book

DNS on Windows 2000, Second Edition

by Matt Larson, Cricket Liu

September 2001

Intermediate to advanced

352 pages

11h 1m

English

O'Reilly Media, Inc.

Read now

Unlock full access

DNS on Windows 2000, 2nd Edition
Preface
Versions
What’s New in This Edition
Organization
Audience
Obtaining the Example Programs
Conventions Used in This Book
How to Contact Us
Quotations
Acknowledgments

1. Background
A (Very) Brief History of the Internet
On the Internet and Internets
The History of the Domain Name System
The Domain Name System, in a Nutshell
The History of the Microsoft DNS Server
Must I Use DNS?
If You’re Connected to the Internet...If You Have Your Own TCP/IP-Based Internet...If You Have Your Own Local Area Network or Site Network...
2. How Does DNS Work?
The Domain NamespaceDomain NamesDomainsResource Records
The Internet Domain Namespace
Top-Level DomainsFurther DownReading Domain Names
Delegation
Name Servers and Zones
Delegating SubdomainsTypes of Name ServersData Files
Resolvers
Resolution
Root Name ServersRecursionIterationChoosing Between Authoritative Name ServersThe Whole EnchiladaMapping Addresses to Names
Caching
Time to Live
3. Where Do I Start?
Which Name Server?Getting the DNS ServerHandy Mailing Lists and Usenet NewsgroupsFinding IP Addresses
Choosing a Domain Name
On Registrars and RegistriesWhere in the World Do I Fit?whoisBack in the U.S.A.The us domainThe generic top-level domainsChoosing a registrarChecking That Your Network Is RegisteredRegistering Your Zones
4. Setting Up the Microsoft DNS Server
Our Zone
The DNS Console
Setting Up DNS Data
Adding a New Server to the DNS ConsoleCreating a New ZoneThe SOA recordThe NS recordThe missing A recordCreating a New Reverse-Mapping ZoneAdding Resource RecordsAliasesOne more note about PTR recordsWhere Is All This Information Stored?The Zone Data FilesZone Data File FormatAppending domains@ notationRepeat last nameThe Loopback AddressThe Root Hints Data
Running a Primary Master Name Server
Starting and Stopping the DNS ServerCheck the Event Log for Messages and ErrorsTesting Your Setup with nslookupLook up a local nameLook up a local addressLook up a remote nameOne more test
Running a Slave Name Server
Add a New Server to the DNS ConsoleCreate a New ZoneAdd an NS Record for the New Slave Name ServerDon’t Forget the in-addr.arpa Zones!SOA Values
Adding More Zones
DNS Properties
Resource Record PropertiesZone PropertiesServer Properties
What Next?
5. DNS and Electronic Mail
MX Records
Adding MX Records with the DNS Console
What’s a Mail Exchanger, Again?
The MX Algorithm
DNS and Exchange
6. Configuring Hosts
The Resolver
Resolver Configuration
DNS SuffixSearch ListSetting the search list manuallyName Servers to QueryQuery behavior
Advanced Resolver Features
CachingSubnet PrioritizationLoose Response Acceptance
Other Windows Resolvers
Windows 95Windows 98Windows NT 4.0
Sample Resolver Configurations
Remote Name ServerLocal Name Server
7. Maintaining the Microsoft DNS Server
What About Signals?
Logging
Updating Zone Data
Adding and Deleting Resource Records by HandSOA Serial NumbersAdditional RecordsGeneral text informationResponsible PersonKeeping db.cache Current
Zone Data File Controls
Changing the Origin in a Data FileIncluding Other Data FilesKeeping Everything Running SmoothlyCommon Event Log MessagesUnderstanding Name Server Statistics
8. Growing Your Domain
How Many Name Servers?Where Do I Put My Name Servers?Capacity Planning
Adding More Name Servers
Active Directory IntegrationSlave ServersCaching-Only ServersPartial-Slave Servers
Registering Name Servers
Changing TTLs
Changing Other SOA Values
Planning for Disasters
OutagesRecommendations
Coping with Disaster
Long Outages (Days)Really Long Outages (Weeks)
9. Parenting
When to Become a Parent
How Many Children?
What to Name Your Children
How to Become a Parent: Creating Subdomains
Creating a Subdomain in the Parent’s ZoneCreating and Delegating a SubdomainAn fx.movie.edu slaveOn the movie.edu primary master name serverDelegating an in-addr.arpa zoneAdding a movie.edu slave
Subdomains of in-addr.arpa Domains
Subnetting on an Octet BoundarySubnetting on a Nonoctet BoundaryClass A and B networks/24 (Class C-sized) networksSolution 1Solution 2Solution 3
Good Parenting
Using hostManaging Delegation
Managing the Transition to Subdomains
Removing Parent Aliases
The Life of a Parent
10. Advanced Features and Security
DNS NOTIFY (Zone Change Notification)
WINS Linkage
Configuring WINS LookupUsing WINS Lookup and WINS Reverse Lookup
System Tuning
More Efficient Zone Transfers
Name Server Address Sorting
Building Up a Large Sitewide Cache with Forwarders
A More Restricted Name Server
A Nonrecursive Name Server
Securing Your Name Server
Preventing Unauthorized Zone TransfersDelegated Name Server ConfigurationLoad Sharing Between Mirrored Servers
11. New DNS Features in Windows 2000
Active DirectoryActive Directory Domain NamesDNS as Location BrokerThe SRV resource recordDNS resource records needed by a domain controllerStoring Zones in Active Directory
Dynamic Update
Domain Controller BehaviorWindows 2000 Client BehaviorRegistry settingsDHCP Server Behavior
Aging and Scavenging
Configuring Aging and ScavengingWhen Scavenging OccursOther Notes on Aging and Scavenging
Incremental Zone Transfer
Unicode Character Support
12. nslookup
Is nslookup a Good Tool?Multiple ServersTimeoutsThe Search ListZone TransfersUsing NetBIOS Names
Interactive Versus Noninteractive
Option Settings
Avoiding the Search List
Common Tasks
Looking Up Different Data TypesAuthoritative Versus Nonauthoritative AnswersSwitching Servers
Less-Common Tasks
Seeing the Query and Response MessagesQuerying Like a Name ServerZone Transfers
Troubleshooting nslookup Problems
Looking Up the Right DataNo PTR Data for Name Server’s AddressTimeoutsQuery RefusedUnspecified Error
Best of the Net
13. Troubleshooting DNS
Is DNS Really Your Problem?
Checking the Cache
Potential Problem List
1. Forget to Increment Serial Number2. Forget to Restart Primary Master Server3. DNS Server Loses Manual Changes4. Slave Server Can’t Load Zone Data5. Add Address to Zone, but Forget to Add Corresponding PTR Record6. Wrong Domain Name in RDATA of Record7. Loss of Network Connectivity8. Missing Subdomain Delegation9. Incorrect Subdomain Delegation
Interoperability Problems
Problem Symptoms
Can’t Look Up Local NameCan’t Look Up Remote NamesWrong or Inconsistent AnswerLookups Take a Long Time
14. Miscellaneous
Using CNAME RecordsCNAMEs Attached to Interior NodesCNAMEs Pointing to CNAMEsCNAMEs in the Resource Record DataLooking Up CNAMEsFinding Out a Host’s Aliases
Wildcards
A Limitation of MX Records
DNS and Internet Firewalls
Types of Firewall SoftwarePacket filtersApplication gatewaysA Bad ExampleInternet ForwardersThe trouble with forwardingInternal RootsWhere to put internal root name serversForward-mapping delegationin-addr.arpa delegationThe root.dns fileConfiguring other internal name serversHow internal name servers use internal rootsThe trouble with internal rootsA Split NamespaceConfiguring the bastion host
Dial-up Connections
Simple Dial-upDial-on-Demand
Network Names and Numbers
Additional Resource Records
Host InformationAFSDBX25, ISDN, and RT
A. DNS Message Format and Resource Records
Master File FormatCharacter CaseTypesNew Types from RFC 1183New Types from RFC 1664New Types from RFC 2052Classes
A (address)
CNAME (canonical name)
HINFO (host information)
MB (mailbox domain name—experimental)
MD (mail destination—obsolete)
MF (mail forwarder—obsolete)
MG (mail group member—experimental)
MINFO (mailbox or mail list information—experimental)
MR (mail rename—experimental)
MX (mail exchanger)
NS (name server)
NULL (null—experimental)
PTR (pointer)
SOA (start of authority)
TXT (text)
WKS (well-known services)
AFSDB (Andrew File System Data Base—experimental)
ISDN (Integrated Services Digital Network address—experimental)
RP (Responsible Person—experimental)
RT (Route Through—experimental)
X25 (X.25 address—experimental)
PX (pointer to X.400/RFC 822 mapping information)
SRV (service location)
DNS Messages
Message FormatHeader Section FormatQuestion Section FormatAnswer, Authority, and Additional Section FormatData Transmission Order
QCLASS values
QTYPE values
Resource Record Data
Data Format
Domain name
Message compression
Character string
B. Installing the DNS Server from CD-ROM
C. Converting from BIND to the Microsoft DNS Server
Step 1: Change the DNS Server Startup Method to File
Step 2: Stop the Microsoft DNS Server
Step 3: Change the Zone Data File Naming Convention
Step 4: Copy the Files
Step 5: Get a New Root Name Server Cache File
Step 6: Restart the DNS Server
Step 7: Change the DNS Server Startup Method to Registry
D. Top-Level Domains
Index
Colophon

Content preview from DNS on Windows 2000, Second Edition

Aging and Scavenging

Zones with dynamic update enabled are prone to stale records; that is, A or PTR records that are dynamically added but not properly removed when no longer necessary. Most DHCP clients—including Windows clients—don’t release their addresses on shutdown, which means they don’t send the corresponding dynamic update message to remove their A records (nor does the DHCP server send a dynamic update message to remove the PTR record). Imagine a transient host, such as a laptop, that receives but never releases an address, leaving A and PTR records in DNS. Microsoft refers to these records as stale, and the DNS server in Windows 2000 can track their age and remove, or scavenge, them when they are no longer necessary.

The DNS server knows a record is not stale when it receives a dynamic update request for it. A Windows 2000 host sends a dynamic update message for its A record (and PTR record, if configured with a static address) every 24 hours by default. Windows 2000 hosts also send dynamic updates on lease renewal. An update of an existing record is called a refresh. (Before sending the update to make any changes, clients actually probe for a record’s existence by sending a dynamic update message with only a prerequisite section. The DNS server counts such a message as a refresh, too.) A refresh is the signal to the server that a particular client is still alive and using its records.

The idea behind aging and scavenging is to remove records that haven’t been ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596002300Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

DNS on Windows 2000, Second Edition

by Matt Larson, Cricket Liu

Aging and Scavenging

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

DNS on Windows Server 2003, 3rd Edition

Windows NT TCP/IP Network Administration

VMware vSphere Troubleshooting

IP Addressing Fundamentals

Publisher Resources