What is Domain Name System (DNS)?
Domain Name System is a service to resolve the Name to IP Address and
IP Address to Name, DNS also used to locate servers, computers and
services on your network and DNS is backbone of Active Directory that
can be installed on windows server as a standalone or Domain Controller
What is Static and Dynamic DNS Record?
Manually created DNS entry called static record and the record
created automatically by the system/DHCP itself called Dynamic DNS
Record, static records are not easy to manage as the IP adress changes
will not update automatically, we have to update manually
What is Dynamic DNS (DDNS)?
Dynamic DNS or DDNS is a method of updating a DNS record, DDNS is
preferred most of the organization since it’s easy to maintain and you
always get the latest updated IP address of the servers and computers
What are the record types in DNS?
DNS has many types of records, A record or host records are mostly known to everyone, will explain all the record types in DNS
A (Address) Maps a host name to an IP address, Compute1 pointing to
192.168.100.100, When a computer has multiple adapter cards and IP
addresses, it should have multiple address records.
CNAME (Canonical Name) Sets an alias for a host name. Record pointing
to different record like www.support.windowstricks.in can have an alias
as www.windowstricks.in, so both the records are pointing to same page
MX (Mail Exchange) Specifies a mail exchange server for the domain,
used for mail delivery which allows mail to be delivered to the correct
mail servers
NS (Name Server) Specifies a name server for the domain, which is
authoritative servers for the respective DNS Zone and allows DNS lookups
within all DNS zones
PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.
SOA (Start of Authority) Declares the host that is the most
authoritative for the zone and, as such, is the best source of DNS
information for the zone. Each zone file must have an SOA record (which
is created automatically when you add a zone)
What is Caching Only Server?
Caching-only servers are those DNS servers that only perform name
resolution queries, cache the answers, and return the results to the
client. Once the query is stored in cache, next time the query in
resolved locally from cached instead of going to the actual site.
What are a Forward and Reverse Lookup?
- Forward Lookup: Searching for A
record, all the name query is send to the DNS server against to IP
address, it is generally said a forward lookup.
- Reverse Lookup: Searching for PTR
records whicho provides a reverse lookup process, enabling clients to
use a known IP address during a name query and look up a computer name
based on its address
What is Primary DNS zone?
This is the read and writable copy of a zone file in the DNS
namespace. This is primary source for information about the zone and it
stores the master copy of zone data in a local file or in AD DS. Dy
default the primary zone file is named as zone_name.dns in
Windows\System32\DNS folder on the server
If its AD integrated zone then all the records are stored in Domain partition on the Domain Controllers
What id Secondary DNS zone?
This is the read only copy of a zone file in the DNS namespace. This
is secondary source for information about the zone and it get the
updated information from the master copy of primary zone. The network
access must be available to connect with primary server. As secondary
zone is merely a copy of a primary zone that is hosted on another
server, and secondary zone cannot be stored in AD
What is stub DNS Zone?
A stub zone is a read only copy of a zone that contains only those
resource records which are necessary to identify the authoritative DNS
servers for that particular zone, stub zone also used like DNS
Forwarding and its practically used to resolve names between separate
DNS namespaces. This type of zone is generally created when a corporate
merger or acquire and DNS servers for two separate DNS namespaces
resolve names for clients in both namespaces.
A stub zone contains:
The start of authority (SOA) resource record, name server (NS) resource
records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone
What is Aging and Scavenging?
Aging and Scavenging is a DNS server service which supports a
mechanism for performing clean-up and removal of stale resource records
which can accumulate in zone data over time. It helps to maintain the
dynamic DNS environment by regular deletion of stale resource records
from the DNS database. Some problems associated with stale records are:
unnecessary space utilization long zone transfers, wrong resolution of
the client query due to stale data, and accumulation of stale records on
the DNS server can degrade its performance. These stale records
problems can be resolved by the aging and scavenging features. Before
using aging and scavenging features of DNS some conditions needed are:
1) Aging and scavenging features must be enabled on the DNS server and on the zone. By default, they are not enabled.
2) Resource records must be added dynamically to the zone or manually modified to be used in operations of aging and scavenging.
Aging
Aging is the process of identifying stale DNS records. It uses two intervals:
1) Non-Refresh interval
2) Refresh interval
Non-Refresh interval
This is the time period in which the resource records cannot be
refreshed. It can be used to reduce the replication traffic in this time
period to avoid the replication of the same information again.
Refresh interval
This is the time period in which the resource records can be refreshed.
Resource record refresh: This is a DNS dynamic update without changing the hostname and IP address.
If the non-refresh interval and refresh interval are 7 days, then the
resource records can be considered as stale if not refreshed after 14
days. If the non-refresh interval and refresh interval are elapsed, then
the resource records can be refreshed as long as they are not removed
from the DNS zone. Aging uses a resource record time-stamp to identify
if the record is stale or not.
Resource records having timestamp zero: These records are static records that are not stale records.
Resource records having timestamp not equal to zero: These records
are dynamic records which represent the hour of the last refresh date.
Scavenging
Scavenging is the process of removal and clean-up of stale resource
records from the DNS zone. The stale resource records will be removed
only if the scavenging is enabled on the resource record, where the
resource record exists and at least one DNS hosting where the primary
copy of the resource records exists.
Scavenging can be set in three places:
1) Individual record
2) Zone
3) Server
If scavenging is set on zone it will work only for dynamic records.
It will work for manual entries only if it’s enabled for the zone. Once
scavenging is set on zone this will enable it on DNS servers. The DNS
server where the scavenging option enabled is responsible to scavenge
the record. The server will log a DNS event 2501 to indicate the number
of scavenging record and it will log a DNS event 2502 if no record where
scavenged.
Scavenging formula:
Record timestamp+no refresh interval for zone+refresh interval for zone
If the sum of these values are greater the server time (current date
and time on the DNS server) no action is taken and records are not
deleted from the zone. If the sum is less than server time the records
are deleted.
Aging and scavenging process for a sample record
Consider a DNS host “host-a.example.microsoft.com” register its host
resource record on the DNS server where aging and scavenging are
enabled. The DNS server set a time stamp for this record based on the
current server time at the time of registration. The DNS server does not
refresh the resource record for the duration of non-refresh interval.
It can refresh the record before non-refresh interval if any update,
such as the IP address of the host changes and it resets the time stamp
accordingly. The DNS server refreshes the record after the non-refresh
interval expires. During and after the refresh interval if any update
comes it accepts and refresh the record. The server examines the
subsequent scavenging and each record is compared to server time to
determine whether the record should be removed and this is done by using
scavenging formula.