DNS is one of the most important services of the Internet as well as our domain networks.
Even after you had typed a domain name (like www.google.com) and hit the Enter button in your Firefox, DNS service would be used immediately.
In the scope of this video, I'll help you configure DNS service in your domain network.
[00:03] We are going to…
DNS – Domain Name System is a service that helps resolve from IP Address: 22.214.171.124 (in the number format which is hard to remember) to Domain Name (in the Alphabet letter format which is friendly for a human to use): snoopy.com.
Without it in our domain network, we have to remember IP addresses of servers: DC, network file sharing host, FTP, etc.
Fortunately, DNS service will be installed by default when we build the domain network with AD DS infrastructure.
Make sure you know why you have to use DNS service in your internal network, and term meanings basically: zone, record, stub, CNAME, pointer, etc. are not a problem.
In this demo, I will use the DC of the SnoOpy.com domain to act as a DNS server, then query itself firstly.
[00:28] You can launch the DNS Manager from Tools in Server Manager or directly from the Start menu.
The core part of this service is a database which contains zones (to separate domains, sub-domains) and resource records (use to map between object names and addresses).
More terms will be explored throughout this video, don't worry!
Now let configure them!
[00:46] This is SnoOpy.com zone which was created during the domain network building, lives in the Foward Lookup Zones which use for "Domain Name-to-IP Address" resolutions.
The A record (IPv4 record)/AAA record (IPv6 record)/Host is used to map a Domain Name to an IPv4/v6 Address.
When you need to access to the Alex's DC machine of IT department from network to do something, it is hard to determinate whether an IP Address belongs to Alex DC in Accounting, Alex DC in Security or Alex DC in IT department.
Let's assume that you have 1000 machines in your network and one of them belong to a group 50 machines of the IT department which IPv4 Address is 10.0.0.1 that user Alex is working on, named: DC.
[01:30] [TEST THE RECORD]
However, with DNS' hierarchy and Domain Name mapping, you can easily bind Alex DC's IP Address of Accounting to DC.Accounting.SnoOpy.com or Alex DC of IT to DC.IT.SnoOpy.com
[02:25] [DNS ZONE EXPLAINED]
Now, we are working with zones.
A zone usually associates with a single domain as a storage database.
Furthermore, it can be dedicated to a sub-domain (of course, the original zone must do the delegation).
[02:31] First, let's work with zones.
This type of zone indicates that the server owns this domain or plays the master role in the replication/load-balancing DNS servicing model.
[02:28] It is intended that zones be available from more than one DNS server on the network to provide availability and fault tolerance when resolving name queries.
[02:36] More info about other zone types shows as below.
For simple, we use the Secondary zone when we need load balancing/fault tolerance, and Stub zone to forward DNS queries to other servers.
[02:48] Select the replication/availability scope about this zone, it can be the forest-level or the domain one.
[02:59] Zone name/Domain name
[03:01] Don`t confuse DNS Zones with DNS Domains!
Don`t associate a zone with a domain.
A DNS zone can contain multiple domains (it can also be known as sub-domains) or just one domain, the important thing to remember is that it is used for delegating control of portions of the namespace.
Different zones can also be on the same server.
To learn more about the DNS Zone term, go to:
You may wonder about that: I or you can create arbitrary zones/domain names included Google.com, Microsoft.com, etc.
Of course, because they are local domain names, and can't be using on the Internet.
You must buy unique domain names from ICANN-Resellers such as Godaddy, TENTEN then points to your public DNS server which contains zones, records about it to use the Internet domain name, that is another story.
[03:23] Specify the method of dynamic updates which clients can use when they register/update their resource records.
Explanations, notices follow each method.
[03:25] In the production environment, be careful when allowing nonsecure updating, this cause risks about the DNS spoofing attack:http:/bit.ly/DNS-Spoofing” target=”_new”>>http://bit.ly/DNS-Spoofing____
[03:40] Let's map DuongMinhThang.SnoOpy.org to 10.0.0.1 IP address!
[03:58] Test this record by using the ping command.
Ping used to test connectivity between host, it queries a specified DNS/NetBIOS/WINS server to translate hostname/FQDN into an IP address.
[04:04] Except this record lives in the AD domain integrated-zone that this machine is belonging to, you must specify Fully Qualified Domain Name – FQDN:
[04:27] [CNAME RECORD FEATURES]
Okay, now let's create an alias for this FQDN DuongMinhThang.SnoOpy.org
An alias is a Canonical Name – CNAME record that helps "call a host with a different name when the actual IP address relies on an A/AAAA record
[05:27] nslookup, a domain name resolution utility returned the same A record with the specific CNAME: DMT.SnoOpy.org.
This is the actual A record with that IP address.
In fact, CNAME used to:
Hide the structure of FQDN or simply shorten for easier typing, remembering.
For accessibility, round-robin, example: we have a 2 web server "WebServer-1.SnoOpy.com" (WS1) and "WebServer-2.SnoOpy.com" (WS2), one service at a time, for example.
When WS1 is servicing, we must tell users access to "WebServer-1.SnoOpy.com" and the next is "WebServer-2.SnoOpy.com" when WS2 is servicing.
We can set up a CNAME called WS.SnoOpy.com that points to WS1 or WS2 when one of them is servicing, and users only need to go to a domain name WS.SnoOpy.org only.