Domain Name System (DNS) –
Computer does not understand names, one computer can communicate and access another computer by IP address. We are human beings we cannot remember IP address we remember computer names, website names, so there should be system which resolve computer name into IP address and IP address to computer name. DNS port number is 53.
DNS resolves computer name into IP address and IP address to computer name. DNS is foundation of Internet naming scheme. DNS is also foundation of Organizations naming scheme.
DNS Name Space –
Considering example of domain name like “server1.sales.mumbai.sevenmentor.com”, dot ‘.’ Between Sevenmentor and com is called as period or root domain.
DNS server maintains a table ie DNS zones in which it maintains information about computer name and associated computer IP address. In above figure comp1 makes a query to DNS server about IP address of comp2, DNS server refer DNS zone and if it found computer name and its associated IP address then it gives answer to comp1 about comp2 IP address.
Actually every computer has a host file (C:\Windows\System32\drivers\etc\host) and also cache memory. First computer checks its host file if it does not get required information in host file then it checks cache memory and if it does not find required information in cache memory also then it queries to DNS server. DNS server also has its cache memory, first it look up in cache memory if it does not found required answer in cache memory then it refer DNS zone. If DNS server found required information in cache then it replies quickly to respective computer.
DNS has zone as given below –
1.Active directory integrated zone and Standard zone –
While creating DNS zones it is asked to create Active directory integrated zone or Standard zone. If DNS zone is created as Active Directory integrated then zone database is maintained with ADDS database.
If DNS zone is created as Standard zone then DNS zone database is maintained in separate DNS folder. C:\windows\system32\dns.
II) Forward lookup zone and Reverse lookup zone –
- Forward lookup Zone: Forward lookup zone maintains resource record of computer name to IP address. Host (A) record.
- Reverse lookup Zone: In Reverse lookup zone resource record of IP address to computer name is maintained. Pointer (Ptr) record.
III)Primary zone, Secondary zone and stub zone –
- Primary zone: – Primary zone is created on main DNS server. It is read and write copy.
- Secondary zone: – Secondary zone is duplicate copy of Primary zone. It is a read-only zone. A second DNS server is maintained with secondary zone, and its IP address is kept as alternate DNS server so that if Primary zone is not available then client can resolve computer name to IP address from alternate DNS server where secondary zone is maintained.
- Stub zone: – Stub zone is also read-only copy of Primary zone with limited records. Stub zone maintains Host (A), Start of Authority (SOA) and Name server (NS) records. As stub zone does not maintain all records it is secure and it redirects query to Primary zone so Computer name to IP and IP to computer name get resolved.
Zone Resource Records.
1) Host (A): – This record maintains information of Computer name to IP address.
2) Pointer (PTR):- This record maintains information of IP address to computer name.
3) SOA:-Start of authority. It is the first record of zone. It maintains information about TTL value, zone replication interval, responsible user to which email goes about DNS error.
4) NS: Name Server. Name Server maintains information of main DNS server, its Fully Qualified Domain Name (FQDN) and IP address.
5) CNAME: Alias name record. We can give easy name to any server or client computer record in DNS, so that user can easily access it.
6) SRV: Service Location record. This record gives information about which services are given by server like ldap, Kerberos, kpassword etc.
7) MX: Mail Exchanger record. Generally email servers uses two protocols POP3 to receive mail and SMTP to send mail. Two separate servers are maintained for these two protocols. If organization is maintaining Mail server then record of SMTP server is maintained in DNS server. Maintaining SMTP server record in DNS server is mandatory.
DNS uses two queries.
1) Recursive query: DNS client makes a query to DNS server and DNS server gives full answer to query, because DNS server has resource record.
2) Iterative query: DNS client makes a query to DNS server, if DNS server does not have resource record for query then it takes reference of another DNS servers and resolve query.
Root DNS servers –
Root DNS servers are available on internet. There are 13 root DNS servers, if Local DNS server does able to resolve query it forwards query to ISP’s DNS server, if ISP’s DNS server does not able to resolve query then it forwards query to Root DNS servers.
How to find your DNS server IP: C:\>nslookup sm.com (domain name)
Background Zone loading –
- In previous servers, of Windows, if we start the DNS server with an extremely large Active Directory Integrated DNS zone database it could take hours for DNS data to be retrieved from Active Directory. During this time, the DNS server was unable to service any client request.
- In 2008 server and 2012 server solution is given by implementing “Background Zone Loading”.
- As DNS restarts, the Active Directory zone data populates the database in the background. This allows the DNS server to service client requests for data from other zones almost immediately after a restart.
- Background zone loading perform this task by loading the DNS zone using separate threads. This allows a DNS server to service requests while still loading the rest of the zone.
DNS Cache Locking:
- Windows Server 2012, 2016 DNS Cache Locking allows cached DNS records to remain safe for the duration of the record’s time to live (TTL) value. This means that the cached DNS records cannot be overwritten or changed. The configuration based on Percentage value.
- This feature prevents the DNS cache-poisoning attacks against your DNS server.
- Cache locking by command prompt:
C:\>dnscmd / config /cachelockingpercent 50%
- Cache locking y Windows Interface:
- Start->Run-> regedit-> HKEY-Local-Machine \System\current Control Set \Services \DNS \Parameters.
- Right-click Parameters,new,Dword(32bit) value (%),double click on the under box, choose decimal, under value type 0-100.
DNS Security Extensions (DNSSEC)
- HOW IT WORKS :-
- DNSSEC uses digital signatures and cryptographic keys to validate that DNS responses are authentic.
| SevenMentor Pvt Ltd.
© Copyright 2021 | Sevenmentor Pvt Ltd.