Pmw2 k3ni 1-3a

Lesson 3A / Slide 1 of 22©NIIT

Optimizing and Troubleshooting DNS

Planning TCP/IP Network Services

ObjectivesIn this lesson, you will learn to:

• Optimize DNS server performance

• Troubleshoot DNS




Pre-assessment Questions1. Which of the following security levels is defined when the domain controller is

installed on the DNS server and DNS zones are stored in Active Directory? a. Low b. Medium c. High d. Maximum

2. Which of the following extensions for namespaces are used by noncommercial organizations? a. .com b. .biz c. .org d. .mil




Pre-assessment Questions (Contd.)3. In which of the following namespaces the DNS zones and DNS topology

remain unchanged? a. Existing b. Delegated c. External d. Unique

4. Which of the following zones contains a list of resource records, which are used to identify the authoritative DNS servers for the zone? • Primary • Stub • Secondary • Integrated




Pre-assessment Questions (Contd.)5. Consider the following statements:

Statement A: Secure dynamic updates in Active Directory is a method in which a DHCP server is authorized to dynamically update the DNS entries in a network.Statement B: DNS client dynamic updates is a method in which DNS clients are allowed to update the DNS server automatically. Which of the following is correct about the above statements?

a. Statement A is False and Statement B is True. b. Statement A is True and Statement B is False.c. Both, Statement A and Statement B are True. d. Both, Statement A and Statement B are False.




Solutions to Pre-assessmentQuestions

1. c. High 2. c. .org 3. d. Unique 4. b. Stub 5. a. Statement A is False and Statement B is True




Optimizing DNS • The DNS service helps resolve host names to IP addresses on a network.

• You need to optimize the DNS servers to:

• Ensure that the DNS service provides efficient name resolution service to the existing network clients.

• Ensure that the DNS service caters to the name resolution requirements of additional DNS clients.




Disabling Recursion

• You can disable the recursion process on DNS servers that do not require it to optimize DNS performance.

• Disabling recursion reduces the probability of a DNS server being misused or attacked.

• The disadvantage of disabling recursion is that you cannot resolve host names that are outside the DNS zone by forwarding the request to other DNS servers.




Deleting and Modifying Root Hints • Cache.dns, the root hints file, contains pointers to the root servers on the

Internet and is preloaded in the DNS server.

• You can delete the root hints file from a DNS server to restrict it from communicating with DNS servers that have authority over the root of the DNS infrastructure.

• If the DNS service is used for both private networks as well as public networks, you can modify the root hints information of the DNS server according to the Internet root hints file released by the owners of the Internet root zone.




Optimizing Server Response

• You should disable the local subnet prioritization method when the servers having multiple IP addresses are on the same subnet.

• You should disable the round-robin rotation method when the servers having multiple IP addresses are not on the same subnet.




Using Caching-Only Server• Caching-only servers are nonauthoritative servers that contain frequently

requested domain names and IP addresses associated with each domain name.

• Benefits of a caching-only server are:

• Quick response to client queries

• Reduced load on the network traffic




Adjusting Start of Authority (SOA) Records

• Each zone on a network contains a SOA record, which defines the Time to Live (TTL) intervals for DNS queries.

• If the frequency of DNS data changes is high, you need to decrease SOA TTL intervals.

• If the frequency is low, you need to increase SOA TTL intervals.




Modifying Extension Mechanisms for DNS (EDNS0)

• When a DNS server answers a client query, it sends only those records that fit within 512 bytes.

• If the answer to the client query is more than 512 bytes, it sends a truncation bit along with the answer to indicate that the answer is incomplete.

• For receiving the complete answer, the client resends the query using TCP, which increases the network load and slows down the name resolution process.

• To eliminate this problem, you can use EDNS0, which allows clients to advertise the desired size of UDP data packets.




Practice-Optimizing DNS Server Performance

• Problem Statement

• BlueMoon Computers, Inc. has got a new project, which is confidential. The management of the company has assigned a team of 50 people to work on this project. The management wants to ensure that the details of the project are not leaked out. You need to ensure that the team does not have access to the Internet. In addition, you need to prevent unauthorized access to the confidential data.




Practice-Optimizing DNS Server Performance (Contd.)

• Solution

1. Install a new DNS server 2. Remove the root hints file




Troubleshooting DNS • To troubleshoot DNS problems, you should first identify the problem.

• You need to perform the following tasks to identify the DNS problem:

• Decide the scope of the host name problem.

• Validate the client or server settings.

• Validate server records.

• Capture DNS traffic between the server and the client.




Troubleshooting DNS Issues • The following DNS problems can occur during host records registration or

dynamic updates:

• Host Records Registration: A problem occurs when the primary DNS suffix and the zone name are not the same.

• Dynamic Updates: A problem occurs if:

• The DNS zone is not configured to receive dynamic updates.

• Dynamic updates are disabled at the client side.

• The client is using a third party DNS product that is not supporting dynamic updates.

• A DNS problem can also occur due to the following reasons:

• Incorrect or missing delegation

• Missing forwarders

• Incorrect configuration




Practice-Troubleshooting DNS Using Tools


• You have installed a new domain controller at the head office. However, you are not able to register the domain controller with the DNS server bluemooncomputers.com. You need to troubleshoot this problem so that the domain controller registers with the DNS server.




Practice-Troubleshooting DNS Using Tools (Contd.)

• Solution

1. Troubleshoot using Nslookup command-line tools 2. Troubleshoot using DNSLint




Practice-Troubleshooting Host Name Resolution


• You have installed a domain controller at the head office at Atlanta. When you try to register the domain controller on the DNS server, the registration process fails. However, when you execute the ping command from the domain controller, the command is executed successfully. You need to plan a troubleshooting strategy to resolve this problem.




Practice-Troubleshooting Host Name Resolution (Contd.)

• Solution

1. Check the IP configuration of the domain controller 2. Recreate the record of the new domain controller on the DNS

server 3. Examine the DNS suffix 4. Check dynamic update settings 5. Verify computer settings




SummaryIn this lesson, you learned that:

• To optimize DNS performance, you can disable the recursion process on DNS servers that do not require it.

• You can delete the root hints file from a DNS server to restrict it from communicating with DNS servers that have authority over the root of the DNS infrastructure.

• If the DNS service is used for both private networks as well as public networks, you can modify the root hints information of the DNS server according to the Internet root hints file released by the owners of the Internet root zone.

• You should optimize DNS server response by disabling the local subnet prioritization method or the round-robin rotation method.

• Each zone in a network contains a SOA record, which defines the Time to Live (TTL) intervals for the DNS queries.

• If the frequency of DNS data changes is high or low, you need to decrease or increase the SOA TTL intervals.




Summary (Contd.)• When a DNS server answers a client query, it sends only those records that fit

within 512 bytes.

• You can use EDNS0, which allows the clients to advertise the desired size of the UDP data packets.

• To troubleshoot DNS problems, you should first identify the problem and then troubleshoot the problem accordingly.

• DNS problems can occur during host records registration or dynamic updates.

• A DNS problem can also occur due to the following reasons:

• Incorrect or missing delegation

• Missing forwarders

• Incorrect configuration

Technology

Pmw2 k3ni 1-3a