Tuesday, November 17, 2009

Resolving the IP Address

The most basic of all DNS services provide the ability for a client system to send a query to the DNS server, asking it to return the IP address of a host system. This type of resolution is referred to as forward name resolution. DNS provides this functionality by hosting resource records that specify the IP address for each of the host systems within the DNS namespace. The namespace is referred to within the DNS server as the zone. For instance, if your DNS namespace is zygort.lcl, and you have a server named APFS01 with an IP address of 192.168.29.75, your zone name would be zygort.lcl and the server would have a resource record that tied the name APFS01 to IP address 192.168.29.75. When a client sent a query to the DNS server looking for APFS01.zygort.lcl, the DNS server would reply to the query with a response containing the IP address.

This is the most fundamental purpose of DNS, and probably the most utilized function—finding an IP address when a client sends a query. There is another resolution type known as reverse name resolution. Reverse name resolution allows a client to query for a host name when it knows the IP address of the system in question. This works in much the same way as the caller ID system on your telephone. When you receive a phone call, the phone number corresponds to a “friendly” name that you may recognize. Since it is much easier to remember names than a long numbers, this makes it much easier for you to determine exactly who is calling. If a name is not associated with the phone number, then only the phone number will appear. There are several programs and utilities that use reverse name resolution, and you may find it beneficial to make sure you have the correct information included within the zone.

DNS servers will resolve queries within the zones that are configured on them. You can have more than one zone on a server, and the server will accept and respond to queries for records in those zones. When a client sends a query for a zone that is not hosted on the DNS server, the DNS server has to perform additional tasks to respond correctly to the client. The DNS server will search all the way to the top of the DNS hierarchy, known as the root, for help. These root DNS servers are listed within the Root Hints tab of the DNS server’s properties page. The DNS server will send a query of its own to one of these root servers, asking for resolution. The root servers will refer the DNS server to the appropriate TLD DNS server. The DNS server will then query the TLD DNS server for assistance. The TLD server will refer the DNS server to the appropriate second-level domain DNS server. This process will continue until a DNS server with the resource record resolves the request, either with a successful lookup or a failed one.

There are problems that can be encountered with the typical DNS resolution methods. First off, not every namespace is accessible from the Internet. Our zygort.lcl is a prime example of that. If you were to perform a lookup on a server name within that namespace using conventional DNS methods, the lookup would fail. There needs to be another method of resolving the DNS queries for these zones. The other problem lies with companies that do not want their DNS servers to query outside of their organization. Because DNS servers look to the root of the Internet as the de facto starting point for name resolution, in this case you need a way to keep them from doing so. New options have been introduced to address these issues.

Windows 2000 DNS servers introduced forwarders to the Microsoft DNS world. Using forwarders, you can specify another DNS server that will attempt to resolve queries when the local DNS server cannot. By default, a DNS server will use the DNS servers that are configured within the Root Hints tab of the DNS server’s properties page. If your DNS server cannot reach the root servers or if you want to control the servers that perform the iterative queries from your organization, you can enter the server’s IP address within the Forwarders tab on the properties sheet for the DNS server. Once configured, the queries that cannot be resolved by the DNS server will be sent to the first DNS server listed in the Forwarders tab. Sometimes when you define a forwarder, the DNS server identified as the forwarder will have to take on the task of resolving all the queries outside of the DNS server’s zones. This can be a considerable amount of traffic. Another problem occurs when the forwarder does not have the ability to query for certain zones. Windows Server 2003 introduced another method of forwarding: conditional forwarding. Using conditional forwarding, you can specify a DNS server that will be used to resolve queries based on the domain name in question. For example, if a user needs to resolve an address for zygort.local and if a conditional forwarder is created for the zygort.local domain, the DNS server will send a recursive query to the server specified within the forwarder setting

For more information on conditional forwarding, see the TechNet article 304991 at
http://support.microsoft.com/default.aspx?kbid=304491&product=winsvr2003.

Another item to note: if a DNS server is configured as the root server for the organization, you cannot configure it to forward requests to another DNS server. If you have a DNS server configured to forward requests to another DNS server, simply delete the root zone from the DNS server, which is specified by the dot (.). In the case of a Windows 2003 or Windows 2008 server, the root zone is designated by.(root. Once the root zone is deleted, you can enter external root servers into the root hints and can configure forwarders. This “root zone” behavior does not occur within a Windows Server 2008 DNS server when you promote the first domain controller. This doesn’t mean that you need let Dcpromo install the DNS service; you could configure the DNS zone first and then promote the domain controller. Doing so will allow you to configure the zone the way you want and then allow the domain controller to register. There are other considerations to take into account if you create the zone first when promoting the first domain controller for your forest, and we will discuss those options later in the chapter. First and foremost, if you create the zone manually, make sure that you configure the zone for dynamic updates; otherwise you will receive an error message stating the domain is not configured.

Source of Information : Sybex Mastering Active Directory for Windows Server 2008

No comments: