2- Exploring DNS in an Active Directory Environment

20 Aug

DNS server. For example, for the record of a computer named Client1 to be dynamically
updated in the lucernepublishing.com zone, the FQDN of that computer must be client1.lucernepublishing.
com and the client must specify as its preferred DNS server the IP address of
a DNS server hosting a primary zone named lucernepublishing.com.
150 Chapter 2 Configuring Name Resolution
Default Client Update Behavior
Figure 2-33 shows the default DNS registration settings for a DNS client, which are found in
the DNS tab of the Advanced TCP/IP Settings dialog box.
Figure 2-33 Default DNS client registration settings
Update Behavior for Host Records The setting named Register This Connection’s
Addresses In DNS, when enabled, configures a client to attempt to register both A and AAAA
records with its preferred DNS server. For these Host record registrations to succeed, a number
of conditions must be met. First, a primary DNS suffix must also be assigned to the local
computer, either manually or through Active Directory membership. Second, the preferred
DNS server specified for the client must host a primary zone that matches the name of the
client’s primary DNS suffix. Finally, the primary zone hosted at the preferred DNS server
must be configured to allow the type of dynamic updates that the client can perform: either
secure updates (only from domain members) or both secure and nonsecure updates (from
either domain members or non-domain-joined computers).
NOTE Automatic addressing and automatic DNS updates
DNS clients never attempt to register IPv4 APIPA addresses or IPv6 link-local addresses with a DNS
server.
The setting named Use This Connection’s DNS Suffix In DNS Registration configures the local
computer to attempt to register the A and AAAA records for any connection-specific DNS suffixes
that are assigned to the associated network connection. Note that the connection-specific
Lesson 3: Configuring DNS Client Settings 151
DNS suffix does not actually have to appear in the DNS Suffix For This Connection text box;
the connection-specific suffix can instead be inherited from a DHCP server (specifically from
the 015 DNS Domain Name option). Enabling this setting therefore configures a DHCP client
that has been assigned a DNS domain name from DHCP to register an A and AAAA record
with its preferred DNS server. For these registrations to succeed, the DNS domain name inherited
from the DHCP server must match the name of a primary zone hosted on the preferred
DNS server and the primary zone hosted at the preferred DNS server must be configured to
allow the type of dynamic updates that the client can perform. Note also that if a client is
already configured with a primary DNS suffix that matches this connection-specific DNS suffix,
enabling this setting does not force the registration of any additional Host records.
For all host records, you can attempt to force a registration in DNS by typing the command
Ipconfig /registerdns at an elevated command prompt.
Update Behavior for Pointer Records For statically addressed clients, the update behavior
for PTR records is the same as that for Host (A or AAAA) records: Statically addressed
DNS clients always attempt to register and update their Pointer records in a DNS server
when the Register This Connection’s Addresses In DNS setting is enabled. You can attempt
to force a registration in DNS of PTR records for a statically addressed client by typing Ipconfig
/registerdns at an elevated command prompt on the client. For the registration to succeed,
however, some conditions must be met. First, the DNS client must be configured with an
appropriate primary DNS suffix, and then the client’s preferred DNS server must be hosting
appropriately configured forward and reverse lookup zones.
The PTR record update behavior of DHCP clients differs from that of statically addressed clients,
and the PTR update behavior of DHCP clients in a workgroup environment differs from
the behavior of those in an Active Directory environment. The following section explains the
PTR update behavior of DHCP clients in these two environments.
In a workgroup environment, DHCP clients have their PTR records updated by the DHCP
server. To force an update, you can run the command Ipconfig /renew. For this registration to
succeed, a number of conditions must be met. First, both the DNS client and the DNS server
must be configured with the address of the DNS server as the preferred DNS server. Second,
the DNS client must have the Register This Connection’s Addresses In DNS setting enabled.
Third, the DNS client must be configured with an appropriate DNS suffix, either specified
manually as a primary DNS suffix or assigned automatically from the DHCP server. Finally,
the DNS server must host appropriately configured forward and reverse lookup zones.
152 Chapter 2 Configuring Name Resolution
In an Active Directory environment, DHCP clients update their own PTR records. To force an
update, you can run either the Ipconfig /registerdns or the Ipconfig /renew commands. For such
an update to succeed, the Use This Connection’s DNS Suffix In DNS Registration setting must
be enabled. (To enable this setting, you must first enable the Register This Connection’s
Addresses In DNS setting.) Finally, for a PTR record to be updated successfully in an AD DS
environment, the client’s preferred DNS server must host appropriately configured forward
and reverse lookup zones.
NOTE Using Group Policy to register connection-specific names
You can use Group Policy to force computers on a network to register connection-specific DNS
names. In a GPO, navigate to Computer Configuration\Policies\Administrative Templates\Network
\DNS Client. Search for the policy setting named Register DNS Records With Connection-specific
DNS Suffix and configure the setting as Enabled.
Exam Tip To force a DNS client to attempt dynamic registration of its resource records, type
ipconfig /registerdns at a command prompt.
Quick Check
■ By default, does a client with a domain name assigned by DHCP attempt to register
its address in DNS?
Quick Check Answer
■ No.
Viewing and Clearing the DNS Client Cache
The DNS client cache, also known as the DNS resolver cache, is maintained on all DNS clients.
DNS clients check this resolver cache before they attempt to query a DNS server. New entries
are added to the resolver cache whenever a DNS client receives a query response from a DNS
server.
Lesson 3: Configuring DNS Client Settings 153
To view the DNS client cache, type ipconfig /displaydns at a command prompt. The output
of this command includes any entries loaded from the local Hosts file, as well as any recently
obtained resource records for name queries resolved by the system.
To clear the DNS client cache, you can type ipconfig /flushdns at the command prompt. Alternatively,
you can restart the DNS Client service by using the Services console, which is an
administrative tool accessible through the Start menu.
Exam Tip For the exam, remember that you sometimes need to run Ipconfig /flushdns on your
computer before you can see the benefit of having fixed a DNS problem elsewhere on the network.
For example, if a Windows client has cached a negative response from a DNS server to an earlier
query, the client will continue to receive a negative response even if the DNS server can now
resolve the query. To fix such a problem, flush the DNS client cache by executing Ipconfig /flushdns
on the Windows computer. This command forces the Windows client to contact the DNS server
again instead of just responding with the cached negative response.
PRACTICE Managing the DNS Client Cache
In this practice, you use the Ipconfig command with the /flushdns and /displaydns switches to
clear and display the DNS client cache.
 Exercise Exploring the DNS Resolver (Client) Cache
In this exercise, you observe the behavior of the DNS client cache.
1. Log on to Nwtraders from Boston as a domain administrator.
2. At a command prompt, type ipconfig /flushdns.
At the command prompt, a message appears indicating that the DNS Resolver Cache has
been flushed.
3. At a command prompt, type ipconfig /displaydns.
The contents of the cache are displayed. Notice that it is not completely empty. The four
records that appear by default include a PTR record for the IPv6 localhost address of ::1,
a PTR record for the IPv4 localhost address of 127.0.0.1, an A record that maps the name
localhost to the IPv4 address 127.0.0.1, and an AAAA record that maps the name localhost
to the IPv6 address ::1. The addresses 127.0.0.1 and ::1 are special addresses that
always point to the local computer.
154 Chapter 2 Configuring Name Resolution
4. At the command prompt, type ping dcsrv1.
You receive a response from the IPv6 address of Dcrsv1. Note that the primary DNS suffix
of the local computer, nwtraders.msft, has been appended to the name “dcsrv1.” This
DNS suffix was assigned to Boston when Boston joined the Nwtraders domain.
5. At the command prompt, type ipconfig /displaydns.
Beneath the same heading of dcsrv1.nwtraders.msft, two new records appear in the
cache: an A record and an AAAA record. Note that the A record is associated with
Dcsrv1’s IPv4 address and the AAAA record is associated with Dcrv1’s IPv6 address.
6. At the command prompt, type ipconfig /flushdns.
7. At the command prompt, type ipconfig /displaydns.
The output reveals that the two new records have been flushed from the cache.
8. Close all open windows.
Lesson Summary
■ When a client performs a DNS query, the client first directs that query toward the
address specified as the client’s preferred DNS server. If the preferred DNS server is
unavailable, a DNS client then contacts an alternate DNS server, if one is specified. You
can configure a DNS client with a prioritized list of as many DNS server addresses you
choose, either by using DHCP to assign the list or by manually specifying the addresses.
■ In DNS, the computer name is called a host name. This is a single-tag name that you can
discover by typing the command hostname at a command prompt.
■ DNS client settings affect a computer’s ability to resolve DNS names successfully and to
have the client’s own name resolved by other querying computers.
■ A client can take the fullest advantage of DNS name resolution services when it is configured
with a primary DNS suffix. The primary DNS suffix enables a client to automatically
register its own host record in the DNS zone whose name corresponds to the
primary DNS suffix name. The client also appends the primary DNS suffix to DNS queries
that do not already include a suffix. A connection-specific suffix applies only to connections
through a specific network adapter.
■ You can configure a DNS client to specify a list of DNS suffixes to add to unqualified
names. This list is known as a DNS suffix search list.
■ DNS clients can register their own records in DNS only when the clients are configured
with a primary or connection-specific DNS suffix that matches the zone name hosted by
the preferred DNS server. By default, DNS clients assigned static addresses attempt to
register both host and pointer records. DNS clients that are also DHCP clients attempt to
register only host records.
Lesson 3: Configuring DNS Client Settings 155
Lesson Review
The following questions are intended to reinforce key information presented in this lesson.
The questions are also available on the companion CD if you prefer to review them in electronic
form.
NOTE Answers
Answers to these questions and explanations of why each answer choice is correct or incorrect are
located in the “Answers” section at the end of the book.
1. You are a network administrator for an organization whose network is composed of two
Active Directory domains, east.cpandl.com and west.cpandl.com. Users in each domain
can already connect to resources in the opposing domain by specifying an FQDN, such
as client1.west.cpandl.com. You now want users in the east.cpandl.com domain also to
be able to connect to computers in the west.cpandl.com domain by specifying those
computers with a single name tag in a UNC path, such as \\WestSrv1.
What can you do to enable this functionality?
A. Use conditional forwarding to configure the DNS server in the east.cpandl.com
domain to forward queries for names in the west.cpandl.com domain to the DNS
servers in the west.cpandl.com domain.
B. Use Group Policy in the east.cpandl.com domain to configure network clients with
a DNS suffix search list. Add the domain suffix west.cpandl.com to the list.
C. On the clients in the east.cpandl.com domain, configure TCP/IP properties of the
local area connection to use the connection’s DNS suffix in DNS registration.
D. You do not need to do anything. The DNS suffix of the opposing will automatically
be appended to single-tag name queries.
2. A computer named ClientA.nwtraders.com is not registering its DNS record with a DNS
server. ClientA is configured with a static IP address and with the IP address of the DNS
server authoritative for nwtraders.com domain. The TCP/IP properties for the local area
connection on ClientA have been left at the default settings.
What can you do to ensure that ClientA registers its own record with the DNS server?
A. Configure a connection-specific suffix.
B. Enable the option to use the connection’s DNS suffix in DNS registration.
C. Enable the option to register the connection’s addresses in DNS.
D. Configure a primary DNS suffix.
156 Chapter 2 Review
Chapter Review
To further practice and reinforce the skills you learned in this chapter, you can
■ Review the chapter summary.
■ Review the list of key terms introduced in this chapter.
■ Complete the case scenarios. These scenarios sets up a real-world situation involving the
topics of this chapter and asks you to create solutions.
■ Complete the suggested practices.
■ Take a practice test.
Chapter Summary
■ DNS is the preferred name resolution service in Windows networks. However, because
of the way DNS is designed, it requires configuration.
■ DNS provides a hierarchical name structure. In DNS, an FQDN is a domain name that
has been stated unambiguously to indicate its location relative to the root of the DNS
domain tree. An example of an FQDN is Client1.east.fabrikam.com.
■ When a DNS client queries for a name, it first checks its local cache for the answer. If it
doesn’t find the answer, the DNS client queries its preferred DNS server. If the DNS
server doesn’t know the answer, it will attempt to resolve the query by performing iterative
queries against the DNS namespace, beginning with the root server.
■ In most Windows networks, DNS servers are hosted on Active Directory domain controllers.
You can install a DNS server together with a domain controller by running
Dcpromo.exe. To install a DNS server without a domain controller, use the Add Roles
Wizard to add the DNS Server role.
■ DNS client settings affect a computer’s ability to resolve DNS names successfully and to
have the client’s own name resolved by other querying computers.
Key Terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book.
■ Domain Name System (DNS)
■ dynamic updates
■ forwarder
■ forwarding
Chapter 2 Review 157
■ fully qualified domain name (FQDN)
■ host name
■ HOSTS
■ iteration
■ Link Local Multicast Name Resolution (LLMNR)
■ Lmhosts
■ name resolution
■ NetBIOS
■ primary DNS suffix
■ recursion
■ referrals
■ resolver
■ root hints
■ Time to Live (TTL)
■ WINS server
■ zone
Case Scenarios
In the following case scenarios, you will apply what you’ve learned in this chapter. You can
find answers to these questions in the “Answers” section at the end of this book.
Case Scenario 1: Troubleshooting DNS Clients
You work as a network administrator for a company named Contoso Pharmaceuticals. You
have recently deployed a number of Windows Vista clients in a research workgroup. The
workgroup is isolated on its own subnet, which is physically connected to the larger corporate
network.
You have deployed a DHCP server in the research workgroup to assign these computers an IP
address, a default gateway, a DNS server, and the DNS domain name of contoso.com. The preferred
DNS server address assigned to the clients belongs to a DNS server hosting a primary
zone for the contoso.com domain. The zone is configured to accept both secure and nonsecure
dynamic updates.
1. None of the clients in the research workgroup is successfully registering DNS records
with the DNS server. Which TCP/IP setting can you enable to ensure that these dynamic
registrations occur?
158 Chapter 2 Review
2. Certain network computers running Windows XP are configured as WINS clients yet are
unable to browse to the research subnet by using the My Network Places icon. Which
setting can you configure on the Windows Vista clients to enable them to be seen by the
Windows XP clients? Assume that the default settings have been left for all options not
assigned by DHCP.
Case Scenario 2: Deploying a Windows Server
You work as a network support specialist for a company named Fabrikam.com. You are planning
to deploy a new DNS server in a branch office to improve name resolution response
times.
1. There are no administrators at the branch office. You want to deploy a DNS server that
will not require any administration but that will help resolve the queries of computers on
the Internet. What kind of DNS server should you deploy?
2. You also want the new DNS server to be able to resolve names on the internal Fabrikam.
com network at the main office. How can you achieve this without hosting a zone
named Fabrikam.com on the branch office network?
Suggested Practices
To help you successfully master the exam objectives presented in this chapter, complete the
following tasks.
Configure a DNS Server
Use this exercise to practice deploying DNS servers manually (without Dcpromo) and to practice
configuring conditional forwarding.
■ Practice In a test network, deploy two DNS servers outside of an Active Directory environment.
Configure zones for each server with domain names of your choice. Configure
both servers with conditional forwarding so that each server forwards queries to the
other server when appropriate. Test the configuration.
Configure Name Resolution for Clients
Perform this practice to become more familiar with client update behavior. To prepare for this
practice, you need to enable dynamic updates in the primary zones hosted on each DNS
server.
Chapter 2 Review 159
■ Practice Using the same test described in the previous practice, configure a DNS client
to register its own host records with one of the DNS servers without specifying a primary
DNS suffix for the client computer.
Take a Practice Test
The practice tests on this book’s companion CD offer many options. For example, you can test
yourself on just one exam objective, or you can test yourself on all the 70-642 certification
exam content. You can set up the test so that it closely simulates the experience of taking a certification
exam, or you can set it up in study mode so that you can look at the correct answers
and explanations after you answer each question.
MORE INFO Practice tests
For details about all the practice test options available, see the “How to Use the Practice Tests” section
in this book’s Introduction.

Random Posts

No comments yet

Leave a Reply

You must be logged in to post a comment.