DNS Processes: Name Query

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Name Query Behavior

    

Recursive and Iterative Queries Name Caching Forwarders Root Hints Delegation and Glue Records

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Recursive Query
 

DNS Client querying for: Mail1.Contoso.Com Recursive Query to its Configured DNS Server 1. Client sends recursive query to local DNS Server
2. Local DNS Server checks: Forward lookup zone Cache 3. If found, the DNS Server

returns answer to Client

4. If not found, the DNS Server

uses Forwarder address or Root Hints.

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

NonNon-Recursive (Iterative) Query



If configured to use Root Hints, Local DNS makes Iterative Queries:

1. Local DNS Server sends

iterative query to Root server to obtain authoritative NS

2. Root server responds with a

Referral to a DNS Server closer to the submitted domain name

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

1. Local DNS server then makes iterative query to that

server.
2. Process continues until Local DNS receives Authoritative

Response
3. Response is then sent to the DNS client

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Referral

Possible Response to an Iterative Query

References a DNS Server closer to name in query

Usually one level below server being queried

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

DNS Server Caching



The DNS Server caches Host Name and IP Address of:  Host Names resolved via iterative queries to other DNS Servers


Name Servers that it learns are authoritative for unknown domains

DNS Server uses its cached data in conjunction with its zone data to resolve subsequent queries:  If specific Host/IP Mapping are in cache Server returns that data to querying host


Will used cached Name Server data when trying to resolve subsequent queries to unknown domains

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Length of time entries stay in cache (TTL) is set by responding server

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Negative Caching


If DNS Server learns that Host Name is invalid or does not exist from an authoritative server, it caches that information

On subsequent queries it can then respond to client without attempting to contact the remote Server

Helps to reduce overall traffic between servers.

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

ClientClient-side (Resolver) Caching



DNS Client (Resolver) also caches resolved Host Name/IP Mapping data Client checks local cache before contacting DNS Server Local HOSTS file, if it exists, is pre-loaded into cache at startup Clients also perform Negative Caching Entries remain in cache for duration specific by TTL
ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Forwarders


If DNS Server cannot resolve name using local or cached data, it must communicate with other name servers to resolve request, often across Internet or WAN

Forwarders are DNS Servers configured to handle queries that cannot be resolved using local data, and for which queries across the Internet or WAN are necessary

Reduces workload on local DNS Servers, tasks specific machines with remote query functions

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Forwarder Behavior
DNS Servers may be configured with address of one or more Forwarders  DNS Servers use Forwarders in one of two modes  Non-exclusive mode

 

DNS Server passes queries that cannot be resolved with local data to specified Forwarder If Forwarder cannot resolve request, local DNS Server attempts resolution via normal process of iterative queries via Root Hints.

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Exclusive Mode


Same as above, except local Server does not attempt resolution via Root Hints if Forwarder cannot resolve request.

Windows 2003 DNS Servers can be set Exclusive via Do not use recursion option in Server properties.

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Root Hints

Used to resolve names for which server is not authoritative :



Root Hints direct queries from name servers to Root of namespace

Configuration
 

Cache.dns Edit Root Hints in the Properties of the DNS Server

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Caching Only DNS Server

   

DNS Servers configured to only query and cache Not authoritative for any domain No zone files only cached data Windows 2003 DNS Servers function as Caching Only servers at initial install if no zones are configured


Uses Root Hints to carry out query process

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Delegation and Glue Records



Delegation of Subdomains to a Separate Zone  Requires NS and A Records in Parent Zone

Lists Authoritative Name Server for the Delegated Zone

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Delegation  NS Record in Parent Zone



Necessary for Name Resolution

Glue Record  A Record in Parent Zone



Needed when NS is a member of the delegated domain

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Summary
    

Recursive and Iterative Queries Name Caching Forwarders Root Hints Delegation and Glue Records

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

DNS Processes: Server-Side Processes

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

DNS Processes ServerServer-side Processes

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Discussion Topics
    

Name Server Types Zone Transfer Process Active Directory Integration of DNS Zones Round Robin Subnet Prioritization

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Name Server Functions



DNS Servers can be configured with several zone types or none at all:


Normal Operation
Standard Primary Standard Secondary AD Integrated

Caching Only (No Zones)

Numerous options for optimal configuration based on network topology, size of namespace, etc.

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Zone Types
Standard Primary Zone  Authoritative server for its zone (or zones)  Hosts master (writeable) copy of zone file(s)  Changes to Zone Data are carried out on this servers local zone files  In Win2k, supports dynamic update of zone files  Standard Secondary Zone  Receives its Zone Data and updates from authoritative Master Name server in its zone via Zone Transfer process


ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Master Server Server from which a Secondary Name Server receives its zone data and updates NOTE: A Secondary can function as Master to another Secondary

Active Directory Integrated Zone

  

Zone Data is stored in Active Directory database Only on Windows 2003 Domain Controllers Multiple writable / master copies of zone

Caching-only Servers
ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Zone Types


Transfer of Records to a Secondary Name Server in a Zone Pulled from a Master Server


Master can be the Primary Name Server or another Secondary Server

 

Notification Based Two Types:



Full Zone Transfer

Windows 2003, Windows NT operating system 4.0

Incremental Zone Transfer

Windows 2003

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

DNS Notify


Notification of Change
 

Master Notifies Secondary Notify List

Notification Process:
  

Serial Number field in the SOA RR is updated Master sends a Notify message to servers on the Notify List Secondary servers initiate the Zone transfer process

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Full Zone Transfer



Transfer of the Entire Zone Database:  Secondary waits Refresh

 

Secondary polls the master server for its SOA RR Secondary compares master SOA serial number to its own If the number from the master is higher The zone database on the secondary is out of date Full Transfer (AXFR) query is sent to the master Master responds with the full zone database
ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

 

If the master does not respond at step 2:



The Retry field specifies how often the secondary retries the process

If no answer after the interval in the Expire field



The secondary server discards the zone

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Incremental Transfer
Based on Zone Version History
 

Maintained by Master Increases Disk Space Needs on the Server

Same Process as Full Transfer until the Transfer query



Secondary sends an Incremental Transfer (IXFR) instead of AXFR query Master sends only changes unknown to the secondary

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Active Directory Integrated Zones



AD Integrated Zone
  

Stored as AD Objects Replicated as part of normal AD Replication Multi-master Replication model

Benefits:
   

Fault Tolerance Security Simplified Management More Efficient Replication of Large Zones

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

MultiMulti-master Replication


DNS Transfers
 

Full Zone Transfers send the Entire Database Incremental Zone Transfers send Each Change

Per-Property Processing


Only Relevant Changes Propagated

Every DNS Server running on a DC is Authoritative



SOA Records

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Name Collisions (Active Directory Integrated)



Near Simultaneous Changes to the Same Object on Different DCs



Results in inconsistent information between DCs

Replication Collision


Change happens on Second DC before first change is replicated Resolution:

AD disambiguates the names Compares the version number of the changes If the versions are the same Timestamps are compared Latest change is kept

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Round Robin


 

Multiple Resource Records for one name (same name, different IP Addresses) Server rotates order of A records when responding Example with three A records:

1. First client queries to

resolve www.newcorp.com and receives 172.16.64.11 first in the reply

2. Second client receives

172.17.64.22 first in response to the query on same name

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

1. Third client receives the address 172.18.64.33 2. The next client would receive the first address in order as the

server restarts the rotation

Enabled by Advanced Properties of the DNS Server setting in the DNS MMC

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Round Robin with Subnet Prioritization



Response is reordered based on the subnet of the client and resource record (RR)  The host Srv1.newcorp.com has three host IP addresses registered in DNS zone data  DNS Client queries the DNS Server to resolve Srv1.newcorp.com  The DNS Server notes the originating IP of the client, and reorders the response to provide address matching clients own network List is not prioritized if no local network match is found

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center

Summary

    

Name Server Types Zone Transfer Process Active Directory Integration of DNS Zones Round Robin Subnet Prioritization

ADVANTAGE PRO ADVANTAGE PRO Chennais Premier Networking Training Center