CIS2153.gif (14009 bytes)

Resource Page   CIS 2153 Syllabus    Chapter Lesson Notes: 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

Chapter 2 Lesson Notes
  1. The Domain Naming System: Introductory Concepts and Procedures
    1. The difference between DNS and NetBIOS
      1. NetBIOS was designed for small single-segment LANs which are broadcast-based as shown in Figure 2-1 on page 47. This had its drawbacks, which include the following:
        1. The volume of traffic increased as computers on each network segment were added.
        2. NetBIOS-based protocols, such as NetBEUI, are not routable.
        3. Forwarding NetBIOS broadcasts across routers (or Brouters) would have a profoundly negative impact on network performance.
      2. NetBIOS has a naming scheme that is "flat," unlike DNS, which uses a hierarchical naming system (see below).
    2. The NetBIOS and WinSock Interfaces
      1. The Flat NetBIOS Namespace
        1. The analogy found on page 48 of the textbook describes a flat naming scheme; that is, if everyone in the world had only one name, like John, there would be confusion between two people with that same name. But, if there were only that one name available, it would be very difficult to ensure a unique first and last name for every individual.
        2. The flat naming scheme offered by NetBIOS causes limitations in network naming structures.
      2. The NetBIOS and WinSock Interfaces
        1. DNS uses a hierarchical naming system, similar to a sort order of a telephone book. The primary sort order is by last name, then first name, then middle initial, then phone number.
        2. DNS uses one of two Session layer interfaces: The Windows Sockets (WinSock) interface or the NetBIOS interface. NetBIOS communications reach their destination based on the NAME of the computer.
        3. The TCP/IP Protocol stack (which includes the Transmission Control Protocol and Internet Protocol) uses the TCP/IP address of a computer. It does not rely on the NetBIOS name for communication. WinSock uses this communication method, relying only on the TCP/IP address of a computer, not the NetBIOS name.
      3. NetBIOS over TCP/IP or NetBT
        1. NetBT (NetBIOS over TCP/IP) allows NetBIOS aware applications to work over the routable TCP/IP protocol. NetBIOS computers are only aware of the computer name, and NetBT allows for a resolution from NetBIOS name to TCP/IP address, thus masking the underlying protocol from the unaware application. (See Figure 2-2 on page 50.)
      4. The Windows Sockets (WinSock) Interface
        1. Programs to be used on a TCP/IP network must be specifically written to use WinSock.
        2. These programs only require an IP address to communicate with another computer on their network.
        3. Since WinSock uses numbers, which is more efficient than using names, there needed to be a way to help us remember those numbers. Host name resolution solves this problem by converting an IP address to a name (such as 24.12.145.101 to www.cripliver.com).
      5. The Bottom Line on the difference between NetBIOS and WinSock:
        1. NetBIOS is based solely on a computer’s NetBIOS name.
        2. WinSock is based on a computer’s TCP/IP address.
        3. Before Windows 2000, all core networking functions were based on NetBIOS.
        4. Windows 2000 depends on DNS for its name resolution, which increases its importance on this exam.
    3. The DNS Namespace
      1. root domain: At the top is the root domain, represented by either a dot (a period) or an empty space. Note that both will be accepted on your exam, but the dot is more commonly used.
      2. Top-level domain: Under the root are the top-level domains, such as .com, .net, .org, .edu. Each top-level domain hopes to represent your business the best, although you are free to choose among them. Edu is a very common domain for a university, for instance. Table 2-1 on page 52 of your text includes a list of top-level domain names and their presumed members.
      3. Second-level domain name: This name distinguishes your organization from all others, such as Microsoft (.com) or Cripliver (.com) or Valpo (.edu). Figure 3 on page 53 shows the DNS hierarchy.

        4. Teaching Tip

        Reading a domain name is like reading a street address backwards. When your mother sends you a birthday card, the mailman reads your address backwards, beginning with the zip code. Then he reads the state, city, street, number on the street, and finally your name. You may have noticed how your mailbox receives mail addressed to OCCUPANT. This isn’t your name, but since the other address information can locate your house well enough, the mailman can deliver such mail to your door.

      4. The root, top-level, and second-level domains are centrally managed by DNS. You must register your second-level domain name through a domain registrar such as Network Solutions (www.networksolutions.com).
      5. As the DNS administrator in your company, you are responsible for all domains beneath your second-level domain name. You must also maintain at least two DNS servers that are authoritative for your second-level domain. "Authoritative" means that your DNS servers have the authority to answer questions about host name resolutions for your domain.

      Beyond the Basics

      It has become popular in today’s economy for individuals with little or no network experience to "park" a domain name with a domain registrar, such as Network Solutions. These individuals later sell the domain name to the highest bidder for a substantial profit. For instance, a person might purchase the domain name of www.PeeWeeHerman.com in the hopes that PeeWee Herman will run for President. If Mr. Herman does indeed run for President, the owner of that domain could sell it for millions of dollars—receiving an ROI (return on investment) of perhaps a million percent!

      "Parking" a domain name simply means that you want to own the domain name, but you have no DNS servers to authorize it. Until you have the DNS servers, you can’t actually use that name on the Internet. You may see in your "travels" on the Internet, however, a site that has one lonely page that reads "This site for sale. Write to thisperson@somplace.com to inquire."

      To see what domain names are available, you can visit www.networksolutions.com and enter a possible name in the search box. To find out who owns a domain name that is already taken, visit www.networksolutions.com/cgi-bin/whois/whois for the name of the owner and the IP address of their DNS servers.

      Discussion Point

      Refer to the Scenarios and Solutions table on page 54 of your book for FAQs about registering domains.

    4. Domain and Host Name Specifications
      1. Fully Qualified Domain Names, or FQDNs
        1. An FQDN is the combination of a machine’s host name and its domain name. An example is naming your PeeWeeHerman.com site with www. It is important to understand that it is not a requirement to use www for your FQDN to appear on the World Wide Web—it’s just an easier way of identifying the site.
        2. The FQDN contains a label that includes a domain or host name and periods (dots). Each label is separated by a dot. Each label can contain up to 63 bytes (not to be confused with 63 characters).
        3. The only legal characters supported in a Windows 2000 domain name are A-Z, a-z, 0-9, and the dash (-). Note that the underscore is not supported, and Windows 2000 will replace any underscores it finds with dashes (from pre-Windows 2000 NetBIOS names).
    5. Planning Domain Names for an Organization
      1. Using the same domain name for both Intranet and Internet resources
        1. Maintain two zones: Data security is paramount. Create one internal DNS Zone and a separate external DNS Zone. Intranet users will point only to the internal zone, and Internet users will point to the external zone. Maintaining two zones allows you to point to the same address (eg: www.tacteam.net) from two separate locations, depending on whether the request is Intranet or Internet.
      2. Implementing the same domain name for Internal and External resources
        1. Mirror the external resources internally. This way, your internal users can have access to the same information that is located on the external web server. (See Figure 2-4 on 60.)
        2. This decision rarely comes from you, the administrator, but is delegated to you to implement.
      3. Using different domain names for Intranet and Internet resources
        1. Using different domain names for the Intranet and Internet is an easier scenario to set up since you don’t have to worry about keeping different zone databases for the same domain name.
        2. Choose an easy-to-remember, intuitive name for your external domain, but your internal name can relate more to your company name or product. An example of an Internet name would be: widgets.com, and an Intranet name: widgetscorp.com (see Figure 2-5 on page 61).
    6. Naming your Subdomains
      1. Subdomains are based on the geographical location or business unit
      2. Naming Domains based on business units
        1. For example: sales.stuff.com, marketing.stuff.com, or hr.stuff.com, each of which contains the resource for the Sales, Marketing and Human Resources division of the Stuff Company
        2. Disadvantages of this strategy are that when the names of these resources change, your entire domain names must change.
      3. Naming Domains based on geography
        1. Examples could be west.stuff.com, east.stuff.com, north.stuff.com, Europe.stuff.com, etc. Notice that these names are better suited than losangeles.stuff.com or boston.stuff.com because locations of offices might change.
      4. Root Names Servers
        1. The root name server must be in place before you can install Active Directory. It is authoritative for your second-level domains.
        2. The root name server can contain delegations for your subdomains. A delegation informs DNS clients which DNS servers are authoritative for your subdomains.
    7. Zones of Authority
      1. The zone database file is the actual information about domains and what they contain.
      2. The zone database is located at %systemroot%\system32\dns.
      3. Forward lookup zones
        1. Forward lookup zones allow DNS clients to resolve a host name to an IP address.
        2. Contiguous and noncontiguous zones (see Figure 2-6 on page 67): Notice that the Microsoft.com domains are contiguous (next to each other). The MSN domains are contiguous as well. However, the Microsoft and MSN zones are not contiguous.
        3. Zones allow for delegation of responsibility for maintenance of resources in that zone, and not necessarily by any one user of that zone since not all users are accomplished in DNS maintenance.
        4. Zones receive their names from the "root" or highest level domain contained in that zone.
        5. It is important to know the difference between a zone and a domain for the exam, although the terms are often used interchangeably.
        6. A zone can contain multiple contiguous domains, and a single DNS server can host multiple zones.
      4. Reverse Lookup Zones
        1. A reverse lookup zone allows the DNS client to resolve an IP address to a host name.
        2. Example: IP address 192.168.1.3 would be "translated" to the host name, such as PAYROLL1.
        3. Forward lookup zones are similar to a phone book (you know the name, you need the number), whereas a reverse lookup is the opposite (you know the phone number, but not the individual’s name who pays the bills for that phone number. You can imagine how laborious looking up the numbers this second way would be when the phone book is arranged alphabetically by name and not number. )
      5. The in-addr.arpa Domain
        1. The in-addr.arpa domain indexes host names based on Network IDs and makes reverse lookups more efficient.
        2. To create a reverse lookup zone, use the Windows 2000 Management Console using the following steps:
          1. Right-click on the computer name in the console, then select New Zone.
          2. The New Zone Wizard walks you through the process of either new forward or new reverse lookup zones (see Illustration ill02-14.tif).
          3. The Wizard will ask what type of zone you want. Select Reverse Lookup Zone.
          4. The Wizard will then ask for the Network ID and will automatically create a zone database file based on your answers. See the illustration within Exercise 2-1 on page 71.
        3. The reverse lookup zone database file you create is located in a subfolder off the system32 folder.
        4. The name of the reverse lookup zone database file is the network ID in reverse with the .dns extension. Example: the reverse lookup zone for 192.168.1.0: The name of the reverse lookup zone would be 1.168.192.in-addr.arpa.dns.
        5. Queries are examined and executed from right to left, just as they are with forward lookup zones.
        6. It is a good habit to create a reverse lookup zone even if one is not required, as this will prevent "server not found" errors when performing an nslookup query.
    8. Installing the Windows 2000 DNS Server
      1. You can install the DNS Server at the time you install the operating system.
      2. If you install Active Directory, you will be required to install the DNS Server at that time if there is no other Windows 2000 domain controller online for that domain.
      3. Do not install Windows 2000 DNS Server on a live, production network unless your network administrator confirms that it will not create problems with the existing network infrastructure.
      4. To install the Windows 2000 DNS Server, perform Exercise 2-1 on page 71 of the main text.
    9. Class Exercise: Creating a Forward Lookup Zone
      1. After the DNS Server is installed, several changes are made to your system, including:
        1. Adding the DNS Management Console to the Administrative Tools menu
        2. Adding the %systemroot%\system32\dns directory to your boot partition
        3. Adding numerous counters to your System Monitor
      2. After you install the DNS Server, there are no zones yet. To create the zones, perform the steps given in your main text in Exercise 2-2 on page 73.

      Beyond the Basics

      When creating a forward lookup zone, be cognizant of what view you are in. Click the VIEW menu and notice the Advanced and Filter… views. The Advanced view will add the Cached Lookups folder to your view. The Filter… setting enables you to filter your view by name. Be careful not to assume that you’re seeing everything as a filter may have been added. You may also limit the number of items you want to see for each item under Filter’s Display Limit tab.

    10. Class Exercise: Creating a Reverse Lookup Zone
      1. To create a Reverse Lookup Zone, perform the steps in Exercise 2-3 on page 78 of your main text.
    11. Resource Records
      1. Resource records contains data about the resources contained in the domain.
      2. The resource record used most often is called the A, or Host Address record. This record contains the host name to IP address mapping that most DNS clients will ask for when attempting to resolve a host name to an IP address.
      3. Other information a zone database can contain is described in Table 2-2 on page 82 in the main text. Each resource Record type contains the information necessary to resolve queries for resolution.
      4. A single computer can have multiple records of different types. Example: Your web server’s host name on the Internet is probably called "www," but internally, you might want to call that server BigOne and then create a CNAME record for "www." Both records for BigOne and www would map to the same IP address.
      5. To populate your reverse lookup zones, use the Pointer (PTR) record. This contains the IP address to host name mappings required to answer reverse lookup requests.
      6. You can export the resource record information stored in your zone databases to a comma-delimited file for review within Excel or Access.
    12. Class Exercise: Adding Host Records to a Forward Lookup Zone
      1. To add host records to a forward lookup zone, perform the steps in Exercise 2-4 on page 84 of your main text.
        2.
      2. It is important to click the Refresh button frequently so as not to assume a setting did not "take."
    13. Class Exercise: Adding a Pointer Record to a Reverse Lookup Zone
      1. To add a pointer record to a reverse lookup zone, perform the steps in Exercise 2-5 on page 86 of your main text.
    14. Zone Delegation
      1. Zone delegation is like "passing the buck" in order for another DNS server to answer DNS queries for a particular zone.
      2. Zones can be delegated to Secondary DNS Servers or Primaries.
    15. Creating Delegations
      1. Create a delegation on a DNS server that is authoritative for the zone where the queries will be answered.
      2. You can create delegations for any server in a domain that is authoritative.
    16. Glue Records
      1. In Windows NT 4.0, the only information you needed to create an NS record was the FQDN of the machine to be included in the referral. This necessitated a Host (A) Address record to allow for the forward lookup.
      2. This Host (A) record is referred to as a glue record because it "glues" the name server’s host name to an IP address.
      3. When you split your domains into subdomains, you must include delegation information on all parent domains, including NS records for authoritative servers and their glue records.
      4. A lame delegation is when the NS record points to a server that does not contain a zone database file to the zone it’s pointing to.
      5. The Delegation Wizard walks you through the process of creating delegations for your domains and subdomains.
    17. Creating a Delegation Using the Delegation Wizard
      1. To create a delegation using the Delegation wizard, perform the steps in Exercise 2-6 on page 89 of your main text.

 

Insider Information

When you type an IP address in any "dotted" entry box of a window in Windows, you may avoid frustration if you make a habit of typing the "dots" when required. If the IP address you want to enter has three digits in each of its octets, then the interface advances you to the next octet without any problem. (For instance 192.123.124.125 can be typed as 192123124125 and the interface knows where to put the numbers.) However, if your IP address is 192.123.1.2, then typing 19212312 will yield 192.123.12 and the computer will beep saying the IP address is not complete. By typing the dot where needed, the computer will know you’re finished typing in that octet and will advance to the next.

    1. Zone Transfer
      1. For fault tolerance, DNS was designed to use two DNS servers for answering queries.
        1. A standard primary zone is the only read/write copy of the zone database file.
        2. A standard secondary zone is a read-only copy of the zone database file.
      2. The primary and secondary zones are contained on Primary and Secondary DNS servers for those zones.
      3. To copy the Primary zone file to the Secondary DNS server, use a zone transfer.
    2. Methods of Zone Transfer
      1. Zone transfers are "pull" technology because the Secondary DNS server initiates the zone transfer process.
      2. The Secondary DNS server will initiate a zone transfer:
      1. The Secondary DNS server initiates the actual zone transfer. The Secondary DNS server sends a "pull" request and the Primary DNS server sends the Start of Authority (SOA) record.
      2. The SOA record is always the first record created on a DNS server authoritative for any particular zone.
      3. The SOA record contains information about the refresh interval, which is the time the Secondary DNS server waits before asking for another update to its zone database file.
      4. When a new zone is created, it has a serial number of 1, then each time a change is made to the zone database on the Primary DNS server, the serial number is incremented by 1. The Secondary DNS server’s zone serial numbers are updated as well, so the Secondary number always matches the Primary’s number.
      1. If the Primary DNS server’s serial number is larger than the Secondary’s, the Secondary sends one of two types of queries that begin the zone transfer process:
        1. AXFR (Entire Zone Transfer): Secondary DNS servers that only support the AXFR query type will receive a copy of the entire zone database.
        2. IXFR: Windows 2000 Secondary servers are able to request information about the serial number of the zone database they currently own. These servers issue IXFR queries, which allow for incremental zone transfers. Incremental zone transfers will send to the Secondary DNS server only those records that have changed since the last zone transfer. Doing this makes the update process more efficient and allows the DNS synchronization to complete with less overhead.
      1. Windows 2000 DNS Servers versus downlevel DNS servers
        1. Windows 2000 DNS servers can respond to both IXFR and AXFR requests.
        2. A Windows 2000 DNS Server that is acting as a Secondary can send both AXFR and IXFR queries to allow the Windows 2000 DNS Server to be flexible in networks that have a mix of Windows 2000 and downlevel DNS servers.
        3. The entire zone database is sent despite receiving an IXFR request:
      1. Masters, Secondaries, and Slaves
        1. The server that is transferring the zone file to another server is called the Master server.
        2. The server receiving the zone files can be called either a Slave server or a Secondary server, although the term secondary is preferable because the term Slave DNS server has another meaning that refers to an inability to perform recursion for DNS clients.
        3. The Primary DNS server can also act as a Secondary for another zone (see Figure 2-9 on page 97).
        4. There are three reasons to have a Secondary DNS server:
      1. The Retry Interval
        1. When the Primary DNS Server is not available when the Secondary sends its pull request, the SOA record includes information about a Retry Interval. This Retry Interval defines the period of time the Secondary should wait until sending another pull request message.
        2. Be sure to set the Retry Interval shorter than the Refresh Interval, or the Refresh Interval will just take over before the Retry has a chance to do its job.
      2. Compatibility of DNS Server Versions
        1. Incremental Zone Transfers: Beware of bandwidth consumption on those downlevel DNS servers which do not support incremental zone transfers.
        2. Fast Transfers: The method of zone transfer that allows multiple records to be included in a single message. This is available only in Windows 2000 DNS Servers.
        3. WINS and WINS-R Records: These resource records allow a DNS server to perform forward and reverse lookups by referring to a WINS server, but not all servers support the Microsoft-only technology of WINS and WINS-R. Check the "Do Not Replicate This Record" box to prevent these records from being transferred.
        4. Third-Party Transfers to Windows 2000 DNS Servers: Third-party products may support resource record types that are not supported by Windows 2000 DNS Servers, and Windows 2000 will drop the record and continue with the zone transfer process.
        5. Refer to Table 2-3 on page 99 for a summary of the compatibility issues you may run into when administering a mixed DNS server environment.
1