Domain Name System And Server Role Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Domain Name System (DNS) is defined as a system that used in TCP/IP network for naming elements of a hierarchical organization of domains which consists of computers and network services. DNS services can resolve DNS name that used in an application to additional information that is related with it, for example IP address. In order to locate computers and services with names which more user-friendly, DNS translates domain names meaningful to humans into the numerical identifiers. For example, the domain name www.google.com translates to the addresses 209.85.175.147 (IPv4) and 2001:4860:a002::68 (IPv6).

The Domain Name System makes it possible to assign domain names to groups of Internet resources and users in a meaningful way. Internet domain names like www.google.com are easier to remember than IP addresses such as 209.85.175.147 (IPv4) and 2001:4860:a002::68 (IPv6). It is easier to learn and memorize given with a user-friendly name. In fact, computers communicate with each other by using numerical addresses over the network. Therefore, such a name system provides a solution to map the human understandable name for the computer or network service to its numerical address to ease the use of network resources. Therefore, users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates them.

The Domain Name System assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains. In another way round, it can assign other authoritative name servers for their sub-domains too.

Other than that, Domain Name System also stores other types of information. For example, Internet domains that given by the list of mail servers that accept email. Domain Name System is an essential component of the functionality of the Internet because it providing a worldwide, distributed keyword-based redirection service.

The Internet maintains two principal namespaces. The two namespaces is the domain name hierarchy and the Internet Protocol (IP) address system. The Domain Name System able to maintains the domain namespace. Besides that, it also provides translation services between these two namespaces. Internet name servers implement the Domain Name System. A communication protocols also implement it too. A DNS name server is a server that stores the DNS records for a domain name. For example address records, name server records, and mail exchanger records. DNS name server responds with answers to queries against its database.

DNS Server role

The DNS Server role in Windows Server 2008 contains several features that able to improve the performance of the DNS Server service. It combines support for standard DNS protocols with the benefits of integration with Active Directory Domain Services (AD DS). The benefits are Windows networking and security features. Besides that, it also includes advanced capabilities as secure dynamic update of DNS resource records.

The DNS Server role provides the following features:

Support for Active Directory Domain Services (AD DS)

DNS is required for support of AD DS to give network computers. The ability to locate domain controllers is given to DNS which is required by DNS to support AD DS replication. DNS zones can be stored in the domain or application directory partitions of AD DS. A partition is a data container in AD DS. The partition distinguishes data for different replication purposes. You able to configure which Active Directory partition to store the zone. Besides that, also able to configure the set of domain controllers among which that zone's data will be replicated.

Conditional forwarders 

Conditional forwarders are the external functionality of standard forwarders provides by DNS servers. A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. Conditional forwarding reduces the host name resolution time by sending DNS queries directly to the authoritative DNS servers of the host's domain. For example, you can configure a DNS server to forward all the queries it receives for names ending with corp.contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.

Stub zones

DNS supports a zone type called a stub zone. Stub zone work a lot like secondary zones which it database is a noneditable copy of primary zone. The stub zone's database just contains only the information necessary to indentify the authoritative DNS servers for a zone. A stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone and this helps maintain DNS name resolution efficiency.

Enhanced DNS security features

DNS provides enhanced security administration for the DNS Server service. Besides that, the DNS Client service and DNS data also included in the enhanced security administration too. 

Integration with other Microsoft networking services

The DNS Server service offers integration with other services and contains features beyond the features that are specified in the DNS RFCs. These features include integration with AD DS, Windows Internet Name Service (WINS), and Dynamic Host Configuration Protocol (DHCP) services.

RFC-compliant dynamic update protocol support 

By using dynamic update protocol (RFC 2136), DNS Server service enables clients to dynamically update resource records. Time needed to manage those records manually become lesser. Therefore DNS service can be improved. Computers running the DNS Client service can register their DNS names and IP addresses dynamically.

Support for incremental zone transfer between servers 

DNS servers that store DNS data in files use zone transfers to replicate information about a portion of the DNS namespace. The DNS Server service uses incremental zone transfer to replicate only the changed portions of a zone when it transfers zones that are not integrated with AD DS, which conserves network bandwidth.

DNS Architecture

DNS is a hierarchically distributed database. In other words their layers are arranged in a definite order, and its data is distributed across a wide range of machines, each of which can exert control over a portion of the database. DNS is a standard set of protocols defining the following:

A mechanism for querying and updating address information in the database

A mechanism for replicating the information in the database among servers

A schema of the database

DNS Domain Names

The Domain Name System is implemented as a hierarchical and distributed database. It is containing several types of data such as host names and domain names. Domain namespace is the names of a hierarchical tree structure that was formed in DNS database. Domain names consist of individual labels separated by dots. For example: mydomain.microsoft.com.

DNS Domain Name Hierarchy

DNS able to delegate control over portions of the DNS namespace to multiple organizations. For example, when you register a domain name (example.com), you control the DNS for the portion of the DNS namespace within "example.com". The registrar controlling the ".com" has delegated control over the "example.com" node in the DNS tree. No other node can be named "example" directly below the ".com" within the DNS database.

Within the portion of the domain namespace that you control (example.com), you could create a host records and other records. You could also further subdivide "example.com" and delegate control over those to other organization or departments. These divisions are called sub domains. For example, you can create sub domains named for the cities in which your company has branch offices and delegate the control over those sub domains to the branch offices. The sub domains might be named "penang.example.com", "kl.example.com" and so on.

Each domains or delegated sub domain is associated with DNS name servers. In other words, for every node in the DNS, one or more servers can give an authoritative answer to queries about that domain. At the root of the domain namespace are the root servers.

DNS servers work together to resolve hierarchical names. If server already has information about the name, it simply fulfills the query for the client. Otherwise it queries other DNS servers for the appropriate information. The system works well because it distributes the authority of separate parts of the DNS structure to specific servers. A DNS zone is a portion of the DNS namespace over which a specific DNS server has authority.

Within a given DNS zone, resource records (RRs) contain the hosts and other database information that make up the data for the zone. For example, and RR might contain the host entry for www.example.com, pointing it to the IP address 192.168.1.10

Understanding Sever, Client, Resolvers

DNS server - any computer providing domain name services is a DNS name server. No matter where in the DNS namespace the server resides, it's still a DNS name server.

DNS client - A DNS client is any machine that issues queries to a DNS server. The client host name may or may not be registered in a DNS database. Client issues DNS request through processes called resolvers.

Resolver - it is software processes, sometimes implemented in software libraries that handle the actual process of finding the answer to queries for DNS data. The resolver is also built into many large pieces of software so that external libraries don't have to be called in order to make and process DNS queries. Resolvers can be what you consider client computers or other DNS servers attempting to resolve and answer on behalf of a client.

DNS Database Zone

DNS zone is a portion of the DNS namespace over which a specific DNS server has authority. Within a given DNS zone, certain resource records define the hosts and other types of record that make up the database for the zone.

Three type of zone can be configure by a DNS server to host a zone:

A primary zone

A secondary zone

A stub zone

Primary zone

The primary zone is responsible for maintaining all the records for the DNS zone. It contains the primary copy of the DNS database. This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. All record update occur on the primary zone are made by the DNS server that is authoritative for the specific primary zone. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server. There are two types of primary zone:

Primary zone

Primary zone with Active Directory integration (Active Directory DNS)

Secondary zone

Secondary zones are noneditable copies of the DNS database that can use for load balancing, which is a way of managing network overloads on a single server. Besides that, it contains a database with all the same information as the primary zone and can use be used to resolve request. Secondary zone have the following advantage:

It provides fault tolerance, so if the primary zone server becomes unavailable, name resolution can still occur using the secondary zone server.

It can increase network performance by offloading some of the traffic that would otherwise go to the primary server.

Secondary servers are often placed within the parts of an organization that have high speed network access. This prevents DNS queries from having to run across slow wide area network connections. For example, if there are two remote offices within the "example.com" organization, you may want to place a secondary DNS server in each remote office. This way, when clients require name resolution, they will contact the nearest server for this IP address information, thus preventing unnecessary WAN traffic. However, if too many secondary zone servers can actually cause an increase in network traffic because of replication.

Stub Zones

Stub zone work a lot like secondary zones which it database is a noneditable copy of primary zone. The difference is that the stub zone's database just contains only the information necessary (three record type - name server(NS), start of authority(SOA), glue host(A) records) to indentify the authoritative DNS servers for a zone. Stub zone have the following advantage and features:

Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.

Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace.

Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones and secondary zones are having different of purpose, therefore stub zone should not use to replace secondary zone, and use for redundancy and load balancing.

Active Directory-Integrated DNS

In windows server 2000, active directory-integrated DNS was introduced to the world. This zone type was unique zone, and it was a separate choice during setup. In windows server 2003 and 2008, this zone becomes an add-on to a primary DNS zone.

By integrating your zones with AD DS, you can take advantage of DNS features, such as AD DS replication, secure dynamic updates, and record aging and scavenging.

Advantage of Active Directory-Integrated DNS

The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.

Directory-integrated replication is faster and more efficient than standard DNS replication. AD DS replication processing is performed on a per-property basis, only relevant changes are propagated. Less data is used and submitted in updates for directory-stored zones.

No additional network traffic

An Active Directory-integrated zone stored in Active Directory. Since all records are now stored in Active Directory, when a resolver needs TCP/IP address for User, any Active Directory DNS server can access User address and respond to the resolver.

When u choose an Active Directory-integrated zone, DNS zone data can be replicated automatically to other DNS servers during the normal Active Directory replication process

DNS security

An Active Directory-integrated zone can use secure dynamic updates

The dynamic DNS standard allows secure-only updates or dynamic updates, but not both. If choose secure updates, then only machines with account in Active Directory can register with DNS. Before DNS register any account in its database it checks Active Directory to make sure it is an authorized domain computer.

An Active Directory-integrated zone stores and replicates its database through Active Directory replication. Because of this, the data gets encrypted as it is send from one DNS server to another

Background zone loading

It allows a DNS Active Directory-integrated zone to load in the background. As a result, a DNS server can service the client requests while the zone is still loading into memory

Only primary zones can be stored in the directory. A DNS server cannot store secondary zones in the directory. It must store them in standard text files. The multimaster replication model of AD DS removes the need for secondary zones when all zones are stored in AD DS.

Zone Transfer and Replication

DNS is such an important part of the network that you should not use just a single DNS server. With a single DNS server, you also now have a single point failure, and in face many domain registrars encourage the use of more than two name servers for a domain. Secondary servers or multiple primary Active Directory-integrated servers play an integral role in providing DNS information for an entire domain.

As previously stated, secondary DNS servers receive their zone database through zone transfers. When you configure a secondary server for the first time, you must specify the primary server that is authoritative for the zone and that will send the zone transfer. The primary server must also permit the secondary server to request the zone transfer.

Zone transfer occur in one of two ways, full zone transfers(AXFR) and incremental zone transfer(IXFR).

When a new secondary server is configured for the first time, it receives a full zone transfer from the primary DNS server. The full zone transfer contains all the information in the DNS database. Some DNS implementations always receive full zone transfers.

After the secondary server receives its first full zone transfer, subsequent zone transfer are incremental. The primary name server compare its zone version number with that on the secondary server and send only the changes that have been made in the interim. This significantly reduces network traffic generated by zone transfers.

Zone transfer are typically initiated by the secondary server when the refresh interval time for the zone expires or when the secondary or stub server boots. Alternatively, you can configure notify list on the primary sever that notify the secondary or stub servers whenever any changes to the zone database occur.

Active Directory-integrated zones do away with traditional zone transfer altogether. Instead, they replicate across Active Directory with all other AD information. This replication is secure since it uses the Active Directory security.

Delegating Zone for DNS

DNS provides the ability to divide up the names space into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When deciding whether to divide your DNS namespace to make additional zone, consider the following reason to use additional zone

A need to delegate the management of part of your DNS namespace to another location or department within your organization

A need to divide one large zone into smaller zones for distributing traffic loads among multiple servers for improving DNS name resolution performance or for creating a more fault-tolerant DNS environment

A need to extend the namespace by adding numerous sub domains at once, such as to accommodate the opening of new branch or site

Each new delegated zone requires a primary DNS server just like a regular DNS zone. When delegating zone within your namespace, be aware that for each new zone you create, you need to place delegation record in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers being made authoritative for the new zone.

Example: Delegating a sub domain to a new zone

As shown in the diagram below, delegation from the parent zone (microsoft.com) is needed for when a new zone for a sub domain (example.microsoft.com) want to create.

In this example, an authoritative DNS server computer for the newly delegated example.microsoft.com sub domain is named that is based on a derivative sub domain that is included in the new zone (ns1.na.example.microsoft.com). To able to let outside the new delegated zone known of this servers, therefore two resource records needed in the microsoft.com zone to complete delegation to the new zone

BELOW NOT COUNT IN

Create a Zone Delegation

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone.

When you delegate a zone, remember that for each new zone that you create, you will need delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone.

Creating a zone delegation

Using the Windows interface

Using a command line

To create a zone delegation using the Windows interface

Open DNS Manager.

In the console tree, right-click the applicable subdomain, and then click New Delegation.

Follow the instructions in the New Delegation Wizard to finish creating the new delegated domain.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

All domains (or subdomains) that appear as part of the applicable zone delegation must be created in the current zone before delegation is performed as described here. As necessary, use DNS Manager to first add domains to the zone before you complete this procedure. 

To create a zone delegation using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /RecordAdd <ZoneName> <NodeName> [/Aging] [/OpenAcl] [<Ttl>] NS {<HostName>|<FQDN>}

Add a Forward Lookup Zone

Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses.

Adding a forward lookup zone

Using the Windows interface

Using a command line

To add a forward lookup zone using the Windows interface

Open DNS Manager.

In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.

Follow the instructions to create a new primary zone, secondary zone, or stub zone.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

To add a forward lookup zone using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneAdd <ZoneName> {/Primary|/DsPrimary|/Secondary|/Stub|/DsStub} [/file <FileName>] [/load] [/a <AdminEmail>] [/DP <FQDN>]

Add a Reverse Lookup Zone

Reverse lookup zones support the resolution of IP addresses to host names. Although they are optional in most networks, reverse lookup zones might be necessary for certain secure applications that require the validation of IP addresses.

Adding a reverse lookup zone

Using the Windows interface

Using a command line

To add a reverse lookup zone using the Windows interface

Open DNS Manager.

In the console tree, right-click a Domain Name System (DNS) server, and then click New Zone to open the New Zone Wizard.

Follow the instructions to create a new reverse lookup zone.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS. 

To add a reverse lookup zone using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneAdd <ZoneName> {/Primary|/DsPrimary} [/file <FileName>] [/load] [/a <AdminEmail>] [/DP <FQDN>]

Add a Stub Zone

A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative Domain Name System (DNS) servers for that zone. Typically, you use a stub zone to resolve names between separate DNS namespaces.

Adding a stub zone

Using the Windows interface

Using a command line

To add a stub zone using the Windows interface

Open DNS Manager.

In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.

Follow the instructions to create a new stub zone.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS. 

The stub zone cannot be hosted on a DNS server that is authoritative for the same zone.

If you integrate the stub zone into Active Directory Domain Services(AD DS), you have the option to specify that the DNS server hosting the stub zone uses a local list of master servers when it updates the stub zone's resource records, rather than having the DNS server use the master servers list that is stored in AD DS. If you want to use a local master servers list, you must have the IP addresses of the local master servers. 

To add a stub zone using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneAdd <ZoneName> {/Stub|/DsStub} <MasterIPaddress...> [/file <FileName>] [/load] [/DP <FQDN>]

Change the Zone Type

You can use this procedure to change make a zone a primary, secondary, or stub zone. You can also use it to integrate a zone with Active Directory Domain Services (AD DS).

Changing the zone type

Using the Windows interface

Using a command line

To change the zone type using the Windows interface

Open DNS Manager.

In the console tree, right-click the applicable zone, and then select Properties.

On the General tab, note the current zone type, and then click Change.

In Change Zone Type, select a zone type other than the current zone type, and then click OK.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS. 

You can select either Primary zone, Secondary zone or Stub zone. When you select the secondary or stub zone types, you must specify the IP address of another Domain Name System (DNS) server to be used as the source for obtaining updated information for the zone.

If the DNS server computer is operating as a domain controller, the option to store the zone in AD DS is available. This option is not otherwise available. When this zone type is selected for use, zone data is stored and replicated as part of the AD DS database.

Changing a zone from a secondary to primary type can affect other zone activities, including management of dynamic updates and zone transfers and the use of DNS notify lists to notify other servers about changes in the zone.

Changing a zone from stub to primary or the reverse is not recommended. This contradicts the purpose of stub zones. 

Changing the DNS zone type or storage can be time consuming for large zones.

To change the zone type using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneResetType <ZoneName Property> [<MasterIPaddress...>] [/file <FileName>] {/OverWrite_Mem|/OverWrite_Ds|/DirectoryPartition <FQDN>}

Change the Zone Replication Scope

You can use the following procedure to change the replication scope for a zone. Only Active Directory Domain Services (AD DS)-integrated primary and stub forward lookup zones can change their replication scope. Secondary forward lookup zones cannot change their replication scope.

Changing zone replication scope

Using the Windows interface

Using a command line

To change zone replication scope using the Windows interface

Open DNS Manager.

In the console tree, right-click the applicable zone, and then click Properties.

On the General tab, note the current zone replication type, and then click Change.

Select a replication scope for the zone.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

To change zone replication scope using the command line

At a command prompt, type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneChangeDirectoryPartition <ZoneName> <NewPartitionName>

Modify Security for a Directory-Integrated Zone

You can manage the discretionary access control list (DACL) on the DNS zones that are stored in Active Directory Domain Services (AD DS). You can use the DACL to control the permissions for the Active Directory users and groups that may control the DNS zones.

Membership in DnsAdmins or Domain Admins in AD DS, or the equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To modify security for a directory-integrated zone

Open DNS Manager.

In the console tree, click the applicable zone.

Where?

DNS/applicable DNS server/Forward Lookup Zones (or Reverse Lookup Zones)/applicable zone

On the Action menu, click Properties.

On the General tab, verify that the zone type is Active Directory-integrated.

On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable zone and reset their permissions as needed.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

Secure dynamic updates are supported only for zones that are stored in AD DS.

The security settings determine who can administer the zone, but they do not affect dynamic updates to the zone. To apply security settings for dynamic updates, see "Additional references."

Modify Zone Transfer Settings

You can use the following procedure to control whether a zone will be transferred to other servers and which servers can receive the zone transfer.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

Modifying zone transfer settings

Using the Windows interface

Using a command line

To modify zone transfer settings using the Windows interface

Open DNS Manager.

Right-click a DNS zone, and then click Properties.

On the Zone Transfers tab, do one of the following:

To disable zone transfers, clear the Allow zone transfers check box.

To allow zone transfers, select the Allow zone transfers check box.

If you allowed zone transfers, do one of the following:

To allow zone transfers to any server, click To any server.

To allow zone transfers only to the DNS servers that are listed on the Name Servers tab, click Only to servers listed on the Name Servers tab.

To allow zone transfers only to specific DNS servers, click Only to the following servers, and then add the IP address of one or more DNS servers.

Additional considerations

To open DNS Manager, click Start, point to Administrative Tools, and then click DNS. 

To improve the security of your DNS infrastructure, allow zone transfers only for either the DNS servers in the name server (NS) resource records for a zone or for specified DNS servers. If you allow any DNS server to perform a zone transfer, you are allowing internal network information to be transferred to any host that can contact your DNS server.

To modify zone transfer settings using a command line

Open a command prompt.

Type the following command, and then press ENTER:

dnscmd <ServerName> /ZoneResetSecondaries <ZoneName> {/NoXfr | /NonSecure | /SecureNs | /SecureList [<SecondaryIPAddress...>]}

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.