Before DNS, Microsoft had WINS. It also provides name resolution service.
Windows DNS must read
Windows DNS interview questions
Domain Name System.
DNS is the backbone of the Internet. DNS provides name resolution and resolves IP to names and names to IPs. It is also an important component in Windows Active Directory.
DNS Root zone
The DNS root zone is served by thirteen root server clusters which are authoritative for queries to the top-level domains of the Internet. Thus, every name resolution either starts with a query to a root server, or, uses information that was once obtained from a root server.
The root server clusters have the official names a.root-servers.net to m.root-servers.net.
DNS Root zone server clusters
a.root-servers.net 220.127.116.11 Verisign
b.root-servers.net 18.104.22.168 USC-ISI
c.root-servers.net 22.214.171.124 Cogent Communications
d.root-servers.net 126.96.36.199 University of Maryland
e.root-servers.net 188.8.131.52 NASA
f.root-servers.net 184.108.40.206 Internet Systems Consortium
g.root-servers.net 220.127.116.11 Defense Info Systems Agency
h.root-servers.net 18.104.22.168 US Army Research Lab
i.root-servers.net 22.214.171.124 Netnod
j.root-servers.net 126.96.36.199 Verisign
k.root-servers.net 188.8.131.52 RIPE NCC
l.root-servers.net 184.108.40.206 ICANN
m.root-servers.net 220.127.116.11 WIDE Project
You can also find these DNS root hints in your DNS. Right click the server -> Properties -> Root Hints
Each of these operators provides the service for free, and provide uninterrupted up time – after all, if any of these name servers went offline, entire portions of the internet would temporarily stop working.
Why root server clusters are limited to 13 ?
UDP protocol is used for DNS querying because UDP offers better performance compared to TCP. And due to performance issues, a UDP packet used for DNS is limited to 512 bytes, if your payload goes above 512 bytes, then TCP will be used.
TCP involves very high overhead, because it includes multiple steps and procedures to establish a TCP connection, that can slow the entire process.
Single UDP packet should contain all this 13 IP addresses along with other UDP protocol information (416 bytes of 13 ip addresses and remaining protocol information of UDP). We can have 30 or 40 DNS root server IP addresses, but you will not be able to send all of them in one UDP packet (you will have to send them in multiple packets, that will reduce the performance). Hence for performance and low network overhead the root servers are limited to 13 IP addresses.
How many Root servers are there ?
There are 504 Root servers as of Jan 2016. https://en.wikipedia.org/wiki/Root_name_server
Root servers in the world
There are multiple servers for one server for example a.root-servers.net is handled by many servers at different places. Now there is a technology called as Anycasting that plays a major role in achieving this distributed architecture of DNS root servers.
Anycasting makes multiple servers in different locations to share a single IP address.
Whenever a request is send to an anycast IP address, then networking routers will route that request to the nearest server possible. This means if i want to reach f.root-servers.net from India the nearest possible location is Chennai (which is shown in the map), rather than reaching some other location in the world. This is the reason why DNS root servers rely heavily on IP anycasting technology.
Some advantages of anycasting are:
- High speed and low latency
- Anycasting is Resilient. Because even if the f.root-serves.net in Chennai goes down, the network will take me to the next nearest location in the map.
- Strong protection against biggest DDOS attacks.
Name servers maintain information about Domain trees. They contain authoritative information about one or more domains. They respond to queries about those Domains.
Also forward queries about other domains.
Resolvers are client programs that generate queris. They also send those queries to appropriate DNS Server.
DNS Server caching
Cache servers store requested IP addresses and host names. Cache entry has a Time-to-Live (TTL) value.
TTL is specified by the admins of the authoritative DNS server.
Whenever a client sends out a resolution request, DNS server takes full responsibility for that request.
If the DNS server has the information, it replies immediately.
If the DNS server does have the information it will forward the query to other DNS servers (root DNS servers) to resolve
How DNS works ?
Documentation taken from here:
When an mDNS client needs to resolve a host name, it sends an IP multicast query message that asks the host having that name to identify itself. That target machine then multicasts a message that includes its IP address. All machines in that subnet can then use that information to update their mDNS caches.
DNS Round Robin
- A record: Address record. Returns 32bit IP address. Commonly used to map hostnames to IP address.
- AAAA record: IP v6 address record. Returns 128 bit IPv6 address.
- CNAME record: Canonical / Alias name.
- PTR record: Pointer record. Contains IP address to name mappings.
- TXT record: Contains human readable information. Like comments in a programming code.
- SOA record.
SOA Record: Start of Authority
- The SOA record has core information about your zone.
- It defines which server is your primary nameserver, your contact information (E-mail), how your secondary nameservers get updated, and the default (minimum) Time-To-Live values for your records.
- To check SOA details, Expand Forward lookup zones -> Right click the domain -> Select properties -> Click Start of Authority (SOA)
Use of PTR record:
- Reverse DNS is needed by mail servers in order to detect SPAM.
- IP address will bring name of the machine in NSlookup, Telnet commands etc.
Types of DNS queries
- Recursive queries
- Non-Recursive or Iterative queries
- Inverse Queries
A recursive query is a kind of query, in which the DNS server, who received your query will do all the job of fetching the answer, and giving it back to you. During this process, the DNS server might also query other DNS server’s in the internet on your behalf, for the answer.
Non-Recursive / Iterative query
In an iterative query, the name server, will not go and fetch the complete answer for your query, but will give back a referral to other DNS server’s, which might have the answer.
Inverse DNS Queries (Reverse DNS Queries) are used when the user wants to resolve the IP Address to a Fully Qualified Domain Name. In other words, the user has the IP address and he wants to find out the Fully Qualified Domain Name corresponding to that IP Address. For Inverse name resolution (Reverse name resolution), Pointer (PTR) records are used. Pointer (PTR) records added to the in-addr.arpa domain. PTR (Pointer) Resource Records must be added in local DNS Server for Inverse Name Resolution to work properly.
Risks associated with Recursive DNS queries
Recursive DNS query risks
A DNS server that supports recursive resolution is vulnerable to DOS (denial of service) attacks, DNS cache poisoning, unauthorized use of resources, and root name server performance degradation.
- DOS attacks
- Servers supporting recursive DNS queries are vulnerable to phony requests that flood a particular IP address with the results of each server’s query. This can overwhelm the IP address with a volume of traffic too large to be processed.
- DNS cache poisoning
- Cache poisoning results from someone tricking a DNS server into believing that a fake DNS query response is authentic. Because responses are normally cached, this false information can be distributed to users of that server.
- Unauthorized use of resources
- With recursive DNS queries enabled, a server is more easily hijacked and its performance compromised.
- Root name server performance degradation
- When DNS servers are not configured correctly, queries using RFC1918 addressing (also known as “private” addressing) may be leaked to the root name servers, causing a degradation in service for legitimate queries to those servers.
Steps to disable Recursive queries in Windows DNS:
- From the Start menu, click Control Panel, Administrative Tools, then DNS.
- In the console tree, right-click the appropriate DNS server, and then click Properties.
- Click the Advanced tab.
- Under Server options, check Disable recursion, and then click OK.
- In the console tree, right-click the appropriate DNS server, and then click Clear Cache.
Active directory – Integrated DNS:
AD Integrated DNS means AD server has DNS role.
DNS Zone transfer is taken care by AD replication. So no separate DNS replication is needed. This is needed if DNS is not an AD server.
Stub zone is used to resolve names between different DNS namespaces. A stub zone is a copy of a zone that contains only resource records that are necessary to identify the authoritative DNS servers for that zone.
In easy English: A Stub Zone is just a pointer. It tells one DNS server where to find another DNS server that has the information it is looking for. Delegated zones and conditional forwarders also used to point one DNS server to other DNS server but only Stub Zone dynamically update themselves.
- Introduced in Windows 2003 server.
- There are two types of Stub zone: Standard and AD-Integrated Stub zone.
- Stub zone is a forward lookup zone. We create Stub zone in Forward lookup zone only.
- Stub zone is read only.
- Stub zone is good if you have more than one forest.
- Stub zone dynamically update themselves. What dynamic means ? If you add new name server on the other DNS, it will be automatically reflected in the Stub zone.
- Zone transfer occurs every 15 minutes by default. You can also manually do it by right clicking the Stub zone -> Select -> Transfer from Master
What Stub zone is not:
- Stub zone is not a replacement to Secondary zone
- Stub zone does not provide redundancy
- Stub zone does not have load sharing
Stub zone consists of:
- Start of Authority (SOA) record
- Name server (NS) record
- A record
Delegating DNS Zones
DNS provides option to divide namespace into one or more zones.
- To distribute traffic among multiple servers.
- Fault tolerance.
Dynamic DNS is a system that addresses the problem of rapid updates.
End users of Internet access receive an allocation of IP addresses, often only a single address, by their Internet service provider. The assigned addresses may either be fixed (or static), or may change from time to time, a situation called dynamic. Dynamic addresses are generally given only to residential customers and small businesses, as most enterprises specifically require static addresses.
|Windows Internet Name service||Domain Naming system|
|Microsoft’s only (Platform dependent) for DHCP system Name resolution||Platform independent for Static IP systems|
|Resolves NetBIOS to IP and NOT vice-versa||Name to IP and vice-versa|
Today, DNS has replaced WINS, since Microsoft made changes to NetBIOS, allowing it to use the TCP/IP stack to perform its job (NetBIOS over TCP/IP) and most DNS servers are able to handle NetBIOS requests. This is why WINS servers are becoming lesser day by day.
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server.
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.
DNS supports a type of zone called a stub zone. A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative DNS servers for that zone. A stub zone keeps a DNS server that hosts a parent zone updated with the authoritative DNS servers for its child zone. This helps maintain DNS name resolution efficiency.
Forwarders and Conditional Forwarders
Usually a forwarder is used when you want your clients to have access to internet. Forwarder contains nothing but DNS entries.
- A forwarder forwards all external (internet) dns queries to another dns server
- A Forwarder can contain a DNS entry of ISP’s (Internet Service Provider) on your internal DNS server so that the clients can access internet – as shown in the below picture 1.
- If your Business Unit has it own DNS then its Forwarder can contain DNS of your corporate DNS. The corporate DNS will inturn contain the ISP’s (Internet Service Provider) DNS – As shown in the below picture 2.
Here it can be two ways:
(from ITFreeTraining.com youtube channel)
(from ITFreeTraining.com youtube channel)
Steps to configure Conditional forwarder in Windows 2008 (from ITFreeTraining.com youtube channel)
A conditional forwarder is needed suppose if our company acquire another company or Business Unit merged with another Business unit within the same company and want to have the host names able to resolve.
A conditional forwarder checks the query first and depending on the requested domain he sends it to another server or resolves it himself
Forwarder is basically used to access internet (resolve public websites) while conditional forwarder is for resolving Intranet that are not accessible through the ISP’s DNS. Inside a company there they will have Business units with their dedicated DNS for their AD environment. This environment will have lot of hosts that cannot be resolved through ISP’s DNS. Since they would not have those entries. So Conditional forwarder is the only way to resolve these hosts.
using a forwarder, you can manage name resolution for names that are outside your network, such as names on the Internet or names in other forests or domains.
Automatically remove stale records
Aging and scavenging together provide a mechanism for removing stale resource records. These resource records can accumulate in Domain Name System (DNS) zone data over time when computers permanently leave the network. For example, if a computer registers its host (A) resource record at startup and is later disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently.
Removes (flushes) the DNS cache from the machine.
What is the use of this command ?
Removes the DNS cache data from the system. The use is, old or stale DNS cache entries will be removed and if the system needs to resolve any name, it will try to fetch the data from a DNS server.
Manually initiate dynamic registration for the DNS names and IP addresses configured at a computer. This option can assist in troubleshooting a failed DNS name registration or in resolving a dynamic update problem between a client and the DNS server without restarting the client.
In other words, you use this command if the client system name is not being resolved.
Shows the content of the DNS cache of the system.
ipconfig /displaydns > “c:\dns-cache-details.txt”
This command is used to export the DNS cache to a text file.
Difference between Authoritative and Recursive DNS Nameservers?
DNS Root Hints
When the DNS Server service is running on a domain controller, root hints are read from Active Directory first. If the DNS Server service is not running on a domain controller or no root hints exist in Active Directory, root hints are implemented using a file, CACHE.DNS, stored in the systemroot\System32\Dns folder on the server computer. This file normally contains the name server (NS) and address (A, AAAA) resource records for the Internet root servers.
Approximately 4 megabytes (MB) of RAM is used when the DNS server is started without any zones.
If a zone containing 1000 resource records is added to a server, it requires approximately 100 kilobytes (KB) of server memory.
Microsoft DNS full guide:
Some of the texts copied from and for more details:
Also from quora.com
Also from itfreetraining.com (youtube) videos