Windows Server 2008 | Todd's Blog

Windows Server Administration 70-646 – Chapter 2 Lesson 2 – DNS

posted on March 9, 2009

This lesson from the book covers configuring DNS.

Goals of this lesson are:

List and explain Windows Server 2008 DNS features
List and explain Windows Server 2008 enhancements to DNS
Configure static IPv6 DNS records
Configure an IPv6 Reverse Lookup Zone
Administer DNS using the MMC snap-in and command-line tools

Using Windows Server 2008 DNS

Compliance and Support

Windows 2003 retains all the features introduced in Windows Server 2003. DNS is automatically installed if you install AD DS role and a DNS server that meets AD DS requirements cannot be found. Windows Server 2008 supports stub zones. Stub zones is a copy of a zone that only contains the records needed to identify the authoritative DNS servers for that zone. (I use stub zones for identifying records on my corporate forest from the library services forest.)

Zone Replication

DNS zones are replicated between DNS servers which helps for failover and load balancing. Prior to Windows Server 2003 a full zone transfer was required replicate any changes from the primary to the secondary DNS. Introduced in Windows Server 2003 is the ability to transfer only the delta changes. You can also restrict to which servers Zone transfers are allowed.

DNS Forwarders

DNS servers to which other DNS servers forward requests are known as forwarders. you have a few options to configuring. you can forward all unresolved requests to another DNS server or you can forward a selective request. (I.e., requests for domain tailspintoys.com is forwarded to a specific server)

Administering DNS

There is several ways to administer DNS. One way is to use DNS Manager MMC Gui, another way is to use the dnscmd tool. If you need to troubleshoot, use command like nslookup or ipconfig to help with resolving the problems.

DNS Records

Common IPv4 DNS records types include A, SOA, PTR, CNAME, NS, MX. A host record for a IPv6 is AAAA. If an IPv6 client cannot create its own record then you will need to by creating a AAAA record.

New DNS Features and Enhancements

Background zone loading
Support for Read-Only Domain Controllers (RODCs)
Global Single Names
IPv6 support

Background Zone Loading

This new feature allows Windows Server 2008 DNS servers to be available to resolve DNS requests sooner than Windows Server 2003 by loading zones in the background.

Supporting RODCs

Advised to be used where the physical security of the server cannot be secured. Only keeps a read only copy of the Active Directory partitions.

Using GlobalNames DNS Zone

While WINS is still available in Windows Server 2008, the suggested replacement for WINS is to use the GlobalNames zone. Not used for peer-to-peer name resolution.

Supporting IPv6 Addresses

Fully supported in Windows Server 2008.

Planning a DNS Infrastructure

Planning a DNS Namespace

you can use a corporate namespace for both internal and external portions of the network.
you can use delegated namespaces to identify the internal namespace (Internal.tailspintoys.com). maximum length of a FQDN is 255 bytes, FQDNs for DCs are limited to 155 bytes.
You can use completely seperate domain names for internal and external namespaces. tailspintoys.internal and external.tailspintoys.com

Planning DNS Zone Type

This section talks about using Active Directory integrated zones for internal name resolution. You can also use standard primary zones where access to the AD database is seen as a security risk. Secondary zones can be used in remote locations to speed up name resolution.

Planning DNS Forwarding

Use conditional forwarding if you want to have internal name resolution forwarded to a master server. You can also configure servers to forward internet name request to one server. Exam Tip – Forwarding servers rely on recursion.

Next lesson – Active Directory and Group Policy

*Disclaimer:

My notes in helping me prepare for the 70-646 Exam, PRO: Windows Server 2008, Server Administrator are just those, notes and I am trying to help highlight what is covered in the book, not replicate it. If you want to pass the exam, you will need more than just these notes to pass. I suggest you get a good book and get familiar with the product. The expectation is that you have about one year of experience with Windows 2008 Server (your mileage may vary) when writing this exam. The book I am using for my preparation and where I am drawing the information for these notes is the Microsoft Press book, MCITP Exam Prep 70-646: Windows Server Administration; ISBN: 0735625107.

Windows Server Administration 70-646 – Chapter 2 Lesson 1

posted on March 2, 2009

This lesson covers IPv6 and its use in Windows Server 2008.

Using IPv6 in Windows Server 2008

IPv6 Addresses problems in IPv4

Automatic Address Configuration – Stateful hosts use DHCPv6. Stateless hosts configure themselves.
Header Size – Non-essential and optional fields are found in extension headers.
Routing Table Size – Designed to be more efficient.
Network Level Security – IPSec is now mandatory.
Real Time Data Delivery – payload encryption does not affect QoS.
Removal of Broadcast Traffic – Neighbour discovery replaces ARP broadcasts, ICMPv4, Router Discovery and ICMPv4 redirect messages.
IPV6 Address Structure
IPv6 Address Syntax

IPv6 is a 128-address divided into 16-bit boundaries. Each 16 bit block is converted to a 4 bit hex number and colons are used to separate the bits. Leading zeros can be removed and long sequences of zeros can be compressed. For example 21cd:0048:0000:0000:03ac:ae45:8e4c can be expressed as 21cd:48::3ac:ae45:8e4c

IPv6 Address Prefix

Like we do in IPv4 and express subnets as 192.168.12.0/24, we can also do this in IPv6 and would look like 21cd:53::/64

IPv6 Address Types

Unicast
Multicast
Anycast

IPv6 Unicast Addresses

Global
Link-Local
Site-Local
Special
Network Service Access Point and Internet Packet Exchange mapped addresses

Planning an IPv4 to IPv6 Transition Strategy

Those Strategies include:

Dual Stack Transition
Configured Tunneling Transition
Automatic Tunneling
6to4
Teredo
Intra-Site Automatic Tunnel Addressing Protocol

Implementing IPv4-to-IPv6 Compatibility

IPv4 Compatible Address
IPv4 Mapped Address
Teredo Address
ISATAP Addresses

Using IPv6 Tools

Ping works by specifying the IPv6 address. IPconfig /all will show you the IPv6 setting and IPv4 settings. Netsh interface ipv6 – ipv6 added to netsh interface commands specifies the IPv6 stack

Configuring Clients through DHCPv6

Configuring a DHCPv6 scope is very much the same as configuring an IPv4 DHCP scope. Page 87 of the book goes through a great description of configuring DHCPv6. Remember the 80/20 rule.

Planning an IPv6 Network

There are three steps to planning your IPv6 network. First step is to identify and analyze hardware requirements. Look at all the hardware you have and identify if it will all work with IPv6. If not, will you replace this hardware or continue to support the hardware.

The second step is to analyze software and application requirements. Does everything work with IPv6? If not, how will you support these applications?

Finally your last step is to document the requirements. How many sites are there, how should the prefix allocation be delegated, etc. These three steps will take a lot of time but once complete, you can draw up the project plan. Project planning isn’t covered in this lesson.

That’s all for Chapter 2, Lesson 1. There is a lot of information to digest there and for most of us, its relatively new and will take some time work through and understand it. Lesson 2 of the chapter covers Configuring DNS.

*Disclaimer:

Windows Server Administration 70-646 – Chapter 1 Lesson 2

posted on February 23, 2009

Continuing on in Chapter 1 brings us to Lesson 2.

In this lesson the book looks at:

Windows Server 2008 Answer Files
Windows Deployment Services
Multicast, Scheduled and Automatic Deployment
Windows Deployment Services Images
WDS and Product Activation
Rollback Preparation

Windows Server 2008 Answer Files

The first part of the lesson covers the answer file. If you want to create an answer file the recommendation is to download the Windows System Image Manager (Windows SIM) which is included in the Windows Automated Installation Kit (WAIK). Once you are done save the autounattended.xml file to a removable media. Windows Server 2008 setup as part of its routine, will look for this file on a removable media. If you are running setup.exe from a network location the if mapping the location on the file as X:, the setup command is setup.exe /unattend:x:\autounattended.xml

Windows Deployment Services

The next part of the lesson covers WDS. WDS cannot be installed onto a computer running Server Core. WDS requires that it be installed to a computer which is a member of an Active Directory domain. A DNS server is required along with a DHCP server and a NTFS partition for storing images. If a DHCP server is running on the same machine as WDS, configure WDS not to listen on port 67. You also need to add option tag 60 on your DHCP server so PXE clients are able to detect the WDS server. In the GUI you can also change Multicast settings, add an unattended xml file and you can configure how the WDS server will respond to PXE request. The three responses are:

Do not respond to Any Client
Respond only to known Client Computers
Respond to All (Known and Unknown) Client Computers

Multicast, Scheduled and Automatic Deployment

This section covers setting up WDS to use multicast and the benefits of using it. The main benefit is it allows a reduction of network bandwidth for multiple installs. Scheduling allows an admin to limit impact on a companies network bandwidth during peak time and allows the install to be scheduled for off-peak time. Auto-cast means to install as soon as a client asks for an install image.

Windows Deployment Services Images

There are two types of images, boot images and install images. You will need separate images for x64, x32 and Itanium. Boot images are used to boot a computer prior to installing an operating system. Discover images are created for booting a computer without a PXE enabled network card from media (USB, Floppy, CD or DVD)

WDS and Product Activation

There are to types of keys, Multiple Activation Key (MAK) and Key Management System (KMS). MAK allows for a specific number of activations against a key. A MAK proxy allows for a single connection Microsoft’s activation servers. Independent Activation requires each computer connects to Microsoft.

KMS activation uses a server in your environment which computers must authenticate against every 180 days. You also need to have at least 25 computers before activation can occur.

Rollback Preparation

You can rollback an upgrade of Windows Server 2003 to Windows Server 2008 if something goes wrong during installation. Once there is a successful login to Windows Server 2008, you cannot rollback. If you need to rollback then one must follow the procedure for disaster recovery under Windows Server 2003.

The next chapter covers IPV6 and configuring the Domain Name System

*Disclaimer: