The DNS server is designed to translate the domain names of the site (sites) into IP addresses and vice versa. This is their main task.
Domain Name System or Domain Name System (DNS) created as a recognition system, with the help of which a domain name is searched for a resource on the Internet. Rather, the IP address of the resource is searched for by the domain, and the necessary Internet resource is searched for and opened by it.
Forked DNS system supported hierarchical structure DNS servers. The search link can be demonstrated by the following chain of queries:
In the browser line, the entry: http://www.domain.com → Checking the domain in the DNS system → The DNS system looks for the IP address of the domain.ru site by domain ↔ IP: XX.XXX.XXX.XX → The site content is opened. The scheme is simplified, but it fully reveals the purpose of DNS servers.
Since domain name recognition is used for any Internet resource that has its own domain, then any domain must be tied to DNS servers, or otherwise, for any domain, you need to configure DNS servers. Let us examine in detail all the existing methods for configuring DNS servers.
Each domain name registrar has a domain binding service to the registrar's DNS servers. This service is free. If you use it, then the registrar must provide you with the names of their DNS servers, which you must register on any hosting where you host your domain. The names of DNS servers are registered in the domain records, in the line "Record type - NS servers". At a minimum, there should be two DNS servers.
When renting shared hosting, your ISP must also provide you with the addresses of their DNS servers. You can view them in the administrative panel of the hosting or ask the support provider. If you settled on such a DNS server setting, then when hosting a domain, specify an item like “Use hosting DNS servers”, and write the DNS server addresses themselves at the name registrar in the “DNS delegation” or “DNS zone management” type tab.
If you rent not a hosting, but a virtual dedicated server (VDS / VPS), then you can create your own DNS servers. To do this, buy a second dedicated IP address for the server. Each IP address has its own DNS server.
If you have two dedicated IP addresses and a domain on the VDS/VPS server, you can create two Domain Name Servers (DNS). I will show how to do this using the example of the ISP manager server control panel.
Open the "Domain names" tab;
Select the domain you have selected for creation of DNS servers. Double click on the domain or click the "Posts" button;
In the “Records” tab that opens, you need to sequentially create four new domain records:
1.Create the first subdomain for the first NS server, specifying the first IP address;
2.Create a second subdomain for the second NS server, specifying the second IP address;
class="eliadunit">
3.Create a record with the first address of the NS server;
4.Create a record with the second address of the NS server.
All. You have created your own NS (DNS) servers that can be linked to any domain of your dedicated VDS/VPS server.
Another. For the domain that you used when creating your DNS servers, you register the created DNS servers at the name registrar, at the same time indicating the IP addresses of your server. Look at the photo.
If you have your own dedicated IP address, which is possible on the VDS / VPS server or when you buy an IP address on hosting, then you can bind the domain directly to the IP address of the resource. For this, the name registrar has a special form. In this form, you need to create three entries. : , [@] and [*], type A, with each entry indicating its dedicated IP address. I pay attention, IP should be selected. A shared hosting IP address is not suitable for linking a domain to it.
I complete the ways to configure DNS servers by linking the domain to third-party DNS servers. There are DNS servers on the Internet, which are called independent. On them, for free or for a fee, you can link your domain to their DNS addresses. Why is this being done? Presumably, to speed up connections, to increase the reliability of the DNS, to increase the security of the resource. Everyone finds their own benefits in this way of configuring DNS servers. The most popular of the independent DNS servers Yandex.
These are all the ways to configure DNS servers that I wanted to talk about. Yes, I forgot. Ingoda, when the site is transferred, a situation develops, the site is transferred, and the DNS servers are left from the old hosting. The site will work, but it's not correct. To look up the DNS server of your resource, there are a lot of on-line services. For example, cy-pr.com/tools/dns. The work is elementary. Enter your domain in the form, and the service shows all your DNS servers and domain records.
Greetings, brain engineers! Why not combine our Internet devices in the house using a DNS server made by do it yourself from WiFi module and Foscam webcam interface? I think it will be interesting, so let's go!
selected for this homemade Foscam webcam is controlled directly from your smartphone, has its own web interface, works in any browser and on any device, even with your phone's 3G connection, third party applications does not require and is protected by a password.
Video streams from cameras are broadcast in separate windows, quickly and flawlessly, and under full control.
I want to warn you right away - I AM NOT RESPONSIBLE for misuse or damage caused by this project, in any way! You act at your own peril and risk!
What's for it brain project necessary:
In order for the module to be able to be programmed, it needs to be slightly modified:
It is better to solder from the top side of the module board so that the contacts on the bottom side are left for mounting the pin connectors. If desired, the circuit can be assembled using a breadboard, but brain soldering still more durable, although see for yourself.
In the next step, the power supply will be finalized, but I immediately warn you: the USB output of your computer is not suitable for powering the ESP module !!!
The 5V power supply should produce a “reliable” 1A, and preferably 2A, since the module is rather “gluttonous” during the transmission of a Wi-Fi signal.
IN homemade we use the Ams1117 3.3V voltage regulator, because the voltage divider assembled from the resistors will most likely “give out” too little current, and even if we get 3.3V to power the module, we will still be disappointed. And this regulator is inexpensive and the best solution.
Those capacitor and resistor that according to the instructions should be added to the regulator, I did not use, because it works from a stable power source, and I will say that this brain variant has been working reliably for several years.
pin 3 - 5V (orange wire)
pin 2 - 3.3V (yellow wire)
pin 1 - GND (two blue wires)
You can solder several wires with pin connectors to the contacts, thereby obtaining two voltage sources at the same time for 5V and 3.3V, which is very useful when assembling on a breadboard. In this case, do not forget to add two ground wires, for +3 and +5V, and for reliability, fasten all the wiring with a plastic clamp-tie.
To connect these wires to the ESP module (having "male" connectors), you will need intermediate wires with male "female" connectors at the ends.
Connections (module - adapter - regulator)
GND — — — — GND- — — — GND
TX — — — — — RX
RX — — — — — TX
3,3 — — — — — — — — — — — — — 3,3
We connect the ground contacts (Ground) of the voltage regulator, the module and the adapter together, we connect the 3.3V coming from the regulator to the input of the ESP module.
In no case do we connect the ESP module to the 3.3V pin of the adapter, even if they are on it, as this can damage the USB port of the computer, because it does not have current protection of the same rating that is used in this brainwash! And to power the ESP module, always use a power supply with the required parameters.
You should be aware that some TTL-USB adapters have a 5V logic circuit, which is not suitable for our craft, only 3.3V logic is needed, otherwise the ESP module will be damaged. The type of logic can be determined using a voltmeter by connecting its probes to the TX and Ground contacts, and if necessary, lower the voltage by adding a level shift or voltage divider.
Create a folder "/ip" (the name is case sensitive) in the root directory of your public_html folder, and extract the /ip files into it with a resolution of 644.
The .htaccess constraint prevents users from listing the files in this folder because it cannot be password protected, otherwise the ESP8266 module would not be able to access it and execute the files inside it.
input.php and input2.php generate according to browser urls ip.txt and ip2.txt with updated IP of ESP8266 module, current code supports 2 different locations and to add something else you only need to edit these files.
To control a FOSCAM camera, you need to create a folder “/cam” (again, case sensitive) in the root directory of the public_html folder, and unpack /cam files into it with a resolution of 644. Protect this folder brain password, if cpanel is available on your server, you can find the “password protection” icon and set a password that will be requested when you tell the browser to go to www.yourhost/cam, then a dialog box will pop up in any browser asking for this password, all this will protect access to cameras.
foscam.php contains the camera interface, as well as the date/time stamp of the ip files and the current ip location. You can see if the module is working by the date/time label. In this case, the time zone may not be displayed correctly, since it shows the time on the server.
The IP can be changed manually, it will be written in ip.txt and ip2.txt, and for this you need to enter ip in the field and click update ip.
interface.png and interface2.png are transparent images that tell the interface how the screen will be displayed. You need to edit foscam.php and set the value, static or ptz, to match your FOSCAM camera. By default, the resolution is 320x240, but clicking on the control center only opens this camera with the best refresh rate at 640x480.
To edit foscam.php, you can use a code editor or an HTML editor that can work in WYSWYG mode.
During work brain board ip.txt and ip2.txt files will be automatically written containing updated ips of two locations where two different boards can work. Every hour (or when you set it), the board will connect to the router via wi-fi, get an ip-address and write it in a txt file on the server. And even if the Internet connection is lost or the power is turned off, after these problems are fixed, the ip will be updated periodically.
On the TP-LINK router configuration page:
We look at the settings in the photo, they will help to avoid conflict when linking the MAC address and LAN-ip, the router will provide only fixed LAN-ip for this MAC address.
virtual servers ( virtual servers) - you need to add the local ip of your camera and the corresponding ports.
We set the DHCP server to be enabled, and also check if UpnP is enabled.
You can also customize remote control your router, there is a corresponding firewall sub-item for the TP-Link router.
Do not change the default login as the router must be public. Further in the respective brainfields should be set to 255.255.255.255 and the port is usually 8080.
On the FOSCAM camera settings page:
Username and password - you should set a new username and password, and don't forget to "find and replace" them in foscam.php instead of admin and password.
Set "Basic Network settings" to "Obtain IP from DHCP Server".
In the Http Port item, set: 8081, 8082 8083 consecutively to your cameras.
In UPnP Settings set: Using UPnP to Map Port. This will help restore the connection after a power outage.
Having configured the router and cameras in order for the settings to be updated, they should all be rebooted, with the router in the first place.
If the cameras and router are configured correctly, then they can be remotely accessed from your Wan IP address, for example: http://187.34.157.22:8081 . You can check your Wan IP at https://www.whatismyip.com/
For programming homemade you need to open the attached sketch in the Arduino IDE, and in the appropriate lines set the ssid "//your wifi ssid" and the password "//your wifi pwd" of your WiFi router, as well as the name of your host "//your host without /IP" and the path to the "/ip" folder containing the server files, it does not need to be changed.
You may need to change the line
url += "input.php?ip=";
which occurs twice in the sketch, and if you have a second module, then just change it to input2.php.
Before you start downloading the code, you must correctly set the type of board, for this submenu of tools, select "Generic ESP8266", and if this is not the case, then add additional boards in the preferences.
To download, you need to hold down the GPIO0 button, quickly press the RST button, and then release the previous one (the GPIO0 button). Next, in the IDE, start compiling and brainloading.
If all goes well, when you open the serial port monitor at 9600 baud (bps), you will see the following:
Connected To:
IP address: 192.168.0.103 (LAN IP)
Connected - Acquiring WAN IP:
connecting to
Requesting IP Update: /ip/input.php?ip=xxx.xxx.xxx.xxx
Ok
After verification homemade for performance, it is necessary to place its electronics in the case, thereby making an independent complete device.
If in the case you have chosen for brain crafts eat enough free space, then resistors and buttons can be connected as shown in the photo, but if you plan to reprogram it later, then you should not place the board inside the case.
First option: Placement inside the case
To do this, you need to open the case of the old power supply, unsolder the black (outgoing) wire with the connector, and then place the module board and voltage regulator in the case, having previously insulated them, and “power” them from those contacts to which the output wire was soldered. The components can be insulated with suitable porous tape or hot glue.
The result should be a power supply, without any wires, and in this option the power supply can be 5V 1A.
variation this method layout can be the placement of boards inside the power supply, which has a USB-connector "mother" at the output. Then the boards should also be fixed inside the case, insulated, and powered from the contacts of the USB connector. Thus, through this modified power supply, you can still charge your phone, but the truth is that the power supply must produce 5V 2A.
Option 2: Placement outside
If you have a non-working flash drive, in the case of which boards can fit homemade, then you can use it.
You need to disassemble the flash drive, remove the memory board, and put the WiFi module and voltage regulator in its place, and power them through the USB connector of this flash drive. In this case, you will also need to trim the pin contacts of the module so that it fits into the flash drive case. And NEVER PLUG this modified flash drive into your computer's USB port!
Then the flash drive with the module inside needs to be connected to the power supply and check for a WiFi signal using your smartphone. In general, check the performance of the finished brain crafts you can use your browser by going to /cam/foscam.php on your server. And yet, it should be updated with the current ip and date / time stamp.
That's all, I hope this information brainarticles will be useful to you!
Today we will talk about creating a local domain zone inside local network. Why do I need a local domain zone and a DNS server? To share (make available) your local sites for all network users.
I will create a network where all devices on my local network can use site.lan format resources. In my case, LAN devices connect to the Internet through a router. Server machine - on Linux Mint(desktop), clients: PC under Windows control, Linux, Smart TV, as well as smartphones and tablets. First, make sure that the router for the server (the machine on which the DNS server will be installed) has a static internal IP address reserved. It is very important to point out to everyone later network devices where exactly is our DNS server.
Installing a DNS Nameserver:
First you need to install the Bind package:
sudo apt-get install bind
In addition, for the normal operation of websites, we need LAMP (Linux Apache MySQL PHP). Read about how to install LAMP in Ubuntu in my article. You can also set up a local site using the link at the bottom of the article. The only thing is that do not write the site address in /etc/hosts, because the nameserver will deal with these issues. At this stage of preparation is over.
Setting Bind
We enter the Bind directory and do backups config files:
cd /etc/bind/ cp named.conf.local named.conf.local.back cp named.conf.options named.conf.options.back
Create a local domain zone.lan:
Nano named.conf.local
And add the following lines to the end of the file:
Zone "lan" ( type master; file "/etc/bind/db.lan"; );
Now we create the corresponding file for the .lan domain zone and open it for editing:
Touch db.lan nano db.lan
Fill it with content:
@ IN SOA lan. root.lan. (201605019 ;Serial 4h 1h 1w 1d @ IN NS ns1.lan. @ IN A 192.168.0.100 ns1 IN A 192.168.0.100 slicks IN A 192.168.0.100 site IN A 192.168.0.100 * IN CNAME @
Pay attention to Serial 201605019. This value must be increased each time you edit the domain zone file. I write YY-MM-DD + increase the sequence number by 1. 192.168.0.100 is the IP address of the server. The "slicks IN A" format entry means that there is a Domain name slicks and that this site is located at the IP address 192.168.0.100. In apache2 created, respectively, a website with ServerName slicks.lan. If the site were located on a different IP than the DNS server, then the entry would look like slicks IN A _IP-PC-with-site_ Editing named.conf.options:
Nano named.conf.options
You need to add the highlighted lines to it:
Acl "home" (192.168.0.0/24; 127.0.0.1;); options ( directory "/var/cache/bind"; dnssec-validation auto; allow-recursion (127.0.0.1/32; 192.168.0.0/24; 192.168.1.0/24; ); allow-transfer ( none; ); auth -nxdomain no; # conform to RFC1035 listen-on-v6 ( none; ); allow-query ("home";); );
The first line creates a local DNS group home, with an IP address range of 192.168.0.0 to 192.168.0.255, and also 127.0.0.1. The second line we add contains the allow-query parameter and we specify that we want to allow requests from the home group. Finished with the configuration, we can restart the server
sudo /etc/init.d/bind9 restart
Specify the local DNS in the router
No need to edit network connection on each client and manually register the DNS server, we can specify the IP local DNS in the router settings. And all requests from network users will be sent last, first to the local DNS, and then go to the Internet. I have:
To specify the local DNS server in my case, I go to Setup -> Network Settings -> Manual Internet Connection Setup and in the Primary DNS Address field I enter the IP address of the local domain zone server 192.168.0.100, which will now act as the main DNS server on the local network . And as a Secondary DNS address, we write 8.8.8.8. These are the addresses Google DNS. On the screen, I have Primary and Secondary DNS addresses leading to my server. For some reason, at first it seemed that the router did not redirect requests to my DNS and registered it that way. It is better to specify the Google server as the second DNS, so that if local server 192.168.0.100 will be turned off - the Internet did not disappear from all other devices!
Health check
I start a client PC running Windows XP and test the connection. The first step is to clear the DNS cache. We go to the Windows command line and write:
ipconfig /flushdns
1. Now I check the visibility on the network DNS servers, ping 192.168.0.100:
C:\\Documents and Settings\\www>ping 192.168.0.100 Packet exchange from 192.168.0.100 for 32 bytes: Reply from 192.168.0.100: number of bytes=32 time<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Статистика Ping для 192.168.0.100: Пакетов: отправлено = 4, получено = 4, потеряно = 0 (0% потерь), Приблизительное время приема-передачи в мс: Минимальное = 0мсек, Максимальное = 0 мсек, Среднее = 0 мсек
Checking local site: nslookup slicks.lan:
C:\\Documents and Settings\\www>nslookup slicks.lan *** Can"t find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Server: UnKnown Address: 192.168.0.1 Name: slicks.lan Address: 192.168.0.100
ping slicks.lan:
C:\\Documents and Settings\\www>ping slicks.lan Packet exchange with slicks.lan 32 bytes each: Reply from 192.168.0.100: number of bytes=32 time<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Ответ от 192.168.0.100: число байт=32 время<1мс TTL=64 Статистика Ping для 192.168.0.100: Пакетов: отправлено = 4, получено = 4, потеряно = 0 (0% потерь), Приблизительное время приема-передачи в мс: Минимальное = 0мсек, Максимальное = 0 мсек, Среднее = 0 мсек
We enjoy the results!
The modern Internet is nothing more than a lot of different computers, laptops and mobile devices connected to each other in one network. In fact, all these devices are servers. After all, each of them has an IP address that is unique. It is thanks to IP that devices are identified in the global network.
At the same time, two types of servers are required for the Internet to work: the main and auxiliary. The first one serves to host user sites. Depending on how much information is sent and received, a different number of sites can be stored on the server - from one (facebook.com, mail.ru, odnoklassniki.ru) to many thousands. The second type is represented by auxiliary servers that help the main network work, providing general interaction. One of the varieties of such auxiliary devices are DNS servers.
A DNS server is essentially a computer, but not really. It serves to host a distributed database that is part of the Domain Name System (DNS), which is used to receive and transmit and transmit information to users about domains of interest. DNS servers are connected to a network and interact with each other using a specific protocol.
A simpler description can also be given. With the help of the DNS server, the correspondence of the site name familiar to us to its IP address is determined. This information is stored in a constantly updated database.
Let's take a look at the entire sequence. The browser in which the user opens the site initially contacts the DNS server and notifies it that it wants to find and get to the site whose address is entered in the text field of the address bar. Go ahead. The DNS server determines from its base where the site with that name is located on the network by comparing it to the IP address of the server with the resource located on it and sends a request there. As a result, a response is formed, consisting of a set of different files that make up the site itself (HTML documents, images and tables, CSS styles) and sent to the user's browser.
Consider a situation where a user on his computer running Windows 7 quietly "travels" on the Internet. This means that the DNS server is running. You can verify this by going through the "Administration" tab of the control panel in the "Services" menu and looking at the status of the DNS client. The service must be enabled with the automatic startup type selected.
In order to find out the address of the DNS server, you should use the ipconfig / all command, entering it at the command line of the cmd.exe utility, launched as an administrator.
The DNS server is connected when configuring the network protocol.
Start sequence:
It should be noted that this automatic configuration is possible only if the DHCP Client service is enabled, which ensures that the DHCP server starts and operates on the network. Its settings can be viewed and changed by selecting the appropriate item in the open system services window of the Administrative Tools tab of the control panel.
Automatic configuration uses the provider's DNS servers. This is not always advisable, as difficulties may arise. For example, the provider's servers are far from always able to cope with the emerging load and do not perform filtering. In this case, it is preferable to connect through large well-known companies.
Yandex DNS servers:
Google DNS servers:
OpenDNS DNS servers:
Depending on the selected company, a pair of addresses is entered in the properties window of the Internet protocol in the fields of the preferred and alternative DNS server with the radio button for their use checked.
If you have problems accessing the Internet, then do not rush to get upset. It is possible that this happened due to a malfunction of the DNS server.
Main problems:
It may happen that your provider has turned on the blocking of some DNS servers, or the addresses specified in the network protocol settings have become unavailable. The solution to the problem is very simple. First, try changing the addresses of the DNS servers, and if nothing comes of it, then turn on their automatic receipt. If the problem is not solved, then you should look for another reason or contact the service center.
DHCP server refers to an auxiliary type of servers containing a network protocol that provides dynamic host configuration at the stage of automatic configuration of any network device connected to the Internet. In this case, the network administrator sets only the range of addresses. In this case, there is no manual adjustment and, accordingly, the number of errors that occur is reduced. This is because the server automatically distributes addresses between computers according to the specified range. Most TCP/IP networks use the DHCP protocol.
A zone is a database that contains authoritative information about a region of the DNS namespace. When you install a DNS server along with a domain controller, a DNS zone is automatically created to support the Active Directory domain. If the DNS server was installed on a domain controller, a domain member server, or a standalone server, the zones must be created and configured manually.
This lesson explains how to create and configure a zone, and provides the information required to correctly configure a zone.
Creating zones
Zone DNS is a database containing records thatassociate names with addresses in the described region of the DNS namespace. AlthoughThe DNS server can use cached information to answer name queries.information from other servers, he is authorized to respond to requests only inlocally managed zone. For any scope of the DNS namespace,represented by a domain name (for example, google .ru ), there is only oneauthoritative data source for the zone.
If you need to create a new zone on the DNS server, you can use the New Zone Wizard in DNS Manager. To launch the wizard, right-click the server icon in the DNS Manager console tree and use the New Zone command.
The New Zone Wizard contains the following configuration pages:
■ Zone Type;
■ Zone replication scope, integrated V Active Directory (Active Directory Zone Replication Scope);
■ Forward or reverse lookup zone (Forward or Reverse Lookup Zone);
■ Zone name (Zone name);
■ Dynamic update (Dynamic Update).
The following sections describe the configuration concepts associated with these five wizard pages.
Zone type selection
On the Zone Type page of the New Zone Wizard, you can choose to create a primary, secondary, or stub zone. By creating a primary zone or a stub zone on a domain controller, you can store zone data in Active Directory.
* Main zones
The most common type of DNS zone is the Primary zone. It provides the initial source read/write data that grants the local DNS server the authority to respond to DNS queries on the domain of the DNS namespace.
The local DNS server that manages the primary zone is the primary source of information about that zone. The server stores a master copy of the zone data in a local file or in Active Directory Domain Services (AD DS). If a zone is stored in a file and not in Active Directory, that file is named by default zone_name.dns and is stored in the %systemroot%\System 32\Dns folder on the server.
* Additional zones
Provides a read-only authoritative copy of the primary zone or another secondary zone.
Secondary zones provide an opportunity to reduce the amount of DNS query traffic in areas of the network where there is heavy request and use of zone data. Also, if the server that manages the primary zone becomes unavailable, the secondary zone can provide name resolution until the primary server becomes available again.
The source zones from which additional zones receive information are called master zones, and the data copying procedures that ensure that zone information is updated regularly are called zone transfers. The master zone can be the main zone or another secondary zone. A master zone can be assigned to an additional zone to be created in the New Zone Wizard . Because the secondary zone is a copy of the primary zone managed by another server, it cannot be stored in Active Directory.
* Stub zones
Similar to the secondary zone, but contain the resource records needed to identify the authoritative DNS servers of the primary zone. Stub zones are often used so that the parent zone (for example, google .ru ) can use an up-to-date list of name servers available in the delegated child zone (for example: translate .google .ru ). They also serve to improve name resolution and simplify DNS administration.
* Storage zones inActiveDirectory
When creating a primary or stub zone on a domain controller, on the Zone Type page of the wizard, you can select the option to store the zone in Active Directory. Data from Active Directory-integrated zones is automatically replicated to Active Directory according to the settings you select on the Active Directory Zone Replication Scope page. This option eliminates the need to configure zone transfers to additional servers.
Integrating a DNS zone into Active Directory provides several benefits. First, because Active Directory performs zone replication, there is no need to set up a separate DNS zone transfer mechanism between the primary and secondary servers. Multiple network replication automatically provides fault tolerance and improved performance by having multiple read/write master servers available. Second, Active Directory allows you to update and replicate individual properties of resource records on DNS servers. Because many complete resource records are not transferred, the load on network resources during zone transfers is reduced. Finally, Active Directory-integrated zones also provide the option to implement dynamic update security requirements, which are configured on the Dynamic Update page of the New Zone Wizard.
NOTE: Readable Domain Controllers and Active Directory Integrated Zones
On traditional domain controllers, the zone copy is granted read/write access. On Read-O nly Domain Controllers (RODCs), the zone copy is assigned only read access.
* Standard zones
When you create a zone on a domain controller, the option to store the zone in Active Directory on the Zone Type page is selected by default. However, you can uncheck this box and create a so-called standard zone. On a server that is not a domain controller, only standard zones can be created, and the check box on this page is disabled.
Unlike an Active Directory-integrated zone, a standard zone stores its data in a text file on a local DNS server. Also, if you use standard zones, you can only configure the master copy with read/write access to zone data. All other copies of the zone (secondary zones) are assigned read-only access.
The standard zone model assumes a single point of failure for the writable version of the zone. If the primary zone is not available on the network, no changes can be made to the zone. However, queries for names in a zone may not be interrupted while additional zones are available.
Selection of the replication scope of the zone integrated inActiveDirectory
On the Active Directory Zone Replication Scope page of the New Zone Wizard, you can select domain controllers on your network to store zone data. This page only appears if you select the Save zone and Active Directory option. The zone replication scope selection options determine the domain controllers among which zone data will be replicated.
This page contains the following options:
■ Keeping the zone on all domain controllers that are also DNS servers in the entire Active Directory forest;
■ Keeping the zone on all domain controllers that also serve as DNS servers and the local Active Directory domain;
■ Save the zone on all domain controllers and the local Active Directory domain (used for compatibility with Windows 2000);
■ Retain the zone on all specified domain controllers and scope the custom Active Directory directory partition.
These options are described in more detail in the second topic.
Creating Forward and Reverse Lookup Zones
On the Forward or Reverse Lookup Zone page of the New Zone Wizard, you must select the type of zone to be created; Forward Lookup Zone or Reverse Lookup Zone.
In forward lookup zones, DNS servers map FQDNs to IP addresses. In reverse lookup zones, DNS servers map IP addresses to FQDNs. Thus, forward lookup zones respond to requests to resolve FQDNs to IP addresses, and reverse lookup zones respond to requests to resolve IP addresses to FQDNs. Note that forward lookup zones are named according to the D NS domain names for which resolution is performed, such as google .com. Reverse lookup zones are also named in reverse order of the first three octets of the address space for which name resolution is provided, plus an additional in-addr.arpa tag. For example, if you resolve names for subnet 192.168.1.0/24, the reverse lookup zone would be named 1.168.192.in-addr.arpa. In a forward lookup zone, a single database entry that maps a hostname to an address is called a node(A). In a reverse lookup zone, a single database entry that maps an IP address to a hostname is called pointer or PTR record.
The principle of operation of my forward and reverse lookups is shown in the figure.
Forward Lookup Zone
Reverse Lookup Zone
NOTE: DNS Server Setup Wizard
You can use the Configure A DNS Server Wizard to create forward and reverse lookup zones at the same time. To start the wizard, right-click the server icon in the DNS Manager console tree and use the Configure A DNS Server command.
Choosing a zone name
On the Zone Name page of the New Zone Wizard, you can select the name of the forward lookup zone to create. Reverse lookup zones are given specific names according to the range of IP addresses for which they are authoritative.
If you are creating a zone to resolve names in an Active Directory domain, it is best to specify a zone name that matches the name of the Active Directory domain. For example, if an organization has two Active Directory domains named google .ru and translate .google .ru , the naming infrastructure must include two zones with names that match those domain names.
If you create a zone for a DNS namespace outside of an ActiveDirectory environment, you must specify the organization's Internet domain name, such as wikipedia .org .
NOTE: AddendumDNS servers per domain controller
To add a DNS server to an existing domain controller, a copy of the primary zone is usually added to provide name resolution in the local Active Directory domain. To do this, simply create a zone whose name matches the name of an existing zone in the local Active Directory domain. The new zone will be populated with data from other DNS servers in the domain.
Configuring Dynamic Update Options
DNS client computers can register and dynamically update their resource records with a DNS server. By default, DNS clients with static IP addresses update host (A or AAAA) and pointer (PTR) records, while DNS clients that are DHCP clients only update host records. In a workgroup environment, the DHCP server updates the pointer entries on behalf of the DHCP client each time the IP configuration is updated.
For dynamic DNS updates to succeed, the zone in which clients register or update records must be configured to accept dynamic updates. There are two types of such an update:
■ Safeupdate (secureupdates)
Allows you to register only from computers in the Active Directory domain and update only from the computer that originally performed the registration.
■ Unsafeupdates (Nonsecureupdates)
Allows you to update from any computer.
On the Dynamic Update page of the New Zone Wizard, you can enable secure, insecure dynamic updates for the zone you are creating, or disable updates altogether.
Parsing Embedded Resource Records
When you create a new zone, two types of records are automatically created. First, such a zone always includes an initial SOA (Start Of Authority) zone record that defines the basic properties of the zone. In addition, new zones contain at least one NS name server entry (Name Server ) that specifies the name of the authoritative server(s) for the zone. The functions of these two resource records are described below.
Initial Zone Records
When a zone is loaded, the DNS server uses the zone's Start Of Authority (SOA) record to determine the basic properties and authorities of the zone. These parameters also characterize the frequency of zone transfers between the primary and secondary servers. Double-clicking a SOA entry opens the Start Of Authority (SOA) tab of the zone's properties dialog box.
■ Serialnumber (Serial Number)
This text box on the Start Zone Record (SOA) tab contains the revision number of the zone file. The number specified here is incremented each time the resource records in the zone are changed. It can also be manually increased using the Increment button.
If zones are configured to perform zone transfers to one or more secondary servers, these secondary servers periodically request the zone serial number from the primary server. Such requests are called SOA requests. If a primary zone serial number equal to the secondary zone serial number is received in the SOA request, the transfer fails. If the serial number of the zone on the primary server is greater than the corresponding value on the requesting secondary server, the secondary server initiates a zone transfer.
NOTE: Zone transfer on the primary server
Clicking the Increment button initiates a zone transfer.
■ Basicserver (Primaryserver)
■ Responsibleperson (Responsible Person)
In this field, enter the Responsible Person (RP) name corresponding to the zone administrator's domain mailbox. The name entered in this field must always end with a dot. The default name is hostmaster.
■ Intervalupdates (Refresh Interval)
The value in this field determines how long the secondary DNS server waits before requesting a zone update on the primary server. After the refresh interval has elapsed, the secondary DNS server queries the primary server for a copy of the current SOA record. After receiving the response, the secondary DNS server compares the serial number of the current SOA record of the master server (specified in the response) with the serial number of its local SOA record. If these values differ, the secondary DNS server requests a zone transfer from the primary DNS server. The default refresh interval is 15 minutes.
■ IntervalRetry Interval
■ Termexpiresafter (Expires After)
The value in this field determines the amount of time that the secondary server continues to query DNS clients without contacting the primary server. After this time, the data is considered unreliable. The default for this setting is one day.
■ Minimumtermlifetime TTL (Minimum (Default)TTL)
TTL values do not apply to resource records in authoritative zones. And these zones use the resource write cache lifetime on non-authoritative servers for TTL values. The DNS server that cached the resource record from the previous request flushes that record, but the TTL of the record expires.
■ Term life(TTL)records(TTL For This Record)
The value specified in this iole determines the lifetime of the current SOA record. This value replaces the default value specified in the previous field.
Name server entries
The name server (NS) entry specifies the authoritative server for the zone. When you create a zone in Windows Server 2008, each server that manages the master copy of an AD-integrated zone will have its own NS record in the new zone by default. When you create a standard primary zone, the local server's NS record will be added by default.
For servers that manage secondary zones, you must manually add NS records to the master copy of the zone.
NS records are created using a different procedure than when creating other types of resource records. To add NS records, double-click any existing NS record in DNS Manager. The Name Servers tab of the zone properties dialog box opens. On the Name Servers tab, click the Add button to add the FQDN and IP address of the server that manages the local primary zone's secondary zone. After adding the new server, click OK - a new NS record will appear in the DNS Manager pointing to this server.
NOTE: Enabling transmission to additional zones
The secondary zone does not recognize this entry as a valid name server as long as it contains a valid copy of the zone data. In order for the secondary zone to receive this data, zone transfers must be enabled for that server on the Zone Transfers tab of the zone properties dialog box. This tab is described in more detail in the next topic.
The following is an example of an entry created in a standard zone file:
@NS dns1.lucernepublishing.com.
The @ symbol represents the zone defined by the SOA entry in the zone file. The full record then maps the wikipedia .org domain to the DNS server dns1.wikipedia .org .
Create resource records
In addition to SOA and NS records, some other resource records are automatically created. For example, during the installation of a new DNS server, when the server is designated as a domain controller, many Active Directory Domain Services (AD DS) SRV records are created automatically in the locally managed zone. In addition, many DNS clients automatically register host (A and AAAA) and pointer (PTR) records in the zone by default through dynamic update.
Although many resource records are created automatically, corporate environments typically require you to create some resource records manually, such as MX (Mail Exchanger ) for mail servers, aliases (CNAME ) for web and application servers, and host records for servers and clients which cannot perform their own updates.
To manually add a resource record for a zone, in the DNS Manager console, right-click the zone icon and select the type of record to create from the shortcut menu.
After selecting an entry from the context menu, a dialog box will open where you can specify the name of the entry and the computer associated with it. Note that only host records associate a computer name with an IP address. Most entry types associate a service name or alias with the original host entry. Thus, the MX record relies on the presence of the node SRV 12.nwtraders .msft in the record zone.
Record Types
The following are common manually created resource records:
■ node (AorALAA);
■ alias (CNAME);
■ mailexchanger (MX);
■ pointer (PTR);
■ locationservices (SRV).
Knot (A or AAAA)
For most networks, the bulk of the resource records in the zone database are node resource records. These records are used in the zone to associate computer names (hostnames) with IP addresses.
Even with dynamic updates enabled for zones, in some node write scenarios, you will need to add entries to the zone manually. In the figure below, Contoso, Inc. uses the domain name contoso .com in the public namespace and the internal Active Directory domain. In this case, the public web server www .contoso .com is located outside the Active Directory domain and performs updates only on the public authoritative DNS server contoso .com . But internal clients forward their DNS queries to internal DNS servers. Because the www .contoso .com A record is not dynamically updated on internal DNS servers, it is added manually so that internal clients can resolve names and connect to the public Web server.
Host entries can be added manually if the network uses a UNIX server. For example, Fabrikam, Inc. has one Active Directory domain on its private network named fabrikam ,com . This network also includes the UNIX server App1.fabrikam,com, which runs an important application for the day-to-day operations of the company. Because UNIX servers cannot perform dynamic updates, you must manually add the App1 server host entry to the DNS server that manages the fabrikam.com zone. Otherwise, users will not be able to connect to the application server by specifying its FQDN.
Alias (CNAME)
These entries are sometimes called canonical names. They allow you to use multiple names to refer to a single node. For example, well-known server names (ftp, www) are typically registered using CNAME records. These entries map the host names corresponding to their services to the actual entry of the A-Computer that controls the service.
■ When you want to rename the host specified in the A record of the same zone.
■ When a well-known server group name (eg www) needs to be resolved into a group of separate computers (each containing individual A records) providing the same service (eg a group of redundant web servers).
mail exchanger (MX)
These records are used by email applications to locate the mail server in the zone. They allow you to match the domain name specified in the e-mail address with the A record of the Computer that manages the mail server in the domain. Thus, this record type allows the DNS server to process email addresses that do not have a mail server specified.
Often, MX records are created to provide failover to another mail server in case the preferred server becomes unavailable.
A plurality of servers are assigned preference values. The lower this value, the higher the server preference order.
NOTE: Symbol @
In this example, the @ symbol represents the local domain name contained in the email address.
PointerPTR
This entry is only used in reverse lookup zones to support the reverse lookup that occurs when resolving IP addresses to hostnames or FQDNs. The reverse lookup is performed in the root zones of the in -addr .arpa domain. PTR records can be added to zones manually or automatically.
The following is an example of a textual representation in a zone file of a PTR record created in DNS Manager that maps the IP address 192.168.0.99 to the hostname server 1.google.ru :
99 PTRserver 1.google.ru.
NOTE: Record number 99PRT
In a reverse lookup zone, the last octet of the IPv 4 address is equivalent to the hostname. Therefore, the number 99 represents the name assigned to the node within the zone 0.168.192.in -addr .arpa . This zone corresponds to the 192.168.0.0 subnet.
Service locationSRV
Entries SRV is used to specify the location of services in a domain. Client applications that use SRV can use DNS to retrieve the SRV records of application servers.
An application that uses SRV is Windows Server 2008 Active Directory . The Netlogon Net Logon service uses SRV records to locate domain controllers by performing Lightweight Directory Access Protocol (LDAP) Active Directory domain lookups. DNS to improve fault tolerance or troubleshoot network services.
InclusionDNS for resolutionWINS
On the WINS tab of the zone properties window, you can specify the WINS server that the DNS Server service will contact to look up names not found by DNS queries. When you specify a WINS server on the WINS tab of the properties dialog box for a forward lookup zone, a special WINS entry is added to the zone that points to that WINS server. When you specify a WINS server on the WINS tab of a reverse lookup zone's properties dialog box, a special WINS -R entry is added to the zone to identify that WINS server.
For example, if a DNS client requests the name ClientZ .contoso .com and the preferred DNS server cannot find the answer from the usual sources (cache, local zone data, and polling other servers), the server requests the name CLIENTZ . on the WINS server specified in the WINS entry. If the WINS server responds to a query, the DNS server returns its response to the client.
Cleaning up and deleting obsolete entries
Timestamps are used in DNS to keep track of the age of dynamically registered resource records. Stale records cleanup is the process of removing stale timestamped records. Clearing can only be performed if timestamps are used. Timestamps and scrubbing work together to remove old records that may accumulate over time in a zone. By default, timestamps and cleanup are disabled.
Enabling cleaning
To enable scrubbing for a particular zone, you must enable this feature at the server level and the zone level.
To enable server-level scavenging, in the DNS Manager console tree, right-click the server icon and use the Set Aging / Scavenging For All Zones command. Then, in the Server Aging / Scavenging Properties dialog box that opens, select the Delete obsolete resource records check box ( Scavenge Stale Resource Records). Although this setting enables server-level time stamping and cleanup for all new zones, it does not enable time stamping and cleanup of existing Active Directory-integrated zones.
To enable them, click OK, and then in the Server Aging/ Scavenging Confirmation dialog box that appears, select the check box to apply these settings to existing Active Directory-integrated zones.
To enable zone-level time stamping and purging, open the Zone Properties, and then on the General tab, click the Aging button. In the Zone Aging/Scavenging Properties dialog box that opens, select the Scavenge Stale Resource Records check box.
Timestamps The DNS server performs cleanup using the timestamps that are set on the resource records in the zone. Active Directory-integrated zones set default timestamps for dynamically registered records even before scavenging is enabled. However, core standard zones do not timestamp dynamically registered records in a zone until after scavenging is enabled. Manually created resource records for all zone types are assigned a timestamp of 0; this means that their age will not be determined. is the time between the last stamp update and its possible next update. Blocking prevents the server from processing unnecessary updates and reduces traffic. By default, the blocking interval is set to 7 days.
■ Modificationintervalupdates
The update interval is the interval between the earliest time a timestamp is updated and the earliest time a record cleanup starts. Records can be removed from the zone after the blocking and refresh intervals have elapsed. The default interval is 7 days. Therefore, when timestamps are enabled, dynamically registered resource records can be deleted after 14 days.
Performing cleaning
Cleaning is performed in the zone automatically or manually. To perform cleanup automatically, you must enable automatic deletion of obsolete resource records on the Advanced tab of the DNS server properties dialog box.
If this option is not enabled, you can manually scavenge the zones by right-clicking the server icon in the DNS Manager console tree and using the Scavenge Stale Resource Records command.
Global Names Zone
Windows Server 2008 includes a new feature that allows all DNS clients in an Active Directory forest to use names from the same label, such as Mail, to connect to server resources. This component is useful when the default DNS suffix lookup list for DNS clients does not allow users to quickly connect (or connect at all) to a resource using that single-label name.
The DNS server in Windows Server 2008 allows you to create the GlobalNames zone. By default, the GlobalNames zone does not exist, however, by deploying a zone with this name, you can access selected resources using single-label names without using WINS. Typically, single-label names are assigned to important and widely used servers that already have static IP addresses assigned. GlobalNames on the remote server, replace the dot with the name of the remote server.
■ CreationGlobalNames zones
The next step in deploying the GlobalNames zone is to create a zone for the DNS server serving as a Windows Server 2008 domain controller. The GlobalNames zone is not a special type of zone, but just an AD-integrated forward lookup zone named GlobalNames. When creating a zone, choose to replicate zone data for all DNS servers in the forest. This option is located on the Replication Scope page of an Active Directory-integrated zone (to enable single-label name resolution, create a resource alias (CNAME) record in the GlobalNames zone. The name assigned to each CNAME record represents a single-label name that users can use to connect to the resource Note that each CNAME record points to a host record in yet another zone.
