2. The NS record
        3. 4.4.2.3. The A record
      3. 4.4.3. Creating a New Reverse-Mapping Zone
      4. 4.4.4. Adding Resource Records
        1. 4.4.4.1. Aliases
        2. 4.4.4.2. One more note about PTR records
      5. 4.4.5. Where Is All This Information Stored?
      6. 4.4.6. The Zone Datafiles
        1. 4.4.6.1. Contents of movie.edu.dns
        2. 4.4.6.2. Contents of 249.249.192.in-addr.arpa.dns
        3. 4.4.6.3. Contents of 253.253.192.in-addr.arpa.dns
      7. 4.4.7. Zone Datafile Format
        1. 4.4.7.1. Appending domains
        2. 4.4.7.2. @ notation
        3. 4.4.7.3. Repeat last name
      8. 4.4.8. The Loopback Address
      9. 4.4.9. The Root Hints Data
    5. 4.5. Running a Primary Master Name Server
      1. 4.5.1. Starting and Stopping the DNS Server
      2. 4.5.2. Check the Event Log for Messages and Errors
      3. 4.5.3. Testing Your Setup with nslookup
        1. 4.5.3.1. Look up a local name
        2. 4.5.3.2. Look up a local address
        3. 4.5.3.3. Look up a remote name
        4. 4.5.3.4. One more test
    6. 4.6. Running a Secondary Name Server
      1. 4.6.1. Add a New Server to the DNS Console
      2. 4.6.2. Create a New Zone
      3. 4.6.3. Add an NS Record for the New Secondary Name Server
      4. 4.6.4. Don't Forget the in-addr.arpa Zones!
      5. 4.6.5. SOA Values
    7. 4.7. Adding More Zones
    8. 4.8. DNS Properties
      1. 4.8.1. Resource Record Properties
      2. 4.8.2. Zone Properties
      3. 4.8.3. Server Properties
    9. 4.9. What Next?
  8. 5. DNS and Electronic Mail
    1. 5.1. MX Records
    2. 5.2. Adding MX Records with the DNS Console
    3. 5.3. What's a Mail Exchanger, Again?
    4. 5.4. The MX Algorithm
    5. 5.5. DNS and Exchange
  9. 6. Configuring Hosts
    1. 6.1. The Resolver
    2. 6.2. Resolver Configuration
      1. 6.2.1. DNS Suffix
      2. 6.2.2. Search List
        1. 6.2.2.1. Setting the search list manually
      3. 6.2.3. Name Servers to Query
        1. 6.2.3.1. Query behavior
    3. 6.3. Advanced Resolver Features
      1. 6.3.1. Caching
      2. 6.3.2. Subnet Prioritization
    4. 6.4. Other Windows Resolvers
      1. 6.4.1. Windows 95
      2. 6.4.2. Windows 98
      3. 6.4.3. Windows NT 4.0
    5. 6.5. Sample Resolver Configurations
      1. 6.5.1. Remote Name Server
      2. 6.5.2. Local Name Server
  10. 7. Maintaining the Microsoft DNS Server
    1. 7.1. What About Signals?
    2. 7.2. Logging
    3. 7.3. Updating Zone Data
      1. 7.3.1. Adding and Deleting Resource Records by Hand
      2. 7.3.2. SOA Serial Numbers
      3. 7.3.3. Additional Records
        1. 7.3.3.1. General text information
        2. 7.3.3.2. Responsible Person
      4. 7.3.4. Keeping cache.dns Current
    4. 7.4. Zone Datafile Controls
      1. 7.4.1. Changing the Origin in a Datafile
      2. 7.4.2. Including Other Datafiles
      3. 7.4.3. Keeping Everything Running Smoothly
      4. 7.4.4. Common Event Log Messages
      5. 7.4.5. Understanding Name Server Statistics
    5. 7.5. Aging and Scavenging
      1. 7.5.1. Configuring Aging and Scavenging
      2. 7.5.2. When Scavenging Occurs
      3. 7.5.3. Other Notes on Aging and Scavenging
  11. 8. Integrating with Active Directory
    1. 8.1. Active Directory Domains
      1. 8.1.1. Domains, Domain Trees, and Forests
      2. 8.1.2. Domain Models
      3. 8.1.3. Three Options for the Root Domain Name
        1. 8.1.3.1. Same name as an existing DNS domain
        2. 8.1.3.2. Subdomain of an existing DNS domain
        3. 8.1.3.3. Disjoint or private name
    2. 8.2. Storing Zones in Active Directory
      1. 8.2.1. The Impact on Replication
      2. 8.2.2. Using Application Partitions
      3. 8.2.3. Securing Dynamic Updates
    3. 8.3. DNS as a Service Location Broker
      1. 8.3.1. The SRV Resource Record
      2. 8.3.2. DC Locator
      3. 8.3.3. Resource Records Used by Active Directory
  12. 9. Growing Your Domain
    1. 9.1. How Many Name Servers?
      1. 9.1.1. Where Do I Put My Name Servers?
      2. 9.1.2. Capacity Planning
    2. 9.2. Adding More Name Servers
      1. 9.2.1. Active Directory Integration
      2. 9.2.2. Secondary Servers
      3. 9.2.3. Caching-Only Servers
      4. 9.2.4. Partial-Secondary Servers
    3. 9.3. Registering Name Servers
    4. 9.4. Changing TTLs
      1. 9.4.1. Changing Other SOA Values
    5. 9.5. Planning for Disasters
      1. 9.5.1. Outages
      2. 9.5.2. Recommendations
    6. 9.6. Coping with Disaster
      1. 9.6.1. Long Outages (Days)
      2. 9.6.2. Really Long Outages (Weeks)
  13. 10. Parenting
    1. 10.1. When to Become a Parent
    2. 10.2. How Many Children?
    3. 10.3. What to Name Your Children
    4. 10.4. How to Become a Parent: Creating Subdomains
      1. 10.4.1. Creating a Subdomain in the Parent's Zone
      2. 10.4.2. Creating and Delegating a Subdomain
        1. 10.4.2.1. An fx.movie.edu secondary
        2. 10.4.2.2. On the movie.edu primary master name server
        3. 10.4.2.3. Delegating an in-addr.arpa zone
        4. 10.4.2.4. Adding a movie.edu secondary
    5. 10.5. Subdomains of in-addr.arpa Domains
      1. 10.5.1. Subnetting on an Octet Boundary
      2. 10.5.2. Subnetting on a Nonoctet Boundary
        1. 10.5.2.1. Class A and B networks
        2. 10.5.2.2. /24 (Class C-sized) networks
          1. 10.5.2.2.1. Solution 1
          2. 10.5.2.2.2. Solution 2
          3. 10.5.2.2.3. Solution 3
    6. 10.6. Good Parenting
      1. 10.6.1. Using DNSLint
      2. 10.6.2. Managing Delegation
        1. 10.6.2.1. Managing delegation with stubs
    7. 10.7. Managing the Transition to Subdomains
      1. 10.7.1. Removing Parent Aliases
    8. 10.8. The Life of a Parent
  14. 11. Advanced Features and Security
    1. 11.1. New Ways to Make Changes
      1. 11.1.1. Dynamic Update
      2. 11.1.2. NOTIFY (Zone Change Notification)
      3. 11.1.3. Incremental Zone Transfer
      4. 11.1.4. More Efficient Zone Transfers
    2. 11.2. WINS Linkage
      1. 11.2.1. Configuring WINS Lookup
      2. 11.2.2. Using WINS Lookup and WINS Reverse Lookup
    3. 11.3. Building Up a Large, Sitewide Cache with Forwarders
      1. 11.3.1. A More Restricted Forwarding Name Server
    4. 11.4. Load Sharing Between Mirrored Servers
    5. 11.5. The ABCs of IPv6 Addressing
      1. 11.5.1. IPv6 Forward and Reverse Mapping
    6. 11.6. Securing Your Name Server
      1. 11.6.1. Preventing Unauthorized Zone Transfers
      2. 11.6.2. Disabling Recursion on Delegated Name Servers
  15. 12. nslookup and dig
    1. 12.1. Is nslookup a Good Tool?
      1. 12.1.1. Multiple Servers
      2. 12.1.2. Timeouts
      3. 12.1.3. The Search List
      4. 12.1.4. Zone Transfers
      5. 12.1.5. Using NetBIOS Names
    2. 12.2. Interactive Versus Noninteractive
    3. 12.3. Option Settings
    4. 12.4. Avoiding the Search List
    5. 12.5. Common Tasks
      1. 12.5.1. Looking Up Different Data Types
      2. 12.5.2. Authoritative Versus Nonauthoritative Answers
      3. 12.5.3. Switching Servers
    6. 12.6. Less Common Tasks
      1. 12.6.1. Seeing the Query and Response Messages
      2. 12.6.2. Querying Like a Name Server
      3. 12.6.3. Zone Transfers
    7. 12.7. Troubleshooting nslookup Problems
      1. 12.7.1. Looking Up the Right Data
      2. 12.7.2. No PTR Data for Name Server's Address
      3. 12.7.3. Timeouts
      4. 12.7.4. Query Refused
    8. 12.8. Best of the Net
    9. 12.9. Using dig
      1. 12.9.1. dig's Output Format
      2. 12.9.2. Zone Transfers with dig
      3. 12.9.3. dig Options
  16. 13. Managing DNS from the Command Line
    1. 13.1. Installing the DNS Server
    2. 13.2. Stopping and Starting the DNS Server Service
    3. 13.3. Managing the DNS Server Configuration
      1. 13.3.1. dnscmd Server Commands
      2. 13.3.2. dnscmd Zone Commands
      3. 13.3.3. dnscmd Application Partition Commands
      4. 13.3.4. dnscmd Resource Record Commands
    4. 13.4. An Installation and Configuration Batch Script
    5. 13.5. Other Command-Line Utilities
      1. 13.5.1. nslookup
      2. 13.5.2. ipconfig
      3. 13.5.3. netdiag
      4. 13.5.4. dcdiag
      5. 13.5.5. DNSLint
      6. 13.5.6. dnsdiag
  17. 14. Managing DNS Programmatically
    1. 14.1. WMI and the DNS Provider
      1. 14.1.1. Quick Overview
    2. 14.2. WMI Scripting with VBScript and Perl
      1. 14.2.1. Referencing an Object
      2. 14.2.2. Enumerating Objects of a Particular Class
      3. 14.2.3. Searching with WQL
      4. 14.2.4. Authentication with WMI
    3. 14.3. Server Classes
      1. 14.3.1. Listing a Name Server's Properties
      2. 14.3.2. Configuring a Name Server
      3. 14.3.3. Restarting the DNS Server Service
      4. 14.3.4. Putting It Together: Configuration Check Script
      5. 14.3.5. Monitoring Server Performance
    4. 14.4. Zone Classes
      1. 14.4.1. Creating a Zone
      2. 14.4.2. Configuring a Zone
      3. 14.4.3. Listing the Zones on a Server
    5. 14.5. Resource Record Classes
      1. 14.5.1. Finding Resource Records in a Zone
      2. 14.5.2. Creating Resource Records
  18. 15. Troubleshooting DNS
    1. 15.1. Is DNS Really Your Problem?
    2. 15.2. Checking the Cache
    3. 15.3. Using DNSLint
    4. 15.4. Potential Problem List
      1. 15.4.1. 1. Forget to Increment Serial Number
      2. 15.4.2. 2. Forget to Restart Primary Master Server
      3. 15.4.3. 3. Name Server Loses Manual Changes
      4. 15.4.4. 4. Secondary Server Can't Load Zone Data
      5. 15.4.5. 5. Add Address to Zone, but Forget to Add Corresponding PTR Record
      6. 15.4.6. 6. Wrong Domain Name in RDATA of Record
      7. 15.4.7. 7. Loss of Network Connectivity
      8. 15.4.8. 8. Missing Subdomain Delegation
      9. 15.4.9. 9. Incorrect Subdomain Delegation
    5. 15.5. Interoperability Problems
      1. 15.5.1. The WINS and WINS-R Records
      2. 15.5.2. BIND Secondaries for Active Directory-Integrated Zones
    6. 15.6. Problem Symptoms
      1. 15.6.1. Can't Look Up Local Name
      2. 15.6.2. Can't Look Up Remote Names
      3. 15.6.3. Wrong or Inconsistent Answer
      4. 15.6.4. Lookups Take a Long Time
  19. 16. Miscellaneous
    1. 16.1. Using CNAME Records
      1. 16.1.1. CNAMEs Attached to Interior Nodes
      2. 16.1.2. CNAMEs Pointing to CNAMEs
      3. 16.1.3. CNAMEs in the Resource Record Data
      4. 16.1.4. Looking Up CNAMEs
      5. 16.1.5. Finding Out a Host's Aliases
    2. 16.2. Wildcards
    3. 16.3. A Limitation of MX Records
    4. 16.4. DNS and Internet Firewalls
      1. 16.4.1. Types of Firewall Software
        1. 16.4.1.1. Packet filters
        2. 16.4.1.2. Application gateways
      2. 16.4.2. A Bad Example
      3. 16.4.3. Internet Forwarders
        1. 16.4.3.1. The trouble with forwarding
        2. 16.4.3.2. Using stub zones
      4. 16.4.4. Internal Roots
        1. 16.4.4.1. Where to put internal root name servers
        2. 16.4.4.2. Forward-mapping delegation
        3. 16.4.4.3. in-addr.arpa delegation
        4. 16.4.4.4. The root.dns file
        5. 16.4.4.5. Configuring other internal name servers
        6. 16.4.4.6. How internal name servers use internal roots
        7. 16.4.4.7. The trouble with internal roots
      5. 16.4.5. A Split Namespace
        1. 16.4.5.1. Configuring the bastion host
    5. 16.5. Dial-up Connections
      1. 16.5.1. Simple Dial-up
      2. 16.5.2. Dial-on-Demand
  20. A. DNS Message Format and Resource Records
    1. A.1. Master File Format
      1. A.1.1. Time to Live
      2. A.1.2. Character Case
      3. A.1.3. Types
        1. A (address)
        2. CNAME (canonical name)
        3. MX (mail exchanger)
        4. NS (name server)
        5. PTR (pointer)
        6. SOA (start of authority)
        7. TXT (text)
      4. A.1.4. New Types from RFC 1183
        1. RP (Responsible Person—experimental)
      5. A.1.5. New Types from RFC 1886
        1. AAAA (IPv6 Address)
      6. A.1.6. New Types from RFC 2052
        1. SRV (service location)
      7. A.1.7. Classes
    2. A.2. DNS Messages
      1. A.2.1. Message Format
      2. A.2.2. Header Section Format
      3. A.2.3. Question Section Format
        1. QCLASS values
        2. QTYPE values
      4. A.2.4. Answer, Authority, and Additional Section Format
      5. A.2.5. Data Transmission Order
    3. A.3. Resource Record Data
      1. A.3.1. Data Format
        1. Domain name
        2. Message compression
        3. Character string
  21. B. Converting from BIND to the Microsoft DNS Server
    1. B.1. Step 1: Change the DNS Server Startup Method to File
    2. B.2. Step 2: Stop the Microsoft DNS Server
    3. B.3. Step 3: Change the Zone Datafile Naming Convention
    4. B.4. Step 4: Copy the Files
    5. B.5. Step 5: Get a New Root Name Server Cache File
    6. B.6. Step 6: Restart the DNS Server
    7. B.7. Step 7: Change the DNS Server Startup Method to Registry
  22. C. Top-Level Domains
  23. Index
  24. About the Authors
  25. Colophon
  26. Copyright