I hope that you know the basics of the DNS service according to part 1 of this series as well as links of resources as mentioned.
Today, this 2nd episode will help you have a look at advanced features of this Windows DNS server.
[00:03] Now, we are going to…
[00:10] Configure DNS server properties including Dynamic Updates mode, period time to aging/scavenging record, specify name servers, zone transfers rules, specify administrative permissions, etc.
Firstly, with Aging properties.
This feature is provided as a mechanism to perform cleanups and removals of stale resource records (RRs), which can accumulate in zone storages over time.
Another simple but powerful feature is Dynamic Update: Resource Records -RRs are automatically added (of course, clients must negotiate with DNS servers) to zones when computers start on the network. However, in some cases, they are not automatically removed when computers leave the network.
[00:47] For example, if a computer registers its own host (A) RR at startup and then later, it is improperly disconnected from the network, so its host (A) RR might not be deleted.
If your network has mobile users and computers, this situation can occur frequently.
Microsoft has a detailed topic about aging and scavenging at:
Check this box and leave the default to set:
No-refresh interval: "the minimum time records can live is 7 days."
After this stage,
Refresh interval: "DNS server will start to refresh status of records which was bound to hosts."
At this stage, if a host is detected as an inactive one at the time the refreshing process happens (during the 7 days period); its records will be scavenged.
[01:36] We can set Aging/Scavenging globally instead of going to each DNS zone then do the same.
[01:46] Check this box to apply these settings to existing Active Directory-integrated zones.
[02:02] Global Aging/Scavenging settings were applied.
[02:15] Now we are working with Reverse Lookup Zone; this type of zone serves for the process "IP Address to Domain Name" instead of "Domain Name to IP Address" resolution of Forward Lookup Zone.
[02:20] You only need a reverse zone if you need to resolve names from IP Addresses. On private networks, if DHCP or clients are registering dynamically with DNS, it can be helpful to find what device picked up what DHCP address.
If you're talking about public address space, the most common need for RDNS is for mail servers. Many mail servers will only accept mail from servers whose RDNS records match their DNS A record.
So, if you need to find the name of a host by pinging or performing an NSLookup by IP address then you'll need the Reverse DNS zones. If you don't have a need for that functionality, they are not required.
[02:26] Specify the Zone type and a Replication Scope, you can review previous sections in this video to learn more.
[02:34] The type of zone combines records by network ID in IP Address portions instead of domains/zones.
Respectively reverse lookup records will be created in Reverse Zone which matches network ID when we choose to Create reverse lookup record (alongside with the Host record creation in FLZ).
In this case, the network ID is: 10.0.0
You can use AND bitwise between IP Address and Subnet mask in the binary to calculate Network ID: https://itknowledgeexchange.techtarget.com/cisco/determining-the-network-id-using-the-logical-and-operation/
[03:34] Run cmd as Administrator and using this command to register a RR of the current machine, then reverse lookup record will be created.
[04:34] A reverse lookup record called a Pointer – PTR.
[05:03] Pointer of Luci.SnoOpy.org is created simultaneously as marked.
The Firewall of Luci machine causes ping failed, but it isn't important because we are considering the DNS resolution process.
Luci.SnoOpy.org is now resolved properly as 10.0.0.2 and with -a switch (resolution to FQDN) in the ping command returns Luci.SnoOpy.org.
Now we will explore DNS forward models (fault-tolerance/distribution management) by creating a stub zone for the primary zone SnoOpy.org at another server: SnoOpy-Server-2
A stub zone is a copy of a zone which contains only as-is resource records just to identify the original Domain Name System (DNS) servers for that zone.
A stub zone is used to redirect name resolutions between separate DNS namespaces/servers.
This type of resolution may be necessary when a corporate merger requires that the DNS servers of two separate DNS namespaces can redirect name resolutions to appropriate servers for clients in both corporate.
That means a DNS server of domain A in network X can help its client's lookup DNS records which belong to domain B of network Y by tells/redirects requests to DNS server IP address that have been configured in that stub zone.
Now create a stub zone for SnoOpy.org of the network X in DNS Server SnoOpy-Server-2 of the network Y.
Then clients of Y who was configured to query this DC as a DNS server can query records in SnoOpy.org domain since this DC can provide them info about SOA, NS, glue A resource records about that domain.
[06:41] A stub zone is the simplest form in fault-tolerance/distribution management of DNS.
You can find more about the Primary zone and Secondary zone in another video.
Of course, you must approve this copy by entering the master IP address of this zone SnoOpy.org (network X), and whitelist this server at that machine too.
[07:13] IP address about the DNS server who owns the master zone of this domain.
[07:26] Allow zone transfer to let SnoOpy-Server-2 copy necessary records to provide to clients for querying about this domain/zone.
[07:46] Info of that zone will be transferred automatically after time periods.
You can force it to happens now.
[08:12] Now, let's act this machine as a client (network Y) do query about SnoOpy.org (network X) domain via SnoOpy-Server-2 DNS server by configuring the DNS server setting as 10.0.0.2
Since this SnoOpy-Server-2 DNS server (network Y) has necessary records about SnoOpy.org domain (network X), clients (network Y) can find at least "which DNS server contains records about SnoOpy.org domain to do further query."
In this case, that server is SnoOpy-Server.SnoOpy.com, which was provided by SnoOpy-Server-2 because it has the Stub zone of SnoOpy.org, simply?
[09:20] You may wonder about the Secondary zone type or what is Conditional Forwarders, when you need to use each type, etc. don't worry!
Bellow links can help you understand and have an overview of them:
Wait for my next awesome videos :3