Managing and Administering DNS in Windows Server 2008 Managing
Total Page:16
File Type:pdf, Size:1020Kb
CCO-BENDER-08-0804-006.qxd 12/22/08 10:18 AM Page 205 chapter6 ManagingManaging andand AdministeringAdministering DNSDNS inin WindowsWindows ServerServer 20082008 After reading this chapter and completing the exercises, you will be able to: • Describe and install Active Directory Domain Services • Manage your Domain Name System (DNS) environment • Troubleshoot your DNS environment • Manage Windows Internet Name Service • Describe the new features of DNS in Windows Server 2008 205 CCO-BENDER-08-0804-006.qxd 12/22/08 10:18 AM Page 206 206 Chapter 6 Managing and Administering DNS in Windows Server 2008 Many networks use Active Directory to implement a domain networking model. Active Directory Domain Services is the latest version of Microsoft’s centralized directory services application. Among other features, it provides user and object management, Group Policy distribution, and networkwide security. Active Directory Domain Services is built on and relies on Domain Name System (DNS) to function properly in a Windows Server 2008 domain environment. This chapter introduces you to Active Directory Domain Services so that you can better understand how it integrates with DNS. You also learn about different deployment scenarios for DNS. Along the way, you examine a number of tools, those based on both the graphical user interface (GUI) and the command line, that you can use to manage your DNS environments and to troubleshoot DNS environments when problems occur. Introduction to Active Directory Domain Services As mentioned previously, Active Directory Domain Services (AD DS) is directly tied to and requires the installation of a DNS server to function properly. Active Directory (AD) clients use DNS to locate all the resources available on the network. In an AD DS environment, you can run two types of DNS servers: • Standard DNS servers—These servers use file-based DNS zone files for storing their zone information. • AD DS–integrated DNS servers—These servers use the AD DS database and replication structure for storing and maintaining their zone information. Although standard DNS servers are supported in an AD domain, it is highly recommended and considered a best practice to implement AD DS–integrated DNS in AD domain environ- ments. (In Active Directory–integrated DNS [AD DS DNS], the DNS database is stored in AD, and DNS replication occurs through the normal AD replication process.) You will learn more about AD DS–integrated DNS throughout this chapter. In the next section, you learn about AD DS and its relationship with DNS. In preparation for the activities in this chapter, you need to modify the network adapter con- figurations on your lab servers. In Activity 6-1, you reset your network adapters. Activity 6-1: Resetting Network Adapters Time Required: 15 minutes Objective: Reset the network adapters on lab servers. Description: Before you perform the other activities in this chapter, you need to verify the Internet Protocol (IP) addresses on your network adapters on MSN-SRV-0XX and MSN-SC- 0XX and then reset the network adapters. 1. Log onto MSN-SRV-0XX, if necessary. 2. Open a command prompt from the Start menu, type ipconfig /all, and then press Enter to list the network adapter settings. They should be similar to those shown in Figure 6-1, which shows the final IP address settings for MSN-SRV-0XX. Your IP address settings might differ depending on your lab and network setup. See your instructor for details about setting up your network adapters if necessary. 3. At the command prompt, enter the following commands to change the network adapter names and reset the network adapter configuration: netsh interface set interface name=“local area connection” newname=“internet” CCO-BENDER-08-0804-006.qxd 12/22/08 10:18 AM Page 207 Introduction to Active Directory Domain Services 207 6 Figure 6-1 IP address settings for MSN-SRV-0XX netsh interface set interface name=“local area connection 2” newname=“bentech.net” netsh int ip set address name=“bentech.net” static 192.168. 100.10 255.255.255.0 netsh int ipv4 set dns “bentech.net” static 192.168.100.10 Your instructor will provide you with the proper IP address information for your “internet” connection. When setting up this connection, ensure that it points to 192.168.100.10 for DNS. 4. Enter the following command at the command prompt to set your DNS server to forward all external zone DNS requests to an Internet DNS server: DNScmd MSN-SRV-0XX /resetforwarders 4.2.2.1 4.2.2.2 4.2.2.1 and 4.2.2.2 are publicly available DNS servers. If necessary, your instructor might provide you with a different DNS server for name resolution. 5. Enter the following command to verify you have name resolution. You should receive a nonauthoritative response similar to the one shown in Figure 6-2. nslookup microsoft.com 6. Log off MSN-SRV-0XX. 7. Log onto MSN-SC-0XX, your Server Core computer. CCO-BENDER-08-0804-006.qxd 12/22/08 10:18 AM Page 208 208 Chapter 6 Managing and Administering DNS in Windows Server 2008 Figure 6-2 Nslookup nonauthoritative response 8. At the command prompt, enter the following command to change the Internet Protocol version 4 (IPv4) address: netsh interface set interface name=“local area connection” newname=“bentech.net” netsh int ip set address name=“bentech.net” static 192.168.100.20 255.255.255.0 netsh int ip set dns “bentech.net” static 192.168.100.10 9. Log off your Server Core computer by typing logoff at the command prompt and then press- ing Enter. Using AD DS AD DS is Microsoft’s implementation of a directory services infrastructure. Similar to how a phone book stores information about a person or business, AD DS stores attributes, or specific information, for objects within a network. Objects can include computers, users, and groups. For example, suppose you create a user object for John Reynolds in AD. Through utilities avail- able for managing AD DS, you can enter attributes for John, such as his phone number, office location, or mailing address. Because AD DS stores its information in a database, it can be queried. In fact, any attributes you specify within AD DS can be queried. AD DS in a Windows Server 2008 environment is a wide-ranging topic. For more detailed information on AD, see MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory (Exam #70-640) by Greg Tomsho from Cengage Learning, or visit www.microsoft.com and search for information on “Active Directory” in Windows Server 2008. Activity 6-2: Installing the AD DS Role on MSN-SRV-0XX Time Required: 10 minutes Objective: Install the AD DS server role. Description: In preparation for creating your first domain controller (DC) to manage AD DS, you need to install the AD DS role. You should also remove the current DNS zone for bentech.local so that you can re-create it during the dcpromo process in Activity 6-3. In this activity, you add the AD DS role to MSN-SRV-0XX through Server Manager. 1. Log onto your MSN-SRV-0XX. 2. If Server Manager is not open, open Server Manager from the Start menu. CCO-BENDER-08-0804-006.qxd 12/22/08 10:18 AM Page 209 Introduction to Active Directory Domain Services 209 3. In the left pane, expand Roles, DNS Server, DNS, and MSN-SRV-0XX to display bentech.local under the Forward Lookup zone folder. Select bentech.local, click Action, and then click Delete. Click Yes to confirm the deletion. 4. In Server Manager, right-click Roles and then click Add Roles. 5. If the Before You Begin page opens, click Next. 6. Click Active Directory Domain Services and then click Next. Review the Introduction to Active Directory Domain Services and then click Next. 7. In the Confirm Installation Selections window, review the selections and then click Install to begin installing the AD DS role. To install a fully functional DC, you need to run the AD DS Installation Wizard, or dcpromo.exe, after the role is installed. 8. In the Installation Results window, click Close. The new role appears in the Server Manager window. 9. Click the Active Directory Domain Services role to view the AD DS summary pane. 6 10. Leave Server Manager open for the next activity. A DC is used by AD DS for storing all of the AD objects and information about your net- work environment. Unlike DCs in Windows NT environments, AD DS DCs use multimaster repli- cation to keep their data updated. In addition, writable changes to AD can be made on any DC. When installing AD DS and creating the first DC in a forest, it is considered a best practice to install the DNS Server role when you run the Active Directory Domain Services Installation Wizard, or dcpromo.exe. Dcpromo.exe automatically creates and delegates the forest root domain DNS zone, or the first domain in your forest. It also creates the _msdcs.forestname zone, where forestname is the name of the first domain created in the forest, sometimes referred to as the root domain. The _msdcs.forestname zone contains the AD forestwide locator, or service (SRV), records needed by clients to find AD DS resources, such as DCs and global catalog servers. A global cata- log (GC) server is similar to a DC in that it holds a directory services database. However, the data- base on the GC contains objects from the entire forest, not only a specific domain as with a DC. For example, suppose you run dcpromo.exe and create a new domain for widgets.local.