Upload
jesseamaro77
View
221
Download
0
Embed Size (px)
Citation preview
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
1/33
DNS in Small Networks Step-by-Step Guide
Microsoft CorporationPublished: January 2008
Author: Jim Groves
Editor: Jim ec!er
Abstract
"his #uide helps you implement $omain %ame &ystem '$%&( on the )indo*s &erver+ 2008
operatin# system in a small net*or!, )indo*s &erver 2008 uses $%& to translate computer
names to net*or! addresses, An Active $irectory+ domain controller can act as a $%& server
that re#isters the names and addresses of computers in the domain and then provides the
net*or! address of a member computer *hen the domain controller receives a -uery *ith thename of the computer, "his #uide e.plains ho* to set up $%& on a simple net*or! that consists
of a sin#le domain,
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
2/33
"his document supports a preliminary release of a soft*are product that may be chan#ed
substantially prior to final commercial release/ and is the confidential and proprietary information
of Microsoft Corporation, t is disclosed pursuant to a non1disclosure a#reement bet*een the
recipient and Microsoft, "his document is provided for informational purposes only and Microsoft
ma!es no *arranties/ either e.press or implied/ in this document, nformation in this document/includin# 34 and other nternet )eb site references/ is sub5ect to chan#e *ithout notice, "he
entire ris! of the use or the results from the use of this document remains *ith the user, nless
other*ise noted/ the companies/ or#ani6ations/ products/ domain names/ e1mail addresses/
lo#os/ people/ places/ and events depicted in e.amples herein are fictitious, %o association *ith
any real company/ or#ani6ation/ product/ domain name/ e1mail address/ lo#o/ person/ place/ or
event is intended or should be inferred, Complyin# *ith all applicable copyri#ht la*s is the
responsibility of the user, )ithout limitin# the ri#hts under copyri#ht/ no part of this document may
be reproduced/ stored in or introduced into a retrieval system/ or transmitted in any form or by
any means 'electronic/ mechanical/ photocopyin#/ recordin#/ or other*ise(/ or for any purpose/
*ithout the e.press *ritten permission of Microsoft Corporation,
Microsoft may have patents/ patent applications/ trademar!s/ copyri#hts/ or other intellectual
property ri#hts coverin# sub5ect matter in this document, E.cept as e.pressly provided in any
*ritten license a#reement from Microsoft/ the furnishin# of this document does not #ive you any
license to these patents/ trademar!s/ copyri#hts/ or other intellectual property,
7 2008 Microsoft Corporation, All ri#hts reserved,
Active $irectory/ &harePoint/ )indo*s/ )indo*s &erver/ )indo*s ista/ the )indo*s lo#o/ and
the Microsoft lo#o are trademar!s of the Microsoft #roup of companies,
All other trademar!s are property of their respective o*ners,
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
3/33
Contents
$%& in &mall %et*or!s &tep1by1&tep Guide,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 9
Abstract,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 9
Contents,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
&tep1by1&tep Guide for $%& in &mall %et*or!s,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ;
Plannin# $%&,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,, , n Default gateway/ type the address of the default #ate*ay of the domain controller,
90, Clic! se the following DNS ser%er addresses/ and in Preferred DNS ser%er/ type the
P address of the domain controller that you installed in nstallin# and Confi#urin# A$ $&
and $%&,
Important
$o not use the P address of a $%& server that is provided by your &P as a
primary or alternate $%& server,99, Clic! 36to e.it,
92, f Internet Protocol 5ersion : "CP8IP%:/is selected/ clic! it/ and then clic! Properties,
Perform the same steps as for "CP@Pv;/ and then clic! 36and Close,
Note
t is not necessary to restart the computer at this time if you intend to chan#e the
2
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
24/33
computerBs name or domain membership in the follo*in# steps,
9, n Control Panel/ clic! System and &aintenance/ and then clic! System,
9;, nder Computer name4 domain4 and workgroup settings/ clic! Change settings,
2
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
25/33
9
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
26/33
9=, Clic! Domain/ and then type the name of the domain that you created in nstallin# and
Confi#urin# A$ $& and $%&,
98, f the Computer Name Changesdialo# bo. appears:
n ser Name/ type the domain name and user name of an account that has
permission to 5oin computers to the domain,
n Password/ type the pass*ord of the account, &eparate the domain name and
user name *ith a bac!slash/ for e.ample/ domainVuser_name,
9>, Clic! 36to close all dialo# bo.es,
Ad%anced DNS Configuration
n most cases/ deployin# Active $irectory $omain &ervices 'A$ $&(Winte#rated $omain %ame&ystem '$%&( on a small/ )indo*s1based net*or! re-uires little confi#uration beyond the initial
setup, ccasionally/ ho*ever/ you may have to perform additional confi#uration tas!s/ such as
addin# resource records to handle unusual situations or confi#urin# automatic removal of
outdated resource records,
2
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
27/33
Adding resource records3esource records store information about specific net*or! computers/ such as the names/ P
addresses/ and services that the computers provide, n most cases/ )indo*s1based computers
use dynamic update to update their resource records on $%& servers, "his dynamic update
process eliminates the need for an administrator to mana#e the resource records, Uo*ever/ if
your net*or! contains computers that are not )indo*s1based or if it contains computers that you
*ant to desi#nate to handle e1mail/ you may have to add host 'A( resource records to the 6one
on your $%& server,
Important
)hen the Active $irectory $omain &ervices nstallation )i6ard installs and confi#ures
$%& on the ne* domain controller/ it creates resource records that are necessary for the
correct operation of the $%& server on the domain controller, $o not remove or chan#e
these resource records, Chan#e or remove only those resource records that you add
yourself,
Uost 'A( resource records associate the $%& domain name of a computer 'or host( to its P
address, ou do not need to have a host 'A( resource record for all computers/ but you must have
one for any computer that shares resources on a net*or! and that must be identified by its $%&
domain name,
)indo*s 2000/ )indo*s DP/ and )indo*s &erver 200 clients and servers use the $ynamic
Uost Confi#uration Protocol '$UCP( Client service to dynamically re#ister and update their
host 'A( resource records in $%& *hen an P confi#uration chan#e occurs,
)indo*s ista and )indo*s &erver 2008 clients use the $%& Client service to dynamically
re#ister and update their host 'A( resource records in $%& *hen an P confi#uration chan#e
occurs,
ou can manually create a host 'A( resource record for a static "CP@P client computer 'or fora computer runnin# non1)indo*s operatin# systems( by usin# the $%& Mana#er
administrative tool,
"o add a host A/ resource record to a DNS +one
9, n the $%& server/ clic! Start/ point to Administrati%e "ools/ and then clic! DNS,
2, n the console tree/ ri#ht1clic! the applicable $%& 6one/ and then clic! New ;ost A/,
, n Name uses parent domain if blank// type the name of the computer 'host( for *hich
you are creatin# a host 'A( resource record,
;, n IP address/ type the address of the computer for *hich you *ant to create a host 'A(
resource record,
Important
Ma!e sure that you type the address correctly and that you assi#n it as a static
address 'not one that is assi#ned by $UCP(, f the address is incorrect or
chan#es/ client computers cannot use $%& to locate the host,
2
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
28/33
Automatically remo%ing outdated resourcerecords
"he ability of $UCP to re#ister host 'A( and pointer 'P"3( resource records automatically
*henever you add a ne* device to the net*or! simplifies net*or! administration, Uo*ever/ it hasone dra*bac!: unless you remove those resource records/ they remain in the $%& 6one
database indefinitely, Althou#h this is not a problem *ith static net*or!s/ it ne#atively affects
net*or!s that chan#e fre-uently 'for e.ample/ a net*or! to *hich you add or remove portable
computers( because the accumulation of resource records can prevent host names from bein#
reused,
ortunately/ $UCP services and the )indo*s &erver 2008 $%& server cooperate to help prevent
this problem from happenin#, ou can confi#ure the $%& server to trac! the a#e of each
dynamically1assi#ned record and to periodically remove records that are older than the number of
days that you specify, "his process is !no*n as scavenging,
"he a#e of a resource record is based on *hen it *as created or last updated, y default/
computers runnin# )indo*s send a re-uest to the $%& server to update their records every
2; hours,
Note
"o prevent unnecessary replication/ you can confi#ure the )indo*s &erver 2008 $%&
server to i#nore update re-uests for a period of time that you specify,
n this manner/ )indo*s1based computers notify the $%& server that they are still on the net*or!
and that their records are not sub5ect to scaven#in#,
ecause scaven#in# can cause problems on a net*or! if it is not confi#ured correctly/ )indo*s
&erver 2008 disables scaven#in# by default, )e recommend that you enable scaven#in# *ith
default settin#s if you fre-uently add computers to or remove computers from your net*or!,
"o enable sca%enging on a DNS ser%er
9, n the $%& server on *hich you *ant to enable scaven#in#/ clic! Start/ point to
Administrati%e "ools/ and then clic! DNS,
2, n the console tree/ clic! the applicable $%& server,
, n the Actionmenu/ clic! Properties,
;, Clic! the Ad%ancedtab/ select
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
29/33
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
30/33
=, n the Ser%er Aging8Sca%enging Confirmationdialo# bo./ select Apply these settings
to the e*isting Acti%e Directory-integrated +ones/ and then clic! 36,
"roubleshooting DNS
Most often/ $omain %ame &ystem '$%&( confi#uration problems are e.posed *hen one or more
$%& client computers cannot resolve host names,
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
31/33
"o troubleshoot $%& problems/ you must determine the scope of the problem, "o do this/ you use
the pingcommand on multiple clients to resolve the names of hosts on the intranet and the
nternet/ and to test overall net*or! connectivity, 3un the follo*in# commands on several $%&
client computers and *ith several tar#et computers/ and then note the results:
ping DNS_server_ip_address
ping internal_host_ip_address/ *here internal_host_ip_addressis the P address of a
computer that e.ists in the clientBs domain
ping internal_host_name/ *here internal_host_nameis the fully -ualified domain name
'X$%( of the computer
ping Internet_host_name/ *here Internet_host_nameis the name of a computer that e.ists
on the nternet,
Note
t is not important *hether an nternet computer responds to the pingcommand, )hat is
important is that $%& can resolve the name that you specify to an P address,
"he results of these tests su##est the nature of the problem, "he follo*in# table sho*s possible
results/ causes/ and solutions,
pin#command result Possible cause Possible solution
Multiple clients cannot
resolve any intranet or
nternet names
"his result su##ests that the
clients cannot access the
assi#ned $%& server, "his
mi#ht be the result of #eneral
net*or! problems/ particularly
if the pingcommand usin# P
addresses fails, ther*ise/ if
you have confi#ured the
clients to obtain $%& server
addresses automatically/ you
mi#ht not have confi#ured the
$ynamic Uost Confi#uration
Protocol '$UCP( servers on
the net*or! properly,
3evie* the confi#uration of the
$UCP servers on the net*or!,
Multiple clients cannot
resolve intranet names/ but
they can resolve nternetnames
"his result su##ests that host
'A( resource records/ or
records such as servicelocator '&3( resource
records/ do not e.ist in the
$%& 6one database, Also see
ne client only cannot
resolve intranet names/ only
nternet names,
Ensure that the appropriate
resource records e.ist and that
you have confi#ured the $%&server properly to receive
automatic updates, f the tar#et
host names are located in a
particular child 6one/ ensure that
you have confi#ured dele#ation of
that 6one properly, "o test
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
32/33
pin#command result Possible cause Possible solution
re#istration of records for a
domain controller/ use the
dcdiag 8test>dns 8%
8s>domain_controllercommand,
ne client only cannot
resolve any intranet or
nternet names
f the pingcommand usin# P
addresses fails/ this result
indicates that the client
computer cannot connect to
the net*or!, f the ping
command usin# P addresses
succeeds/ but the ping
command cannot resolve $%&
domain names/ the "CP@P
settin#s of the client may beincorrect,
Ensure that the client computer is
physically connected to the
net*or! and that the net*or!
adapter for the computer functions
properly/ or correct the "CP@P
settin#s/ as necessary,
"o correct the settin#s/ see
Confi#urin# Client &ettin#s,
ne client only cannot
resolve intranet names/ only
nternet names
f you previously confi#ured
the client computer to connect
directly to the nternet/ its
"CP@P properties mi#ht be
confi#ured to use an e.ternal
$%& server/ such as a $%&
server from an nternet service
provider '&P(, n most cases/
the client should not use a
$%& server from an &P as
either the preferred or
alternate $%& server because
the $%& server at the &P is
not able to resolve internal
names, sin# a $%& server
from an &P in the "CP@P
confi#uration of a client can
also cause problems *ith
conflictin# internal and
e.ternal namespaces,
"o correct the settin#s/ see
Confi#urin# Client &ettin#s,
f you have ruled out all of these potential problems for a particular client and still cannot resolve
$%& names/ use the procedures in Confi#urin# Client &ettin#sto verify the $%& client settin#s,
"hen/ at a command prompt/ type ipconfig 8allto vie* the current "CP@P confi#uration,
f the client does not have a valid "CP@P confi#uration/ you can perform one of the follo*in#
tas!s:
8/11/2019 DNS in Small Networks Step-by-Step Guide.doc
33/33
or dynamically confi#ured clients/ use the ipconfig 8renewcommand to manually force the
client to rene* its P address confi#uration *ith the $UCP server,
or statically confi#ured clients/ modify the client "CP@P properties to use valid confi#uration
settin#s or to complete its $%& confi#uration for the net*or!,