.

[an error occurred while processing this directive]

 

 

Features - May 1999 - Everything you ever wanted to know about DNS but were afraid to ask part II

In a previous article Richard Adams looked at the concepts behind DNS (Domain Name Space) and how it is used in Unix-style environments to resolve user-friendly host names into IP addresses. In this article he will be taking you on a step-by-step journey through the process of planning, installing, configuring and testing the Microsoft DNS Manager service on an NT Server machine.
..
nav

Step 1: Planning

Before implementing DNS, you need to determine the number of computers running services that will require host name resolution. Your list should only include servers running services that client applications and utilities connect to by specifying the host name of the server, for example; a Web server, a telnet server and an SMTP mail exchanger. One service that does not require DNS is Microsoft’s file and print sharing service (the Microsoft client, called the Workstation service in NT, uses NetBIOS names to connect to the Server service of a server). Domain logon and browsing functions and Back Office products such as SQL Server or Exchange Server can also use NetBIOS names.

Once you have determined the number of servers that clients will require host name resolution for (I will call these servers hosts from now onwards), you need to determine the number of clients that you expect to provide a host name resolution service for, the frequency of host name resolution requests and the location of the clients relative to your underlying network structure (i.e. which LAN and which subnet). From these three values you will be able to decide on the number and location of DNS servers to implement in order to service client host name resolution requests. There are two other types of traffic that you need to take account of. Firstly, recursive queries. These occur when the DNS server that a client (or resolver) connects to in order to resolve a host name cannot resolve it from either its database or its cache. In this circumstance the DNS server will (once configured to do so) contact other DNS servers and query them on behalf of the requester. Secondly there is zone transfer traffic, which is traffic generated by the replication of a zone file (which contains the database) to secondary DNS servers in order to provide load balancing and fault tolerance. The amount of zone transfer traffic will depend upon the number of secondary servers that are configured for a given zone. You should plan for this extra traffic as well as the client-to-server traffic. Microsoft’s test environment figures suggest that total DNS traffic will account for about 1% of all traffic on an average network.

Step 2: Installation

Installing the DNS service is simple. From the Control Panel, Network utility select the Services tab. Click the Add button and then select the Microsoft DNS Manager service and select OK. Select Close in the Network Properties dialog box. NT will bind the new service to the other network components and you will be asked to restart your computer. Once done, go to the Control Panel, Services utility and check that the Microsoft DNS Server service is listed with a status of Started and a start-up type of Automatic. If not, look in the system log in Event Viewer for any error messages relating to the Microsoft DNS Server service.

A new folder called …\<system_root>\system32\DNS\ will be created to store zone files as they are created or replicated. A zone is a sub area of your name space that is administered as one unit and contains databases for a domain and, optionally, any subdomains. One DNS server can manage multiple zones. The zone file carries a .dns suffix and is the container for the database or databases belonging to that zone. In most cases it is only necessary to create two zone files – one to contain host name-to-IP-address resolution information for your domain and subdomains, the other to provide reverse lookup records (used to determine a host name from a given IP address) for your domain and subdomains.

Step 3: Configuration

Before you configure your DNS server, make sure that it has a static IP address (because this IP address will be used by resolvers and other DNS servers to connect to the DNS service) and the correct host name and domain name. These are configured from the DNS tab of TCP/IP properties in the Control Panel, Network utility. You should also add the IP address into the DNS Server Search Order text box, so that this computer will be able to be its own client. The utility used to configure DNS is called DNS Manager and can be found in Start, Programs, Administrative Tools. When you initially run DNS Manager, you will be faced with the shell window, showing the toolbar, menu bar and then a large blank area displaying an icon called Server List. This utility allows you to configure and manage multiple DNS servers from the one location and is included as one of the Server Tools that you can install on an NT Workstation.

Creating the Zone File

From the DNS menu select New Server. In the Add Server dialog box, type the host name or IP address of the server on which you wish to create the zone file. This server will become the primary DNS server (maintaining the master, read/write copy of the zone file) for this zone. Select OK. An icon representing this server will appear in the DNS Manager window.

Double-click the server icon and then right-click it. From the popup menu select New Zone. In the New Zone dialog box select Primary and choose Next. Type the name of your domain into the Zone Name box (e.g. topbanana.co.uk) and press tab. The Zone File dialog box will automatically be filled out for you with the name <zone_name>.dns. Select Next and then Finish. A new subfolder will appear below your server icon representing the zone that you have just created. On the right hand side you will see Zone Information. Initially there will be just three records: The NS (or Name Server) record is created for each DNS server that maintains this zone. The SOA (or Start of Authority) record is created once only for the entire zone and states the primary DNS server and person responsible for the zone. Finally, the A (or host) record which maps the host name of your computer to its IP address. This is the record that is actually used for host name resolution and we will create one for every host.

The next stage is to create additional containers for any subdomains that this zone file is going to maintain unless you are not going to create any subdomains. Containers for subdomains follow the same hierarchical structure as the DNS. For example, you may have a domain called topbanana.co.uk with two subdomains called london.topbanana.co.uk and edinburgh.topbanana.co.uk. You can create a zone file called topbanana.co.uk.dns and place hosts from topbanana.co.uk directly into it. If you wanted to service name resolution requests for the subdomain london.topbanana.co.uk, you would first need to create a subdomain container. To do this, right-click the icon representing your zone and select New Subdomain. Type the subdomain portion of the domain name only (in our example, just london) and then select OK. A subfolder for this subdomain will appear as an icon under your zone icon. Do this for each subdomain. You have now created the container structure that will be used to store name resolution records.

Configuring for Recursive Lookups

As well as the zone icon, you will also see an icon labelled cache. Double-click this icon, the NET subfolder and then the ROOT-SERVERS subfolder of NET. Displayed in the Zone Info section on the right will be a list of root servers. These are other DNS servers that this DNS server will go to to perform recursive lookups on behalf of requesters if the requested host name cannot be resolved locally. The default list that you are currently looking at is the list of root servers for the Internet. This is correct if you are connected to the Internet and the DNS server that you are currently configuring will be receiving requests to resolve host names on other domains.

If you have an intranet and a complex, multi-domain/subdomain model within your organisation, you may need to alter this list to show records for the root-level servers within the organisation, rather than those external to your organisation. To do this, you can remove the existing records by highlighting them and pressing DELETE. Once clear of all existing root servers, right click on the ROOT-SERVERS icon and select New Host from the shortcut menu. Type the host name and IP address of a root-level DNS server into the dialog box and select Add Host. Repeat the process for each other root-level DNS server and then press Done. You have now configured your DNS server to inter-operate with other DNS servers within your intranet.

Creating the Reverse Lookup Zone File

You are now ready to create the reverse lookup zone file. Right-click your server icon and select New Zone, now select Primary and choose Next. Type the following name into the Zone Name box – <reverse_network_id>.in-addr.arpa (reverse_network_id refers to the network id portion of your IP address). For a class A address (first portion starting with a value in the range 1 - 126) that will be just the first portion of the IP address. For a class B address (first portion starting with a value in the range 128 - 191) that will be the second portion followed by the first portion. For a class C address (first portion starting with a value in the range 192 - 223) that will be the third portion followed by the second portion followed by the first portion. For example, if the network id is 197.45.23.0, then the zone would be called 23.45.197.in-addr.arpa. Once you are done press tab. The Zone File dialog box will automatically be filled out for you with the name <zone_name>.dns. Select Next and then Finish. A new subfolder will appear below your server icon to represent the reverse lookup zone.

Creating Host and PTR Records

The next stage is to create host and PTR records for each host. Host records must be created in the appropriate container (e.g. the record for the host server1.topbanana.co.uk should be placed in the root container, whilst the record for the host server2.london.topbanana.co.uk should be placed in the london subcontainer). Right-click the relevant container and select New Host. Type the host name and the IP address into the dialog box, check the Create Associated PTR Record check box and click Add. Repeat this process for each host in this domain/subdomain. When you have finished, click Done. If you have multiple containers, repeat the process for each container. Check these records very carefully both when you create them and again afterwards. These are the records that will be used by the DNS service to provide resolution from host name to IP address. The associated PTR records are created for you in the reverse lookup zone and these are the records that are used to provide reverse address resolution from IP address to host name. To check that these PTR records have been creating correctly, double-click the reverse lookup zone icon and check the zone info on the right. If you don’t see anything don’t panic – it can take several minutes before records are displayed. Try pressing F5 to refresh the screen and be patient!

Creating Other Records

Other records may be required for your network. For example, you may need to provide MX records. SMTP mail exchangers reference each other through DNS using MX records which are created for each SMTP mail exchanger in addition to its standard host record. To create a record other than a standard host record, right-click the zone and select New Record. From the drop-down list box select the type of record that you wish to create (e.g. MX) and then type the relevant information into the dialog and select OK. Repeat the process for each record that you wish to create. Again, check your records for errors. Microsoft is promising an automated service to be shipped with Windows 2000 (NT 5.0) and this will be a welcome upgrade to the somewhat clunky system that we have now. (In the meantime there are third-party manufacturers who have written dynamic DNS server services for NT 4.0 that are available already).

Integrating the Zone with WINS

Because WINS is dynamic and DNS is not, it is possible that the WINS service sometimes contains more up-to-date information than DNS. Because of this, we can configure our DNS zone so that when a resolver’s request has not been successfully resolved, even after recursive querying of other DNS servers, the DNS server will query a WINS server. This requires a special record called (naturally) a WINS record, but the WINS record cannot be selected from the New Record dialog box. Instead, right-click the zone icon and select Properties from the shortcut menu. On the WINS Lookup tab select the Use WINS Resolution checkbox and add the IP address of primary and redundant WINS servers into the WINS Servers text box. Once done, click OK.

Creating Secondary DNS Servers

Once the zone is created and configured properly, it is time to create secondary DNS servers which provide both fault tolerance (it is actually an InterNIC requirement to have a secondary DNS server to host Internet domains) and load balancing. The secondary DNS server/s can hold a read-only copy of the zone file and are able to resolve queries just like the primary DNS server, but not edit the zone file to change or create new records.

From the DNS menu, select Add Server and type the host name or IP address of the computer you wish to be a secondary DNS server for this zone, and select OK. Double-click and then right-click the new server icon and select New Zone. In the New Zone dialog box select the Secondary radio button and type the name of the zone that you wish this server to maintain a secondary copy of, plus the host name of this DNS server (used to create an NS record) then select NEXT. In the Zone Info dialog simply press TAB to create the zone file name and select NEXT. Add IP addresses for one or more DNS servers that have an existing copy of the zone file already and that you wish to use as masters (i.e. obtain a copy of the zone file from them). Click NEXT and then FINISH.

Repeat this process for each zone (including the reverse lookup zone) you wish to maintain a second copy of on this DNS server. The primary DNS server will now become the master of the secondary DNS server – that is to say that the primary server will provide an up-to-date copy of the zone file to the secondary server. We will need to configure it to make it continue on an ongoing basis to update the secondary. For subsequent secondary DNS servers, we can specify either the primary DNS server or the first secondary DNS server as the master.

Double-click on the icon for the server/s that you have set up as the primary, right-click the zone icon and select properties. On the Notify tab, add the IP address of each secondary server. This will configure the primary to notify the secondaries of any changes that are made to the zone file so that they can request the changes from their master and thus keep in sync. Select OK. You have now configured multiple servers to maintain an up-to-date copy of the zone file for load balancing and redundancy.

Configuring your Clients Manually

To manually configure your clients to become resolvers of your DNS service, go to the DNS tab in the Control Panel, Network utility and add the IP address of a DNS server into the DNS Service Search Order text box. You can add IP addresses for multiple DNS servers and then organise the order to provide fault tolerance. DNS servers at the top of the list will always be tried before those further down the list. You can therefore provide load balancing by selecting different DNS servers to be at the top of the list for different resolvers. Incidentally, a resolver will only contact a DNS server further down the search order if it cannot connect to higher order servers, not if a higher order server has been connected to successfully but was unsuccessful in resolving the query. If your clients are going to be resolving names for hosts maintained in zones other than the zone which maintains information for the domain/subdomain which they themselves are in, you can add the names of other domains into the Domain Suffix Search Order text box. This prevents the requester from having to explicitly declare the entire FQDN when they make a resolution request.

Configuring your Clients via DHCP

The other way of configuring your clients for this and indeed for any other TCP/IP configuration is to use a DHCP server and make your clients DHCP clients. To do this, you need to add either a global or scope option called Name Server to the scope or scopes that your DHCP server maintains. (Refer to articles on configuring DHCP Manager for more information on how to do this). On the client select the Obtain IP address from DHCP Server radio button and restart them.

Step 4: Testing

Once all DNS servers and clients have been installed and configured, it is time to test the service. From a client computer open a command prompt and type the following:

NSLOOKUP <host_name.domain_name> which will return an IP address for the specified host. Or: NSLOOKUP –QUERYTYPE=MX <domain_name> which will return the host name and IP address of the host configured as the SMTP mail exchanger for the specified domain.

If this information is not returned, check to make sure that the client is configured with the correct IP address of the DNS server, that the server is up and running, that the DNS service is started and that the information requested is included in the zone.

Open a TCP/IP utility such as FTP, telnet or perhaps a Web browser. Check that the utility can connect to a remote host by specifying the host name or FQDN of the remote host. If the connection attempt fails, check to see if you can connect by specifying the IP address of the remote host. If you still can’t connect then the problem is not a name resolution problem – perhaps it is a physical, IP or application level issue that needs to be sorted out. Try Using PING to check that you can connect via TCP/IP to the remote host at all. If you can connect to the host by pinging, try a different utility to see if it is a problem with a specific service or a general connectivity problem. If you are still stuck, go through the entire configuration on both client and server, checking for misspellings and wrong configuration values. If all else fails, try restarting the client and/or server. If the problem still doesn’t go away, it could be time to call in a little expert consultancy help, but hopefully this won’t happen and your DNS service will work first time, every time from now onwards.