- Introduction
- Introduction to DNS
- Planning a DNS Namespace Design
- Planning DNS Zone Requirements
- Planning DNS Forwarding Requirements
- Configuring DNS Security
- Integrating with Third-Party DNS Solutions
- Introduction to WINS
- Implementing WINS Replication
- Implementing NetBIOS Name Resolution
- Troubleshooting Name Resolution Problems
- Chapter Summary
- Apply Your Knowledge
Apply Your Knowledge
Exercises
3.1 Testing TCP/IP
This exercise guides you through the process of retrieving IP address information. Then you use a few command-line entries to test the configuration and connectivity of the IP address.
Estimated time: 10 minutes
Select Start, Run. Then type CMD and press Enter.
At the command prompt, type the command ipconfig and press Enter. What is your IP address? What is your subnet mask? Can you determine the IP address of the DNS server?
Enter ipconfig/all. What additional information can you now see?
Enter ping 127.0.0.1. This is a special loopback test that tells you whether your network interface card is dead, just playing sick, or, you hope, just fine.
Enter ping XX, where XX is your favorite Web site.
If you have another computer on this network, ping the IP address of that computer.
ping the name of the computer.
Did all your communications occur successfully? If not, you may need to perform some additional investigation and troubleshooting to determine where your problem lies. Note that more and more publicly accessible networks (such as microsoft.com) now actively drop ICMP packets, thus preventing the ping command from working properly.
3.2 Configuring a Replication Partner
In this exercise, you configure a replication partner.
Estimated time: 10 minutes
Open the WINS console by clicking Start, Programs, Administrative Tools, WINS.
In the right pane, right-click Replication Partners and select New Replication Partner. The New Replication Partner dialog box opens and asks you to enter the address of another WINS server. You can enter either the server name or IP address. If the server name cannot be resolved, you are prompted to enter the address of the server.
Enter the name or IP address of the server and click OK.
Click Replication Partners in the left pane of the WINS console. You should see your new replication partner in the right pane.
Right-click the newly created replication partner. Then select Properties from the context menu to open the Replication Partner Properties dialog box.
Click the Advanced tab. On this tab, you can configure the replication properties for the replication partner. You can choose from Push/Pull (the default), Push, or Pull. You can also specify the options to control how and when the replication is to occur.
Click OK when the settings meet your requirements.
3.3 Performing a Manual Push Replication
In this exercise, you manually perform a push replication.
Estimated time: 10 minutes
Open the WINS console by clicking Start, Programs, Administrative Tools, WINS.
Right-click WINS Server and select Start Push Replication.
Enter the DNS name or IP address of the other WINS server and click OK.
Select Start for This Partner Only as the replication method. You can select Propagate to All Partners as the other method. Click OK. You receive a message that the replication request has been queued.
Check the event log for the status of the request and to see when it is completed.
3.4 Performing a Manual Pull Replication
In this exercise, you manually perform a pull replication.
Estimated time: 10 minutes
Open the WINS console by clicking Start, Programs, Administrative Tools, WINS.
Right-click the WINS Server and select Start Pull Replication.
Enter the DNS name or IP address of the other WINS server and click OK.
When asked to confirm the request, click Yes. You receive a message stating that the replication request has been queued.
Check the event log for the status of the request and to see when it is completed.
Review Questions
You need to determine if one of the routers between your network and your partner's network is dropping packets. What command-line utility can you use to make this determination?
You are planning a new Windows Server 2003 Active Directory network for your organization. The organization currently uses three Unix BIND DNS servers. What minimum version of BIND do you need to have to support Active Directory?
You have been directed to create a new DNS namespace for your company. The namespace must be as short as possible and be easily accessible from inside and outside your organization. The namespace will be used within a screened subnet to host a publicly accessible e-commerce application. What type of namespace should you implement?
You are considering setting up WINS for your network. You feel you need a better understanding of how NetBIOS works and how the different node types work. What are the four NetBIOS node types, and how do they work?
What is the major difference between push replication and pull replication?
Exam Questions
-
You are currently planning the DNS namespace for a new Windows Server 2003 deployment. The namespace will be used only for the internal network. There will be a separate public network located in a DMZ with a different DNS namespace. Which of the following DNS namespaces would be acceptable on the internal network but not on the public network? (Choose all that apply.)
-
bigcorp.com
-
bigcorp.corp
-
bigcorp.local
-
corp.bigcorp.com
-
local.bigcorp.com
-
You are the network administrator for Rick's Rockets, a leading aerospace manufacturing corporation. You have several dozen legacy clients on your network that require WINS to be available. You are configuring a new Windows Server 2003 computer to act as WINS servers for your network. You also have one existing Windows 2000 Server computer providing WINS services. You want replication to occur after a certain number of changes have occurred. What configuration do you need to make?
-
Configure a push partner on the Advanced tab of your WINS server properties page.
-
Configure a pull partner on the Advanced tab of your WINS server properties page.
-
Configure a push partner on the Settings tab of your WINS server properties page.
-
Configure a pull partner on the Settings tab of your WINS server properties page.
-
You are a network consultant who has been hired by Carmen's Clown College, Inc. You have been given the task of designing a delegated DNS namespace for Carmen's new Windows Server 2003 network. Carmen's already owns the clowncollege.com domain, and its ISP is hosting its Web site. Which of the following options represents a valid delegated DNS namespace?
-
clowncollege.net
-
corp.clowncollege.com
-
clowncollege.corp.com
-
clowncollege.com.corp
-
You are the network administrator for a five- location pet food manufacturer. You have WINS servers at all five locations, and you would like them to replicate with each other automatically. What should you do?
-
Configure each WINS server as a replication partner. In Replication Partner properties, select Replicate with All Partners.
-
Configure each WINS server as a replication partner. In Replication Partner properties, select Replicate Only with Partners.
-
In Replication Partner properties, deselect Replicate Only with Partners. The server will automatically replicate with any WINS servers.
-
Install WINS. Any WINS servers on the network will automatically replicate.
-
You are interviewing Chris, a candidate for an assistant administrator position in your company. When you ask her what a standard secondary zone is, what answer should she tell you?
-
A zone that holds a writable copy of the zone data and that can transfer it to all configured servers
-
A zone that holds a read-only copy of the zone data
-
A zone that has its zone data held within Active Directory
-
A zone that contains only those resource records necessary to identify the authoritative DNS servers for a zone
-
You are the network administrator for Blue Sky Air, and you are training another administrator to assist with maintaining the network. She is having a hard time understanding the different NetBIOS node types, especially what type the Windows 2000 Professional and Windows XP Professional computers use. What is the default node type for these computers?
-
H-node
-
M-node
-
P-node
-
B-node
-
You are a senior consultant for Legacy Systems, Inc., a leading consultancy that helps organizations integrate their existing networks with newer technologies, such as Windows Server 2003. You are currently trying to get the existing BIND DNS implementation working with the newer Windows Server 2003 DNS service. Eventually, you will be able to migrate the existing BIND DNS zones to Windows Server 2003, but the customer wants this to occur over a six-month period, to prepare for any troubles. There are several different BIND servers, all of different versions. You are not sure what the version is on each of them. What setting can you change in the Windows Server 2003 DNS configuration to ensure that zone transfers succeed between the Windows Server 2003 DNS servers and the BIND servers?
-
BIND Secondaries
-
Enable Round-robin
-
Enable Netmask Ordering
-
Secure Cache Against Pollution
-
You are the system administrator for Widgets and Things, Inc. You are installing a WINS server on your Windows Server 2003 server. Your end users are all using DHCP. What is the best way to configure the workstations to utilize the WINS server?
-
Make sure the WINS server is installed on a domain controller. WINS resolution will happen automatically.
-
Modify the DHCP scope options for the WINS server to include the address of the new WINS server.
-
Open the Network applet and open the TCP/IP properties. On the WINS tab, modify the TCP/IP properties to point to the WINS server. Repeat this procedure for each machine.
-
Update the LMHOSTS file to include the address of the new WINS server.
-
A client computer that makes a DNS query to a DNS server for name resolution of a remote host is referred to as what?
-
A recursive query
-
An iterative query
-
A DNS resolver
-
A DNS forwarder
-
The WINS service was created to replace what?
-
The domain name service
-
The HOSTS file
-
The LMHOSTS file
-
The WINS file
-
You are a senior consultant for Legacy Systems, Inc., a leading consultancy that helps organizations integrate their existing networks with newer technologies, such as Windows Server 2003. You are currently trying to get the existing BIND DNS implementation working with the newer Windows Server 2003 DNS service. Eventually, you will be able to migrate the existing BIND DNS zones to Windows Server 2003, but the customer wants this to occur over a six-month period, to prepare for any troubles. There are several different BIND servers, all of different versions. You are not sure what the version is on each of them. What is the minimum version of BIND that you will require on these BIND servers to ensure that they meet the DNS requirements of Active Directory?
-
4.9.4
-
4.9.6
-
8.1.2
-
8.2.1
-
You are the WAN administrator for the Women's Place clothing store. You have six satellite locations all connected with low bandwidth WAN links. Each location has its own WINS server for name resolution and will need to be replicated to. What is the best configuration for the WINS replication from the corporate WINS server to those in the field?
-
Configure a pull replication from the remote servers to the central server and schedule it to occur whenever 100 entries have been added to the table.
-
Configure a push replication from the remote servers to the central server and schedule it to occur whenever 100 entries have been added to the table.
-
Configure a pull replication from the central server to the remote servers and schedule it to occur whenever 100 entries have been added to the table.
-
Configure a push replication from the central server to the remote servers and schedule it to occur whenever 100 entries have been added to the table.
-
By default, with what DNS servers will a Windows Server 2003 DNS server perform zone transfers?
-
Only those servers listed on the Zone Transfers tab of the zone properties dialog box.
-
Only those servers listed on the Name Servers tab of the zone properties dialog box.
-
All servers listed on the Name Servers and Zone Transfers tabs of the zone properties dialog box.
-
All servers not listed on the Name Servers and Zone Transfers tabs of the zone properties dialog box.
-
You are troubleshooting network connectivity between two computers on a routed IP network. What command can you use to send a continuous flow of ICMP echo request packets to the destination IP address?
-
ping -a
-
ping -t
-
ping -l
-
ping -f
-
You are configuring your Windows Server 2003 DNS servers for increased security. You are concerned about the possibility of queries' responses containing resource records that are not pertinent to the original queries. What option can you select that will prevent this from occurring by allowing the DNS server to not cache a resource record if it is not part of the exact DNS domain tree for which the original query was made?
-
BIND Secondaries
-
Enable Round-robin
-
Enable Netmask Ordering
-
Secure Cache Against Pollution
Answers to Review Questions
-
The pathping command combines the functionality of the ping and tracert commands and allows you to quickly determine which routers or subnets are dropping packets. For more information, see the section "pathping."
-
The BIND servers need to be at version 4.9.6 (support for SRV resource records). For more information, see the section "Integrating with Third-Party DNS Solutions."
-
You should implement a unique DNS namespace. This option uses a completely separate but related domain name for your internal namespace. As an example, if you are using bigcorp.com for your external namespace, you might use bigcorp.net for your internal namespace. This configuration provides the advantage of improving security by isolating the two namespaces from each other. For more information, see the section "Planning a DNS Namespace Design."
-
The main differentiator between the four node types is the methods they use for name resolution (broadcast versus direct connection). The four types are as follows:
-
The main difference between push and pull replication (besides the direction the database is replicated) is the trigger for the event. In the case of a push replication, the trigger is event based. When a specified number of changes are made to the database, the replication is triggered. A pull replication is triggered by the time configured for the replication. This is user configured. For more information, see the section "Implementing WINS Replication."
B-node (broadcast node), which relies exclusively on broadcast messages and is the oldest NetBIOS name resolution mode. A host needing to resolve a name request sends a message to every host within earshot, requesting the address associated with a hostname. B-node has two shortcomings: broadcast traffic is undesirable and becomes a significant user of network bandwidths, and TCP/IP routers don't forward broadcast messages, which restricts B-node operation to a single network segment.
P-node (point-to-point node, which relies on WINS servers for NetBIOS name resolution). Client computers register themselves with a WINS server when they come on the network. They then contact the WINS server with NetBIOS name resolution requests. WINS servers communicate using directed messages, which can cross routers, so P-node can operate on large networks. Unfortunately, if the WINS server is unavailable or if a node isn't configured to contact a WINS server, P-node name resolution fails.
M-node (modified node) is a hybrid mode that first attempts to resolve NetBIOS names using the B-node mechanism. If that fails, an attempt is made to use P-node name resolution. M-node was the first hybrid mode put into operation, but it has the disadvantage of favoring B-node operation, which is associated with high levels of broadcast traffic.
H-node (hybrid node) is also a hybrid mode that favors the use of WINS for NetBIOS name resolution. When a computer needs to resolve a NetBIOS name, it first attempts to use P-node resolution to resolve a name via WINS. Only if WINS resolution fails does the host resort to B-node to resolve the name via broadcasts. Because it typically results in the best network utilization, H-node is the default mode of operation for Microsoft TCP/IP networks configured to use WINS for name resolution. Microsoft recommends leaving TCP/IP client computers in the default H-node configuration. For more information, see the section "Implementing NetBIOS Name Resolution."
Answers to Exam Questions
B, C. The bigcorp.corp and bigcorp.local namespaces are not allowable public DNS namespaces, per RFC 1123. However, they are perfectly acceptable for an internal namespace. Answers A, D, and E represent valid external (public) namespaces and could thus be used internally or externally. Only Answers B and C represent namespaces that are valid only on an internal network. For more information, see the section "Planning a DNS Namespace Design."
A. If you want your WINS server to send notification to replication partners that a number of changes have happened on your WINS server, you need to select the Push option for the WINS server. For more information, see the section "Implementing WINS Replication."
B. The corp.clowncollege.com namespace represents a delegated DNS namespace. corp. clowncollege.com would thus become the root of the Active Directory forest and domain structure. Internal network clients should be allowed to resolve both internal and external domain names; however, external (Internet) clients should not be allowed to resolve internal hostnames. The namespace clowncollege.net represents a unique namespace; thus, Answer A is incorrect. The namespaces clowncollege.corp.com and clowncollege.com.corp are not delegated namespaces of the clowncollege.com namespace; thus, Answers C and D are incorrect. For more information, see the section "Planning a DNS Namespace Design."
B. After the WINS servers have been configured as replication partners, they will replicate with each other based on the replication configuration. For more information, see the section "Implementing WINS Replication."
B. A standard secondary zone holds a read-only copy of the zone information in standard text format. Secondary zones are created to increase performance and resilience of the DNS configuration. Information is transferred from the primary zone to the secondary zones. A master zone is one that holds the only writable copy of the zone data; thus, Answer A is incorrect. An Active Directoryintegrated zone operates in a multimaster mode, whereby all name servers can make changes to the zone data; thus, Answer C is incorrect. A stub zone contains only those resource records necessary to identify the authoritative DNS servers for a zone; thus, Answer D is incorrect. For more information, see the section "Planning DNS Zone Requirements."
A. Windows 2000 Professional and Windows XP Professional computers use H-node (hybrid) for NetBIOS name resolution. This node type favors the WINS server for name resolution but attempts to resolve the name by broadcast if the WINS server is unavailable. For more information, see the section "Implementing NetBIOS Name Resolution."
A. By selecting the BIND Secondaries option, you disable fast zone transfers and ensure that zone transfers are compatible and can succeed with older DNS implementations that do not support fast zone transfers. BIND version 4.9.4 and later do support fast zone transfers. Selecting the Enable Round-robin option configures the DNS server to use a round-robin rotation to rotate and reorder resource records if multiple records exist; thus, Answer B is incorrect. The Enable Netmask Ordering option configures the DNS server to reorder its host records in the response it sends to a query based on the IP address of the DNS resolver from which the query came; thus, Answer C is incorrect. The Secure Cache Against Pollution option configures the DNS server to prevent the addition of resource records that are unrelated to the original query; thus, Answer D is incorrect. For more information, see the section "Integrating with Third-Party DNS Solutions."
B. Because this is a DHCP environment, just add/update the WINS option for the DHCP scope. Answer C might work, but it is much more labor intensive than the one-time scope update. For more information, see the section "Implementing WINS Replication."
C. A DNS resolver is any system that has been configured with the IP addresses of one or more DNS servers and that performs name resolution queries against these servers. Recursive and iterative represent the types of name resolution queries that are performed. A recursive query is a DNS query that is sent to a DNS server from a DNS resolver asking the DNS server to provide a complete answer to the query, or an error stating that it cannot provide the information; thus, Answer A is incorrect. An iterative query is a DNS query that is sent by a DNS server to another DNS server in an effort to perform name resolution; thus, Answer B is incorrect. A DNS forwarder is a DNS server that has received a forwarded name resolution request from another DNS server; thus, Answer D is incorrect. For more information, see the section "Planning DNS Forwarding Requirements."
C. WINS is a dynamic replacement for the LMHOSTS file. For more information, see the section "Introduction to WINS."
C. BIND 8.1.2 meets all the DNS requirements to support Active Directory by adding support for dynamic DNS. BIND 4.9.4 introduces support for fast zone transfers and does not meet the requirements for Active Directory; thus, Answer A is incorrect. BIND 4.9.6 introduces support for SRV resource records but does not meet all the requirements for Active Directory; thus, Answer B is incorrect. BIND 8.2.1 introduces support for incremental zone transfersalthough this is not a requirement for Active Directory; thus, Answer D is also incorrect. For more information, see the section "Integrating with Third-Party DNS Solutions."
D. For this question, keep two components in mind: the trigger (when a certain number of entries are added, this is the least bandwidth-intensive mechanism) and the direction the information must travel. Answer D is the only one with the right combination of these factors. For more information, see the section "Implementing WINS Replication."
B. By default, Windows Server 2003 DNS servers perform zone transfers only with the DNS servers that are listed on the Name Servers tab of the zone properties dialog box; thus, Answers A, C, and D are incorrect. All DNS servers that are considered to be authoritative for the DNS zone are listed on the Name Servers tab. Although this configuration is fairly secure, you can make it more secure by explicitly configuring DNS servers by IP address on the Zone Transfers tab for which you want to allow zone transfers to occur. For more information, see the section "Zone Transfer Security."
B. By issuing the ping -t command, you can send a continuous stream of ICMP echo request packets to the destination IP address. You can stop the stream of packets by pressing the Ctrl+C key combination. For more information, see the section "ping."
D. DNS servers typically cache any names in referral answers, thus expediting the speed of resolving subsequent DNS queries. However, when this feature is in use, the server can determine if the referred name is polluting or insecure and discard it. The server thus determines whether to cache the name offered in the referral depending on whether it is part of the exact DNS domain tree for which the original name query was made. For more information, see the section "DNS Server Properties."
Suggested Readings and Resources
Microsoft Corporation. 2003. Microsoft Windows Server 2003 Resource Kit. Redmond, WA: Microsoft Press. ISBN: 0735614717.
Microsoft Corporation. 2003. Microsoft Windows Server 2003 Deployment Kit. Redmond, WA: Microsoft Press. ISBN: 0735614865
Davies, Joseph, and Thomas Lee. 2003. Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference. Redmond, WA: Microsoft Press. ISBN: 0735612919.
"Technical Overview of Windows Server 2003 Networking and Communications," http://www.microsoft.com/windowsserver2003/techinfo/overview/netcomm.mspx.
"Deploying Network Services," http://www.microsoft.com/technet/prodtechnol/windowsserver2003/evaluate/cpp/reskit/netsvc/default.asp.