Jump to content
Sign in to follow this  
mashti

Basic: DNS settings

Recommended Posts

Part-1

 

 

With this article I start a new series of articles called Basic.

 

As all know, this website is devoted to architecture computing infrastructure solutions and therefore usually deal with topics of level medium/high.

 

For a time I help in the forums of the Microsoft TechNet, where I see that continuously appear basic questions.

 

"Basic" series articles are geared to respond to these simple questions that although they are already more than answered by Microsoft documentation, some managers still do not know implement and require a simpler explanation.

 

Introduction:

 

When Windows 2000 was released, Active Directory was more novelty and functionality with greater impact, from the beginning I realized that DNS would be a major focus of problems, given that most Windows administrators had nothing to do with this service that would be more than the resolution of names on the internet.

 

In this article will talk about how you want to set the DNS in a company using Windows 2003.

 

First steps:

 

When we do DCPromo automatically configures a DNS server on the same server that we have launched the DCPromo, it is common that many technicians hand install the DNS service from remove and add programs from the control panel to launch the DCPromo.

 

In that case the DCPromo formed the service to work with Active Directory.

 

In subsequent domain controllers always due you for us to install the DNS service to launch the dcpromo.

 

Typically companies will have two requirements with regard to the internal DNS:

 

· Able to resolve internet addresses so that users can browse and e-mail work correctly.

· Allow the proper functioning of the Active Directory to resolve correctly names and internal domains.

 

The error more common in small businesses is to make as DNS posts an internet DNS server so that you can navigate.

 

When you configure a post or a server in this way, it does not pass too long before start appearing problems, GPOs that are not implemented, posts that are slow to boot, resources network disappear, etc.

 

To run a post well, all DNS that uses must be domain controllers.

 

Which domain controllers should be used as DNS?, the primary will be the domain controller (DC) closest to have the secondary post the following although in another Office, in this way if a DC stops working post work normally using another DNS from another DC.

 

by that posts and servers depend on both the DCs for Active Directory?, on Windows NT servers and posts were the PDC and BDC using netbios broadcast, this was a problem for many reasons which are not the case in this problem, Microsoft rightly decided that the DCs and GCs counter-insurgency from the DNS.

 

When a DC starts its Netlogon service writes a series of records to help posts find you and know that services provided in the DNS, this is why these records are called "locators"

 

You can see these records entered in the DNS console and then in the zone of your domain:

 

Figure 1 One server DC locator records.

Hidden Content

    Give reaction to this post to see the hidden content.

jae5bl.jpg

  • Like 4

Share this post


Link to post
Share on other sites

Part-2

 

 

How a PTR record is created, the PTR are the inverse resolution zones records, click on the area with the right button, select "new registration PTR" and fill in the form indicating the part of the IP address that is not contained in the mask and the full name of the server to which reference will be made registration PTR.

 

Figure 11 Creation of a PTR record.

Hidden Content

    Give reaction to this post to see the hidden content.

 

That happens with the Internet?

 

If you've configured everything as you have mentioned so far, your domain work well at the DNS level but your posts and servers may not resolve names on the internet, if we try for example ping to

Hidden Content

    Give reaction to this post to see the hidden content.
will not get response.

 

Figure 13 Ping failed to

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

 

It is important that we understand the forwarders are configured for each DNS server, which means that:

 

(1) Cannot configure forwarders in all our DNS servers to some drivers of domain specific having the forwarders to the internet.

(2) Can configure our DNS servers to have as a secondary DNS on network cards to the DNS servers with forwarders activated (this solution makes the resolution more slowly)

(3) We can also configure forwarders in all DNS servers of our company.

 

The choice is yours, but I most like the option to configure specific forwarders in DNS to two domain controller servers that are having the forwarders to resolve on the internet.

Small businesses is common to find a single DC is the only DNS, which only need to configure a server with forwarders.

 

That internet dns use for forwarders?, the custom is to use the DNS of your ISP, another solution is to see that DNS servers are more rapid and use them as forwarders, as this speed can improve the performance of your queries on the internet.

 

You can see the list of DNS of the ISP in:

Hidden Content

    Give reaction to this post to see the hidden content.

 

How forwarders, to answer this question see the diagram below.

 

Diagram, 1. Operation of forwarders

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.
pass the following:

 

1 - The post is so requests the DNS server that has configured as the primary network card, as we have learned that this server must be a DC of the domain in which East position.

2 - The server sees that do not have any area google.com and therefore uses the forwarder we have configured for the server to request DNS we have indicated that you resolve you registration

Hidden Content

    Give reaction to this post to see the hidden content.
.

3 - The internet DNS server resolves

Hidden Content

    Give reaction to this post to see the hidden content.
and responds to the request of our DC.

4 - The DC cache the response to her respond directly if any post is makes it again.

5 - The DC responds to the post with the address

Hidden Content

    Give reaction to this post to see the hidden content.
.

 

Great, that's what I want! How do I configure the forwarder?

 

It is very simple, before anything you have to make sure that your domain controller can reach internet and to your router and your firewall you are leaving use port 53 output so you can access to the DNS servers on the internet.

 

You can see if all this is true, it is so easy how to use nslookup to test it.

 

In our case we are going to try a phone (80.58.0.33) DNS

 

Figure 14 Testing if the DC you can use an internet with NSlookup DNS.

Hidden Content

    Give reaction to this post to see the hidden content.

 

Then we can directly write the name that we want to solve.

 

If this doesn't work, it means that some of the following things are failing:

 

1) Server does not know how to get to the internet, you must indicate your server to use as default gateway device for your network to access to the internet as a router or firewall.

(2) Your firewall is not leaving the server exit from port 53 TCP and UDP, you must configure a rule in your firewall to leave out the DC port 53 TCP and UDP.

 

To configure the forwarder or forwarder follows these steps:

 

Figure 15 Configuring the forwarder (1)

30vkbqa.jpg

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

Part-3

 

 

Figure 16 Configuring the forwarder (2)

Hidden Content

    Give reaction to this post to see the hidden content.

2 - The server sees that do not have any area google.com and therefore use the DNS that has as secondary to apply to the DC in the central can also be configured a forwarder on this server use of Central.

3 - The DNS server of Central uses his forwarder to make the request

4 - Internet DNS resolves

Hidden Content

    Give reaction to this post to see the hidden content.
and responds to the request of our DC at central.

5 - The central DNS cache resolution.

6 - The central DNS responds to DNS delegation with the resolution data.

7 - The DC cache the response to her respond directly if any post is makes it again.

8 - The DC responds to the post with the address

Hidden Content

    Give reaction to this post to see the hidden content.

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

Maybe!!!!

Hidden Content

    Give reaction to this post to see the hidden content.

regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...